1. The background

Do you know the username and password of your production database?

What, you know that? Take a look at how to encrypt it to prevent password leakage.

2.Jasypt

The easiest way to use Jasypt is using its easy encryption tools, which are called the utils, because they live in the org.jasypt.util package.

They are called utils because they are ready-to-use, preconfigured digesters and encryptors you can use without knowing much about their configuration.

3.jasypt-spring-boot

Jasypt Spring Boot provides Encryption support for property sources in Spring Boot Applications.

4. Easy version – Quick to use

Let’s start with the simplest version to see how it works.

1. Add the Maven plugin

Add the following plugin to pom.xml in the module of the configuration file we want to encrypt

						<plugin>
                <groupId>com.github.ulisesbocchio</groupId>
                <artifactId>jasypt-maven-plugin</artifactId>
                <version>3.03.</version>
            </plugin>
Copy the code

2. Modify the character string to be encrypted in the configuration file

DEC() is used to wrap database usernames and passwords

spring.datasource.username=DEC(root)
spring.datasource.password=DEC(admin)
Copy the code

3. Run the Maven plugin plugin command to encrypt the configuration file

Switch to the module directory where the plugin was configured and execute the following command

mvn jasypt:encrypt -Djasypt.encryptor.password="the password"
Copy the code

After success, we can see that the configuration file to be encrypted, changed to the following, this time people get your code, also do not know what the username and password is, and done.

spring.datasource.username=ENC(/xSAK8u53npb+F+hH+DpvcVzE0qm5ubh5BhLgqyWK1mFzSz1MVzKvu/NlEKGl/Iy)
spring.datasource.password=ENC(BHUN3TvKMaerfSOiFfCrxyGHAyYxB3qOzstn/eqaXA54WlYCairCTAjrY+68TA4w)
Copy the code

4. Configure the password for decryption and start the project

Can the project still start with this configuration file? Sure, but we need to specify the password that is passed in when the Maven plugin is executed.

--jasypt.encryptor.password="the password"
Copy the code

I tested with IDEA, so I filled in the parameters in Program Arguablyments, as shown below:

Is it very simple, want to simple test, source address below.

5, Advanced version – custom encryption algorithm

Sometimes, the default encryption algorithm security level is not appropriate, this time we need to customize the encryption algorithm, come on!

Implement the Encryption and decryption method on the StringEncryptor interface

Note the addition of the @component annotation, encryption, decryption in the sample code to demonstrate the effect, a simple string substitution is used.

@Component
public class MyStringEncryptor implements StringEncryptor {
    @Override
    public String encrypt(String s) {
        switch (s) {
            case "root":
                return "root-en";
            case "admin":
                return "admin-en";
        }

        return null;
    }

    @Override
    public String decrypt(String s) {
        switch (s) {
            case "root-en":
                return "root";
            case "admin-en":
                return "admin";
        }
        return null; }}Copy the code

2. Modify the configuration file and manually configure the encrypted character string

At this time, we can not use the plug-in command to encrypt, we need to manually encrypt, the project is only responsible for decryption

spring.datasource.username=ENC(root-en)
spring.datasource.password=ENC(admin-en)
Copy the code

3. Specify our encryption and decryption class

jasypt.encryptor.bean=myStringEncryptor
Copy the code

4. Start the project

--jasypt.encryptor.password="the password"
Copy the code

6. Practice code

The code has been uploaded to github, github.com/zmdstr/jasy…

7. Refer to articles and recommended reading

jasypt

jasypt-spring-boot