scenario
Currently, spring-boot is used for development. For example, the passwords of database mysql, Redis and other related basic services are still configured in the application services in plain text. Therefore, it is difficult to guarantee the data security of the whole company, so a method is needed to solve the problem of exposing the passwords
The solution
Searching on the Internet, I finally found that there was a tool class Jar (Jasypt) of encryption algorithm provided by three parties, and the project address was github
The usage is as follows
Take the Spring-Boot project as an example
- The first step is to introduce the associated dependencies
<dependency> <groupId>com.github.ulisesbocchio</groupId> <artifactId>jasypt-spring-boot-starter</artifactId> The < version > 3.0.2 < / version > < / dependency >Copy the code-
Step 2 download the corresponding JAYpt JAR package
Maven download
-
Step 3 Run the following command to encrypt sensitive data
Java - cp jasypt - 1.9.3. Jar org. Jasypt. Intf. Cli. JasyptPBEStringEncryptionCLI password = bq71wIW5Lpzqqm3Y algorithm=PBEWithMD5AndDES input=rootCopy the codeThe parameter
| The parameter value | meaning |
|---|---|
| password | Encryption of salt |
| algorithm | The algorithm used for encryption |
| input | The field to encrypt |
The following output is displayed:
----ENVIRONMENT-----------------
Runtime: Oracle Corporation Java HotSpot(TM) 64-Bit Server VM 25.111-b14
----ARGUMENTS-------------------
input: root
algorithm: PBEWithMD5AndDES
password: bq71wIW5Lpzqqm3Y
----OUTPUT----------------------
yrRYydkan5GPHrUP5oNDzA==
Copy the code-OUTPUT- Indicates the OUTPUT under the encrypted string
- Step 4 Configure the properties or YAML file and configure ENC(encryption string) to application.properties or applicaition.yml
spring:
datasource:
driver-class-name: com.mysql.cj.jdbc.Driver
hikari:
auto-commit: true
connection-test-query: SELECT 1
connection-timeout: 30000
idle-timeout: 30000
max-lifetime: 1800000
maximum-pool-size: 15
minimum-idle: 5
pool-name: DatebookHikariCP
password: ENC(zStr9GBzu706rMHZJIEm6rbMSzQLHqTk)
type: com. Zaxxer. Hikari. HikariDataSource url: JDBC: mysql: / / 127.0.0.1:3306 / dive? useUnicode=true&characterEncoding=UTF-8&autoReconnect=true&useSSL=false&zeroDateTimeBehavior=convertToNull
username: ENC(yrRYydkan5GPHrUP5oNDzA==)
Copy the code- Step 5 When starting the project, add the command parameters, using the salt used in the encryption above as the parameter
java -jar -Djasypt.encryptor.password=bq71wIW5Lpzqqm3Y xxx.jar
Copy the code