Back to Blog Archive

Encrypting properties with jasypt-spring-boot

Posted on: August 20, 2015
Justin C


In this post we take a look at how to quickly and easily encrypt properties in Spring Boot applications. To do that, we use the nifty jasypt-spring-boot project up on Github and on Maven Central.

Also, the “app” we build is up on Github (master branch) if you want to simply clone and run.

Something to work with

Technically, we could do with a lot less than what I decided to go with in order to see this thing work, but in an effort to make it more real we actually encrypt something sensitive; a database user’s password.

So to get started we need to bring in some dependencies:

  • jasypt-spring-boot-starter
  • spring-boot-starter-web
  • spring-jdbc
  • mysql-connector-java

(see pom.xml).

Let’s now move on to setting up our database by logging in and executing the following (note you can get the .sql files from the repo):

Next up, the Spring Boot application config:

Here, we are getting access to property values and using them to configure our data source, as well as defining a ContactRepository bean which we’ll use in our controller below:

As you can see, we’re simply grabbing some path parameters and passing them to our repo implementation below:


I’m defining properties in src/main/resources/config/ so that they’re picked up automatically by Spring Boot. I’m also using in order to specify the active profiles, one of which is mysql in this case. This means that properties in src/main/resources/config/ is also picked up when this profile is active:

As you can see, db.password‘s value is encrypted. But how was this generated? I left a note of this in notes/jasypt.txt:

i.e. you can use the jasypt jar file which you can pull down with Maven.

Make note of the supersecretz which is the actual password we’ll be using when starting up our app (it will then be used to decrypt the db.password property in our properties file which is contactspassword).


When running the app, make sure you don’t forget to pass in a value of supersecretz for the argument (command line or JVM) jasypt.encryptor.password e.g:

mvn -Djasypt.encryptor.password=supersecretz spring-boot:run

You can then verify the connection to the database by hitting the REST endpoint:


I hope this post has been of some use in showing how easily you can encrypt properties with jasypt-spring-boot. The details regarding different configuration options, as well as other information in general, can be found in the project’s file up on Github.

Thanks for reading!

Justin C

6 Comments for “Encrypting properties with jasypt-spring-boot”

  1. efeok says:

    is it possible to use openssl to encrypt password instead of running:
    java -cp ~/.m2/repository/org/jasypt/jasypt/1.9.2/jasypt-1.9.2.jar org.jasypt.intf.cli.JasyptPBEStringEncryptionCLI input=”contactspassword” password=supersecretz algorithm=PBEWithMD5AndDES

  2. Amar says:

    You missed the last bracket in the property fine .. The ending of ENC(

  3. Sanjay DOngol says:

    where are you initializing StandardPBEStringEncryptor .as per my understand we need to set alogorythm type and key inorder to perfoem encryption

  4. Jose says:

    Hi Sanjay,

    Those values are set with a ‘default’ value in the imported jasypt-spring-boot project. You can see it here:

  5. Hari says:

    my springboot app does not have dataSource() defined.It uses JPA Hibernate PostGreSQL HikariCP (spring2.x). how should the password decryption code integrated in this case. Just setting spring.datasource.password=ENC(xxxx) did not work obviously due to lack of decryption logic in the app

  6. Rajasekar says:

    ENC(XjbM14rP4KbPXEH2dszz9XqnRXV0/pG4) – this works fine.
    When I try to read the encrypted value from my environment variable and if I pass them inside, it did not work.
    ENC(${db.password}), db.password is an variable present in my environment.


Contact Us

Ricston Ltd.
Triq G.F. Agius De Soldanis,
Birkirkara, BKR 4850,
MT: +356 2133 4457
UK: +44 (0)2071935107

Send our experts a message

Need Help?
Ask our Experts!