Option 1. Use the druid database connection pool to encrypt the database password
1. Introduce the druid package into pom.xml
In order to facilitate other operations, the druid starter is directly introduced here
<dependency>
<groupId>com.alibaba</groupId>
<artifactId>druid-spring-boot-starter</artifactId>
<version>${druid.version}</version>
</dependency>2. Use com.alibaba.druid.filter.config.ConfigTools to generate public and private keys
ps: There are two ways to generate, one is generated using the command line, and the other is directly Write a tool class to generate. The example in this article directly uses the tool class to generate
The tool class code is as follows
/**
* alibaba druid加解密规则:
* 明文密码+私钥(privateKey)加密=加密密码
* 加密密码+公钥(publicKey)解密=明文密码
*/
public final class DruidEncryptorUtils {
private static String privateKey;
private static String publicKey;
static {
try {
String[] keyPair = ConfigTools.genKeyPair(512);
privateKey = keyPair[0];
System.out.println(String.format("privateKey-->%s",privateKey));
publicKey = keyPair[1];
System.out.println(String.format("publicKey-->%s",publicKey));
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (NoSuchProviderException e) {
e.printStackTrace();
}
}
/**
* 明文加密
* @param plaintext
* @return
*/
@SneakyThrows
public static String encode(String plaintext){
System.out.println("明文字符串:" + plaintext);
String ciphertext = ConfigTools.encrypt(privateKey,plaintext);
System.out.println("加密后字符串:" + ciphertext);
return ciphertext;
}
/**
* 解密
* @param ciphertext
* @return
*/
@SneakyThrows
public static String decode(String ciphertext){
System.out.println("加密字符串:" + ciphertext);
String plaintext = ConfigTools.decrypt(publicKey,ciphertext);
System.out.println("解密后的字符串:" + plaintext);
return plaintext;
}3. Modify the database configuration file content information
a, modify the password
Replace the password with the password generated by the DruidEncryptorUtils tool class
password: ${DATASOURCE_PWD:HB5FmUeAI1U81YJrT/T6awImFg1/Az5o8imy765WkVJouOubC2H80jqmZrr8L9zWKuzS/8aGzuQ4YySAkhywnA==}b, open the filter config
filter:
config:
enabled: truec, configure the connectionProperties attribute
connection-properties: config.decrypt=true;config.decrypt.key=${spring.datasource.publickey}ps: spring.datasource.publickey is the public key generated by the tool class
Appendix: Complete database configuration
spring:
datasource:
type: com.alibaba.druid.pool.DruidDataSource
driverClassName: com.mysql.cj.jdbc.Driver
url: ${DATASOURCE_URL:jdbc:mysql://localhost:3306/demo?useUnicode=true&characterEncoding=utf8&useSSL=false&serverTimezone=Asia/Shanghai}
username: ${DATASOURCE_USERNAME:root}
password: ${DATASOURCE_PWD:HB5FmUeAI1U81YJrT/T6awImFg1/Az5o8imy765WkVJouOubC2H80jqmZrr8L9zWKuzS/8aGzuQ4YySAkhywnA==}
publickey: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAIvP9xF4RCM4oFiu47NZY15iqNOAB9K2Ml9fiTLa05CWaXK7uFwBImR7xltZM1frl6ahWAXJB6a/FSjtJkTZUJECAwEAAQ==
druid:
# 初始连接数
initialSize: 5
# 最小连接池数量
minIdle: 10
# 最大连接池数量
maxActive: 20
# 配置获取连接等待超时的时间
maxWait: 60000
# 配置间隔多久才进行一次检测,检测需要关闭的空闲连接,单位是毫秒
timeBetweenEvictionRunsMillis: 60000
# 配置一个连接在池中最小生存的时间,单位是毫秒
minEvictableIdleTimeMillis: 300000
# 配置一个连接在池中最大生存的时间,单位是毫秒
maxEvictableIdleTimeMillis: 900000
# 配置检测连接是否有效
validationQuery: SELECT 1 FROM DUAL
testWhileIdle: true
testOnBorrow: false
testOnReturn: false
webStatFilter:
enabled: true
statViewServlet:
enabled: true
# 设置白名单,不填则允许所有访问
allow:
url-pattern: /druid/*
# 控制台管理用户名和密码
login-username:
login-password:
filter:
stat:
enabled: true
# 慢SQL记录
log-slow-sql: true
slow-sql-millis: 1000
merge-sql: true
wall:
config:
multi-statement-allow: true
config:
enabled: true
connection-properties: config.decrypt=true;config.decrypt.key=${spring.datasource.publickey}Option 2: Use jasypt to set the database password Encryption
1. Introduce the jasypt package into pom.xml
<dependency>
<groupId>com.github.ulisesbocchio</groupId>
<artifactId>jasypt-spring-boot-starter</artifactId>
<version>${jasypt.verison}</version>
</dependency>2. Use the tool class provided by jasypt to encrypt the plain text password
The encryption tool class is as follows
public final class JasyptEncryptorUtils {
private static final String salt = "lybgeek";
private static BasicTextEncryptor basicTextEncryptor = new BasicTextEncryptor();
static {
basicTextEncryptor.setPassword(salt);
}
private JasyptEncryptorUtils(){}
/**
* 明文加密
* @param plaintext
* @return
*/
public static String encode(String plaintext){
System.out.println("明文字符串:" + plaintext);
String ciphertext = basicTextEncryptor.encrypt(plaintext);
System.out.println("加密后字符串:" + ciphertext);
return ciphertext;
}
/**
* 解密
* @param ciphertext
* @return
*/
public static String decode(String ciphertext){
System.out.println("加密字符串:" + ciphertext);
ciphertext = "ENC(" + ciphertext + ")";
if (PropertyValueEncryptionUtils.isEncryptedValue(ciphertext)){
String plaintext = PropertyValueEncryptionUtils.decrypt(ciphertext,basicTextEncryptor);
System.out.println("解密后的字符串:" + plaintext);
return plaintext;
}
System.out.println("解密失败");
return "";
}
}3. Modify the database configuration file content information
a. Use ENC to wrap the encrypted string generated by JasyptEncryptorUtils
password: ${DATASOURCE_PWD:ENC(P8m43qmzqN4c07DCTPey4Q==)}b. Configure the key and specify encryption and decryption Algorithm
jasypt:
encryptor:
password: lybgeek
algorithm: PBEWithMD5AndDES
iv-generator-classname: org.jasypt.iv.NoIvGeneratorBecause my tool class uses encryption and decryption, the tool class is BasicTextEncryptor, and its corresponding configuration encryption and decryption is PBEWithMD5AndDES and org.jasypt.iv.NoIvGenerator
ps: In a production environment, it is recommended to configure the key as follows to avoid key leakage
java -jar -Djasypt.encryptor.password=lybgeek
Appendix: Complete database configuration
spring:
datasource:
type: com.alibaba.druid.pool.DruidDataSource
driverClassName: com.mysql.cj.jdbc.Driver
url: ${DATASOURCE_URL:ENC(kT/gwazwzaFNEp7OCbsgCQN7PHRohaTKJNdGVgLsW2cH67zqBVEq7mN0BTIXAeF4/Fvv4l7myLFx0y6ap4umod7C2VWgyRU5UQtKmdwzQN3hxVxktIkrFPn9DM6+YahM0xP+ppO9HaWqA2ral0ejBCvmor3WScJNHCAhI9kHjYc=)}
username: ${DATASOURCE_USERNAME:ENC(rEQLlqM5nphqnsuPj3MlJw==)}
password: ${DATASOURCE_PWD:ENC(P8m43qmzqN4c07DCTPey4Q==)}
druid:
# 初始连接数
initialSize: 5
# 最小连接池数量
minIdle: 10
# 最大连接池数量
maxActive: 20
# 配置获取连接等待超时的时间
maxWait: 60000
# 配置间隔多久才进行一次检测,检测需要关闭的空闲连接,单位是毫秒
timeBetweenEvictionRunsMillis: 60000
# 配置一个连接在池中最小生存的时间,单位是毫秒
minEvictableIdleTimeMillis: 300000
# 配置一个连接在池中最大生存的时间,单位是毫秒
maxEvictableIdleTimeMillis: 900000
# 配置检测连接是否有效
validationQuery: SELECT 1 FROM DUAL
testWhileIdle: true
testOnBorrow: false
testOnReturn: false
webStatFilter:
enabled: true
statViewServlet:
enabled: true
# 设置白名单,不填则允许所有访问
allow:
url-pattern: /druid/*
# 控制台管理用户名和密码
login-username:
login-password:
filter:
stat:
enabled: true
# 慢SQL记录
log-slow-sql: true
slow-sql-millis: 1000
merge-sql: true
wall:
config:
multi-statement-allow: true
jasypt:
encryptor:
password: lybgeek
algorithm: PBEWithMD5AndDES
iv-generator-classname: org.jasypt.iv.NoIvGeneratorOption 3: Custom implementation
Implementation principle: Use spring post-processor to modify DataSource
1. Customize encryption and decryption tool class
/**
* 利用hutool封装的加解密工具,以AES对称加密算法为例
*/
public final class EncryptorUtils {
private static String secretKey;
static {
secretKey = Hex.encodeHexString(SecureUtil.generateKey(SymmetricAlgorithm.AES.getValue()).getEncoded());
System.out.println("secretKey-->" + secretKey);
System.out.println("--------------------------------------------------------------------------------------");
}
/**
* 明文加密
* @param plaintext
* @return
*/
@SneakyThrows
public static String encode(String plaintext){
System.out.println("明文字符串:" + plaintext);
byte[] key = Hex.decodeHex(secretKey.toCharArray());
String ciphertext = SecureUtil.aes(key).encryptHex(plaintext);
System.out.println("加密后字符串:" + ciphertext);
return ciphertext;
}
/**
* 解密
* @param ciphertext
* @return
*/
@SneakyThrows
public static String decode(String ciphertext){
System.out.println("加密字符串:" + ciphertext);
byte[] key = Hex.decodeHex(secretKey.toCharArray());
String plaintext = SecureUtil.aes(key).decryptStr(ciphertext);
System.out.println("解密后的字符串:" + plaintext);
return plaintext;
}
/**
* 明文加密
* @param plaintext
* @return
*/
@SneakyThrows
public static String encode(String secretKey,String plaintext){
System.out.println("明文字符串:" + plaintext);
byte[] key = Hex.decodeHex(secretKey.toCharArray());
String ciphertext = SecureUtil.aes(key).encryptHex(plaintext);
System.out.println("加密后字符串:" + ciphertext);
return ciphertext;
}
/**
* 解密
* @param ciphertext
* @return
*/
@SneakyThrows
public static String decode(String secretKey,String ciphertext){
System.out.println("加密字符串:" + ciphertext);
byte[] key = Hex.decodeHex(secretKey.toCharArray());
String plaintext = SecureUtil.aes(key).decryptStr(ciphertext);
System.out.println("解密后的字符串:" + plaintext);
return plaintext;
}
}2. Write post-processor
public class DruidDataSourceEncyptBeanPostProcessor implements BeanPostProcessor {
private CustomEncryptProperties customEncryptProperties;
private DataSourceProperties dataSourceProperties;
public DruidDataSourceEncyptBeanPostProcessor(CustomEncryptProperties customEncryptProperties, DataSourceProperties dataSourceProperties) {
this.customEncryptProperties = customEncryptProperties;
this.dataSourceProperties = dataSourceProperties;
}
@Override
public Object postProcessBeforeInitialization(Object bean, String beanName) throws BeansException {
if(bean instanceof DruidDataSource){
if(customEncryptProperties.isEnabled()){
DruidDataSource druidDataSource = (DruidDataSource)bean;
System.out.println("--------------------------------------------------------------------------------------");
String username = dataSourceProperties.getUsername();
druidDataSource.setUsername(EncryptorUtils.decode(customEncryptProperties.getSecretKey(),username));
System.out.println("--------------------------------------------------------------------------------------");
String password = dataSourceProperties.getPassword();
druidDataSource.setPassword(EncryptorUtils.decode(customEncryptProperties.getSecretKey(),password));
System.out.println("--------------------------------------------------------------------------------------");
String url = dataSourceProperties.getUrl();
druidDataSource.setUrl(EncryptorUtils.decode(customEncryptProperties.getSecretKey(),url));
System.out.println("--------------------------------------------------------------------------------------");
}
}
return bean;
}
}3. Modify the database configuration file content information
a, modify the password
Replace the password with the encrypted password generated by the custom encryption tool class
password: ${DATASOURCE_PWD:fb31cdd78a5fa2c43f530b849f1135e7}b. Specify the key and enable the encryption function
custom:
encrypt:
enabled: true
secret-key: 2f8ba810011e0973728afa3f28a0ecb6ps: Similarly, it is best not to expose secret-key directly in the configuration file. You can specify it with -Dcustom.encrypt.secret-key
Appendix: Complete database configuration
spring:
datasource:
type: com.alibaba.druid.pool.DruidDataSource
driverClassName: com.mysql.cj.jdbc.Driver
url: ${DATASOURCE_URL:dcb268cf3a2626381d2bc5c96f94fb3d7f99352e0e392362cb818a321b0ca61f3a8dad3aeb084242b745c61a1d3dc244ed1484bf745c858c44560dde10e60e90ac65f77ce2926676df7af6b35aefd2bb984ff9a868f1f9052ee9cae5572fa015b66a602f32df39fb1bbc36e04cc0f148e4d610a3e5d54f2eb7c57e4729c9d7b4}
username: ${DATASOURCE_USERNAME:61db3bf3c6d3fe3ce87549c1af1e9061}
password: ${DATASOURCE_PWD:fb31cdd78a5fa2c43f530b849f1135e7}
druid:
# 初始连接数
initialSize: 5
# 最小连接池数量
minIdle: 10
# 最大连接池数量
maxActive: 20
# 配置获取连接等待超时的时间
maxWait: 60000
# 配置间隔多久才进行一次检测,检测需要关闭的空闲连接,单位是毫秒
timeBetweenEvictionRunsMillis: 60000
# 配置一个连接在池中最小生存的时间,单位是毫秒
minEvictableIdleTimeMillis: 300000
# 配置一个连接在池中最大生存的时间,单位是毫秒
maxEvictableIdleTimeMillis: 900000
# 配置检测连接是否有效
validationQuery: SELECT 1 FROM DUAL
testWhileIdle: true
testOnBorrow: false
testOnReturn: false
webStatFilter:
enabled: true
statViewServlet:
enabled: true
# 设置白名单,不填则允许所有访问
allow:
url-pattern: /druid/*
# 控制台管理用户名和密码
login-username:
login-password:
filter:
stat:
enabled: true
# 慢SQL记录
log-slow-sql: true
slow-sql-millis: 1000
merge-sql: true
wall:
config:
multi-statement-allow: true
custom:
encrypt:
enabled: true
secret-key: 2f8ba810011e0973728afa3f28a0ecb6The above is the detailed content of How to encrypt springboot project database password. For more information, please follow other related articles on the PHP Chinese website!
How do I use Maven or Gradle for advanced Java project management, build automation, and dependency resolution?Mar 17, 2025 pm 05:46 PMThe article discusses using Maven and Gradle for Java project management, build automation, and dependency resolution, comparing their approaches and optimization strategies.
How do I create and use custom Java libraries (JAR files) with proper versioning and dependency management?Mar 17, 2025 pm 05:45 PMThe article discusses creating and using custom Java libraries (JAR files) with proper versioning and dependency management, using tools like Maven and Gradle.
How do I implement multi-level caching in Java applications using libraries like Caffeine or Guava Cache?Mar 17, 2025 pm 05:44 PMThe article discusses implementing multi-level caching in Java using Caffeine and Guava Cache to enhance application performance. It covers setup, integration, and performance benefits, along with configuration and eviction policy management best pra
How can I use JPA (Java Persistence API) for object-relational mapping with advanced features like caching and lazy loading?Mar 17, 2025 pm 05:43 PMThe article discusses using JPA for object-relational mapping with advanced features like caching and lazy loading. It covers setup, entity mapping, and best practices for optimizing performance while highlighting potential pitfalls.[159 characters]
How does Java's classloading mechanism work, including different classloaders and their delegation models?Mar 17, 2025 pm 05:35 PMJava's classloading involves loading, linking, and initializing classes using a hierarchical system with Bootstrap, Extension, and Application classloaders. The parent delegation model ensures core classes are loaded first, affecting custom class loa
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
SecLists
SecLists is the ultimate security tester's companion. It is a collection of various types of lists that are frequently used during security assessments, all in one place. SecLists helps make security testing more efficient and productive by conveniently providing all the lists a security tester might need. List types include usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and more. The tester can simply pull this repository onto a new test machine and he will have access to every type of list he needs.
PhpStorm Mac version
The latest (2018.2.1) professional PHP integrated development tool
DVWA
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is very vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, to help web developers better understand the process of securing web applications, and to help teachers/students teach/learn in a classroom environment Web application security. The goal of DVWA is to practice some of the most common web vulnerabilities through a simple and straightforward interface, with varying degrees of difficulty. Please note that this software
Dreamweaver Mac version
Visual web development tools
Dreamweaver CS6
Visual web development tools
