menu
Back to Blog Archive

Encrypting properties with jasypt-spring-boot

Posted on: August 20, 2015
Blog
Subscribe Send us a Message
Author:
Justin C
JasyptSpring Boot

Intro

In this post we take a look at how to quickly and easily encrypt properties in Spring Boot applications. To do that, we use the nifty jasypt-spring-boot project up on Github and on Maven Central.

Also, the “app” we build is up on Github (master branch) if you want to simply clone and run.

Something to work with

Technically, we could do with a lot less than what I decided to go with in order to see this thing work, but in an effort to make it more real we actually encrypt something sensitive; a database user’s password.

So to get started we need to bring in some dependencies:

  • jasypt-spring-boot-starter
  • spring-boot-starter-web
  • spring-jdbc
  • mysql-connector-java

(see pom.xml).

Let’s now move on to setting up our database by logging in and executing the following (note you can get the .sql files from the repo):

Next up, the Spring Boot application config:

Here, we are getting access to property values and using them to configure our data source, as well as defining a ContactRepository bean which we’ll use in our controller below:

As you can see, we’re simply grabbing some path parameters and passing them to our repo implementation below:

Properties

I’m defining properties in src/main/resources/config/application.properties so that they’re picked up automatically by Spring Boot. I’m also using spring.profiles.active in order to specify the active profiles, one of which is mysql in this case. This means that properties in src/main/resources/config/application-mysql.properties is also picked up when this profile is active:

As you can see, db.password‘s value is encrypted. But how was this generated? I left a note of this in notes/jasypt.txt:

i.e. you can use the jasypt jar file which you can pull down with Maven.

Make note of the supersecretz which is the actual password we’ll be using when starting up our app (it will then be used to decrypt the db.password property in our properties file which is contactspassword).

Running

When running the app, make sure you don’t forget to pass in a value of supersecretz for the argument (command line or JVM) jasypt.encryptor.password e.g:

mvn -Djasypt.encryptor.password=supersecretz spring-boot:run

You can then verify the connection to the database by hitting the REST endpoint:

http://localhost:8080/contacts?offset=2&rowCount=6

I hope this post has been of some use in showing how easily you can encrypt properties with jasypt-spring-boot. The details regarding different configuration options, as well as other information in general, can be found in the project’s README.md file up on Github.

Thanks for reading!

Author:
Justin C

5 Comments for “Encrypting properties with jasypt-spring-boot”

  1. efeok says:
    February 23, 2017 at 3:29 pm

    is it possible to use openssl to encrypt password instead of running:
    java -cp ~/.m2/repository/org/jasypt/jasypt/1.9.2/jasypt-1.9.2.jar org.jasypt.intf.cli.JasyptPBEStringEncryptionCLI input=”contactspassword” password=supersecretz algorithm=PBEWithMD5AndDES

    Reply
  2. Amar says:
    April 16, 2018 at 3:27 pm

    You missed the last bracket in the property fine .. The ending of ENC(

    Reply
  3. Sanjay DOngol says:
    July 24, 2018 at 7:00 pm

    where are you initializing StandardPBEStringEncryptor .as per my understand we need to set alogorythm type and key inorder to perfoem encryption

    Reply
  4. Jose says:
    August 7, 2018 at 4:39 pm

    Hi Sanjay,

    Those values are set with a ‘default’ value in the imported jasypt-spring-boot project. You can see it here:
    https://github.com/ulisesbocchio/jasypt-spring-boot#encryption-configuration

    Reply
  5. Hari says:
    May 16, 2019 at 6:33 am

    my springboot app does not have dataSource() defined.It uses JPA Hibernate PostGreSQL HikariCP (spring2.x). how should the password decryption code integrated in this case. Just setting spring.datasource.password=ENC(xxxx) did not work obviously due to lack of decryption logic in the app

    Reply

Comments

Quicklinks

Contact Us

Ricston Ltd.
Triq G.F. Agius De Soldanis,
Birkirkara, BKR 4850,
Malta
MT: +356 2133 4457
UK: +44 (0)2071935107

Send our experts a message

Need Help?
Ask our Experts!

Addison Lee

API-led Integration

View Case Study

Collibra

Integration Solution

"Ricston run a great enablement program and made it possible for us to scale and streamline the amount of integrations we make available for our clients."

View Case Study

Sky Media

Google DFP Integration

View Case Study

Ricston Ltd.
33, Triq G.F. Agius De Soldanis,
Birkirkara, BKR 4850,
Malta

MT: +356 2133 4457
UK: +44 (0)2071935107
Email: info@ricston.com

Send Ryan a message

Ryan Delia
Services Director

Ricston Monthly Newsletter

Here you can subscribe to:

  • Ricston Monthly Newsletter - to receive technology updates, analytics, as well as job offers and news from Ricston once a month.
  • Techy Blog Updates - to get notifications about new Mule articles in our blog as soon as they get published.
  • News & Articles - to stay up to date with Ricston and industry news and receive our publications and press releases as soon as they come out.

We may contact you from time to time to share new service offerings, or to ask for a feedback, but we won't ever sell your data, and you may unsubscribe at any time.

Social Media

You can follow our updates and contact us via multiple social media channels. Let’s keep in touch!

Facebook
Twitter
Google +
Linked In
Instagram

Our Partners

We collaborate with leading technology and services providers around the world to make sure that our clients benefit from the best solutions on the market.

View all our Partners »

© 2019 Ricston Ltd - All Rights Reserved

Legal Notice | Privacy Policy | Brand Policy