Intro
In this post we take a look at how to quickly and easily encrypt properties in Spring Boot applications. To do that, we use the nifty jasypt-spring-boot project up on Github and on Maven Central.
Also, the “app” we build is up on Github (master branch) if you want to simply clone and run.
Something to work with
Technically, we could do with a lot less than what I decided to go with in order to see this thing work, but in an effort to make it more real we actually encrypt something sensitive; a database user’s password.
So to get started we need to bring in some dependencies:
jasypt-spring-boot-starterspring-boot-starter-webspring-jdbcmysql-connector-java
(see pom.xml).
Let’s now move on to setting up our database by logging in and executing the following (note you can get the .sql files from the repo):
Next up, the Spring Boot application config:
Here, we are getting access to property values and using them to configure our data source, as well as defining a ContactRepository bean which we’ll use in our controller below:
As you can see, we’re simply grabbing some path parameters and passing them to our repo implementation below:
Properties
I’m defining properties in src/main/resources/config/application.properties so that they’re picked up automatically by Spring Boot. I’m also using spring.profiles.active in order to specify the active profiles, one of which is mysql in this case. This means that properties in src/main/resources/config/application-mysql.properties is also picked up when this profile is active:
As you can see, db.password‘s value is encrypted. But how was this generated? I left a note of this in notes/jasypt.txt:
i.e. you can use the jasypt jar file which you can pull down with Maven.
Make note of the supersecretz which is the actual password we’ll be using when starting up our app (it will then be used to decrypt the db.password property in our properties file which is contactspassword).
Running
When running the app, make sure you don’t forget to pass in a value of supersecretz for the argument (command line or JVM) jasypt.encryptor.password e.g:
mvn -Djasypt.encryptor.password=supersecretz spring-boot:run
You can then verify the connection to the database by hitting the REST endpoint:
http://localhost:8080/contacts?offset=2&rowCount=6
I hope this post has been of some use in showing how easily you can encrypt properties with jasypt-spring-boot. The details regarding different configuration options, as well as other information in general, can be found in the project’s README.md file up on Github.
Thanks for reading!
6 Comments for “Encrypting properties with jasypt-spring-boot”
Comments
Contact Us
Triq G.F. Agius De Soldanis,
Birkirkara, BKR 4850,
Malta
Send our experts a message
Need Help?Ricston Ltd.
33, Triq G.F. Agius De Soldanis,
Birkirkara, BKR 4850,
Malta
MT: +356 2133 4457
UK: +44 (0)2071935107
Email: info@ricston.com
Send Ryan a message
Ryan Delia
Ricston Monthly Newsletter
Here you can subscribe to:
- Ricston Monthly Newsletter - to receive technology updates, analytics, as well as job offers and news from Ricston once a month.
- Techy Blog Updates - to get notifications about new Mule articles in our blog as soon as they get published.
- News & Articles - to stay up to date with Ricston and industry news and receive our publications and press releases as soon as they come out.
We may contact you from time to time to share new service offerings, or to ask for a feedback, but we won't ever sell your data, and you may unsubscribe at any time.
Social Media
You can follow our updates and contact us via multiple social media channels. Let’s keep in touch!
Our Partners
We collaborate with leading technology and services providers around the world to make sure that our clients benefit from the best solutions on the market.
© 2019 Ricston Ltd - All Rights Reserved
is it possible to use openssl to encrypt password instead of running:
java -cp ~/.m2/repository/org/jasypt/jasypt/1.9.2/jasypt-1.9.2.jar org.jasypt.intf.cli.JasyptPBEStringEncryptionCLI input=”contactspassword” password=supersecretz algorithm=PBEWithMD5AndDES
You missed the last bracket in the property fine .. The ending of ENC(
where are you initializing StandardPBEStringEncryptor .as per my understand we need to set alogorythm type and key inorder to perfoem encryption
Hi Sanjay,
Those values are set with a ‘default’ value in the imported jasypt-spring-boot project. You can see it here:
https://github.com/ulisesbocchio/jasypt-spring-boot#encryption-configuration
my springboot app does not have dataSource() defined.It uses JPA Hibernate PostGreSQL HikariCP (spring2.x). how should the password decryption code integrated in this case. Just setting spring.datasource.password=ENC(xxxx) did not work obviously due to lack of decryption logic in the app
ENC(XjbM14rP4KbPXEH2dszz9XqnRXV0/pG4) – this works fine.
When I try to read the encrypted value from my environment variable and if I pass them inside, it did not work.
ENC(${db.password}), db.password is an variable present in my environment.