Home >Java >javaTutorial >How SpringBoot encrypts the SQL account password of the configuration file
<dependency> <groupId>com.github.ulisesbocchio</groupId> <artifactId>jasypt-spring-boot-starter</artifactId> <version>2.1.0</version> </dependency>
because the tool uses this password for encryption or decryption. Therefore, you must ensure that the encrypted string in the configuration is encrypted with the same password, otherwise it will not be decrypted when the project is started.
jasypt: encryptor: password: 123456
encrypt the original information in the test case. The method of use is very simple. The simple Demo is as follows:
@RunWith(SpringRunner.class) @SpringBootTest @WebAppConfiguration public class Test { @Autowired StringEncryptor encryptor; @Test public void getPass() { #直接调用加密的方法 String mysql = encryptor.encrypt("mysql-username|mysql-password"); } }
Such as the "mysql" string above
url: ENC(mysql==) username: ENC(mysql==) password: ENC(mysql=)
Pay attention to ENC ( ) is a fixed way of writing, and mysql== is your encrypted corresponding string.
In this way, you can pretend to encrypt sensitive information, hahaha, the reason why I say pretend. Many people may be confused by this issue because the encrypted password is stored in the configuration file in clear text and can be easily decrypted by anyone.
Yes, that is indeed the case. This kind of encryption method can only be said to not allow people to see the account password at once.
Even if the data is encrypted, it is meaningless after the hacker obtains access to your project, because encryption is just a false security measure. Therefore, it is the most basic and important to ensure the security of projects and servers.
OK!OK!OK!
Students in development all know that, for example, project dependency information and database information are generally saved in the configuration file , and they are all plain text, so encryption processing is required. Today I will introduce the configuration of jasypt integrated with springboot encryption.
First of all, these are based on the premise that your springboot project can run normally.
A version is provided here
<dependency> <groupId>com.github.ulisesbocchio</groupId> <artifactId>jasypt-spring-boot-starter</artifactId> <version>2.1.0</version> </dependency>
Find the jasypt jar package in your local maven warehouse, and open the cmd command window in that directory, as shown in the figure:
Execute
java -cp jasypt-1.9.2.jar org.jasypt.intf.cli.JasyptPBESTringEncryptionCLI input="test" password=test algorithm=PBEWithMD5AndDES
where Input is your plain text password, here I am demonstrating test, password is your private key, algorithm is a rule, do not change it! ! ! . After execution, as shown in the figure:
# Briefly explain, the OUTPUT here is the encrypted ciphertext (password). Here is a method to copy text using cmd (because I didn’t know how to copy using cmd at first): right-click the mouse to mark and select the content you want to copy, and then you can copy it.
Here I use the application.yml file, and the application.properties file is written like this :jasypt.encryptor.password=test.
But what is actually used is System.setProperty("jasypt.encryptor.password", "demo"); in the startup class to reassign the value between this node, which will help protect the private key again (if If anyone has a better solution, please leave a message in time and we can discuss it together.)
Note: The first password in the above picture corresponds to the password in ARGUEMENTS in the second step. , the second password corresponds to the result in OUTPUT in the second step, and the form must be added with ENC (you password), as shown in the figure.
Execute the command
java -cp jasypt-1.9.2.jar org.jasypt.intf.cli.JasyptPBESTringDecryptionCLI input="nhyL4CzSQv/aPxoe7TzpOQ==" password=test algorithm=PBEWithMD5AndDES
The result is as shown below:
At the end, the integration of springboot and jasypt is completed. It seems to be quite easy to implement, haha. But one thing to note is that you must not leak your configuration file (especially the password in ARGUMENTS, which is equivalent to the private key), otherwise others can decrypt your password through the fourth step. It is recommended to put the configuration file in Configuration Center
The above is the detailed content of How SpringBoot encrypts the SQL account password of the configuration file. For more information, please follow other related articles on the PHP Chinese website!