Reprinted in ( https://zhiku8.com/springboot-jasypt.html)

We are clear text in the yml or properties configuration files of the spring boot project, so the security is relatively low. We all know that the configuration file contains some database connection user name and password, some third-party key and other information. So let's be careful. Use it encryption Right.

It uses Jasypt's security framework.

One: introducing jar package into pom.xml

<!-- Jasypt encryption -->
<dependency>
    <groupId>com.github.ulisesbocchio</groupId>
    <artifactId>jasypt-spring-boot-starter</artifactId>
    <version>2.0.0</version>
</dependency>

2. The introduction of our passwodk, also known as key, into the yml configuration file

# Profile encryption key
jasypt:
  encryptor:
    password: panther

Three: create our Toolkit

Code example: JasyptUtils.java

package com.zhuang.common.utils;

import org.jasypt.encryption.pbe.PooledPBEStringEncryptor;
import org.jasypt.encryption.pbe.StandardPBEByteEncryptor;
import org.jasypt.encryption.pbe.config.SimpleStringPBEConfig;

/**
 * @Created with Intellij IDEA
 * @Author : payne
 * @Date : 2018/5/18 - 10:37
 * @Copyright (C), 2018-2018
 * @Descripition : Jasypt Security framework Encryption Toolkit
 */
public class JasyptUtils {

    /**
     * Jasypt Generate encryption results
     *
     * @param password The encryption password set in the configuration file is jasypt.encryptor.password
     * @param value    Value to be encrypted
     * @return
     */
    public static String encryptPwd(String password, String value) {
        PooledPBEStringEncryptor encryptOr = new PooledPBEStringEncryptor();
        encryptOr.setConfig(cryptOr(password));
        String result = encryptOr.encrypt(value);
        return result;
    }

    /**
     * Decrypt
     *
     * @param password The encryption password set in the configuration file is jasypt.encryptor.password
     * @param value    Ciphertext to be decrypted
     * @return
     */
    public static String decyptPwd(String password, String value) {
        PooledPBEStringEncryptor encryptOr = new PooledPBEStringEncryptor();
        encryptOr.setConfig(cryptOr(password));
        String result = encryptOr.decrypt(value);
        return result;
    }

    public static SimpleStringPBEConfig cryptOr(String password) {
        SimpleStringPBEConfig config = new SimpleStringPBEConfig();
        config.setPassword(password);
        config.setAlgorithm(StandardPBEByteEncryptor.DEFAULT_ALGORITHM);
        config.setKeyObtentionIterations("1000");
        config.setPoolSize("1");
        config.setProviderName("SunJCE");
        config.setSaltGeneratorClassName("org.jasypt.salt.RandomSaltGenerator");
        config.setStringOutputType("base64");
        return config;
    }

    public static void main(String[] args) {
        // encryption
        System.out.println(encryptPwd("panther", "root"));
        // Decrypt
        System.out.println(decyptPwd("panther", "GfP4qfnrJeqMvzN1nOemIQ=="));
    }

}

IV. usage

There is a main method in the toolkit above. Fill in the key you configured, and then fill in the value you need to encrypt. Run it directly.

Similar to database connection in configuration file

# development environment
spring:
  datasource:
    driver-class-name: com.mysql.jdbc.Driver
    url: jdbc:mysql://127.0.0.1:3306/panther_dev?useUnicode=true&characterEncoding=UTF-8
    # Jasypt encryption can be found in the common package. The JasyptUtil encryption and decryption tool class generates the encryption result in the format of ENC (encryption result)
    username: ENC(S2G86yhb0OMJMeNXUaGwYw==)
    password: ENC(GfP4qfnrJeqMvzN1nOemIQ==)