How Springboot integrates Jasypt to implement configuration file encryption

Introduction to Jasypt

Jasypt is a java library that allows a developer to add basic encryption functionality to his/her project with minimal effort and does not require a deep understanding of how encryption works

High-security, standards-based encryption technology for one-way and two-way encryption. Encrypt passwords, text, numbers, binary files...

Suitable for integration into Spring-based applications, open API, for any JCE provider...

Add the following dependencies:

    <dependency>
        <groupId>com.github.ulisesbocchio</groupId>
        <artifactId>jasypt-spring-boot-starter</artifactId>
        <version>2.1.1</version>
    </dependency>

Benefits of Jasypt

Protect the security of our system. Even if the code is leaked, the absolute security of the data source can be guaranteed.

Application Scenario

Encrypt all account passwords in the configuration file, as well as the things you want to encrypt.

How to use

Use the key to encrypt or decrypt the account or password, and decrypt the ciphertext when the project is started.

Practical use

Encryption and decryption tool class

import org.jasypt.util.text.BasicTextEncryptor;
/********************************************************************************
 ** @author ： ZYJ
 ** @date ：2023/04/26
 ** @description ：Jasypt加密解密
 *********************************************************************************/
public class Jasypt {
    public static void main(String[] args) {
        BasicTextEncryptor basicTextEncryptor = new BasicTextEncryptor();
        //加密的密钥
        basicTextEncryptor.setPassword("Jasypt");
        //密码进行加密
        String encrypt = basicTextEncryptor.encrypt("密码:123456");
        //密码进行解密
        String decrypt = basicTextEncryptor.decrypt(encrypt);
        //结果输出
        System.out.println("加密后的结果:"+encrypt);
        System.out.println("加密后的结果:"+decrypt);
    }
}

Modify the configuration file, encrypt the database account password, use ENC() to include the ciphertext, put it in brackets, use The meaning of ENC() is to decrypt and load at startup.

Configure the key in the configuration file application.yml and use the specified key to decrypt

jasypt:
  encryptor:
    password: Jasypt

However, this method is not advisable because the code leaks the account password It is no different from plain text. You can configure the key in the environment variable and load it directly as a system environment variable! !

The key is specified through the environment variable. Modify the configuration file and replace the key with the environment variable name. In the form of ${environment variable name}, find the variable value through the environment variable name at startup. That is our key! ! !

jasypt:
encryptor:
#Environment variable variable name
password: ${JASYPT_PASSWORD}

Windows environment variable mode specification

Note: After configuring environment variables in Windows, you need to close IDEA and reopen it to let it load the environment variables.

Specify the Linux environment variable method

Edit the environment variable file

vim /etc/profile

Add at the bottom

export JASYPT_PASSWORD=Jasypt

Save and exit refresh environment variables

source /etc /profile

The above is the detailed content of How Springboot integrates Jasypt to implement configuration file encryption. For more information, please follow other related articles on the PHP Chinese website!