In this post we take a look at how to quickly and easily encrypt properties in Spring Boot applications. To do that, we use the nifty jasypt-spring-boot project up on Github and on Maven Central.
Also, the “app” we build is up on Github (master
branch) if you want to simply clone and run.
Technically, we could do with a lot less than what I decided to go with in order to see this thing work, but in an effort to make it more real we actually encrypt something sensitive; a database user’s password.
So to get started we need to bring in some dependencies:
jasypt-spring-boot-starter
spring-boot-starter-web
spring-jdbc
mysql-connector-java
(see pom.xml).
Let’s now move on to setting up our database by logging in and executing the following (note you can get the .sql files from the repo):
Next up, the Spring Boot application config:
Here, we are getting access to property values and using them to configure our data source, as well as defining a ContactRepository bean which we’ll use in our controller below:
As you can see, we’re simply grabbing some path parameters and passing them to our repo implementation below:
I’m defining properties in src/main/resources/config/application.properties
so that they’re picked up automatically by Spring Boot. I’m also using spring.profiles.active
in order to specify the active profiles, one of which is mysql
in this case. This means that properties in src/main/resources/config/application-mysql.properties
is also picked up when this profile is active:
As you can see, db.password
‘s value is encrypted. But how was this generated? I left a note of this in notes/jasypt.txt
:
i.e. you can use the jasypt
jar file which you can pull down with Maven.
Make note of the supersecretz
which is the actual password we’ll be using when starting up our app (it will then be used to decrypt the db.password
property in our properties file which is contactspassword
).
When running the app, make sure you don’t forget to pass in a value of supersecretz
for the argument (command line or JVM) jasypt.encryptor.password
e.g:
mvn -Djasypt.encryptor.password=supersecretz spring-boot:run
You can then verify the connection to the database by hitting the REST endpoint:
http://localhost:8080/contacts?offset=2&rowCount=6
I hope this post has been of some use in showing how easily you can encrypt properties with jasypt-spring-boot. The details regarding different configuration options, as well as other information in general, can be found in the project’s README.md file up on Github.
Thanks for reading!
is it possible to use openssl to encrypt password instead of running:
java -cp ~/.m2/repository/org/jasypt/jasypt/1.9.2/jasypt-1.9.2.jar org.jasypt.intf.cli.JasyptPBEStringEncryptionCLI input=”contactspassword” password=supersecretz algorithm=PBEWithMD5AndDES
You missed the last bracket in the property fine .. The ending of ENC(
where are you initializing StandardPBEStringEncryptor .as per my understand we need to set alogorythm type and key inorder to perfoem encryption
Hi Sanjay,
Those values are set with a ‘default’ value in the imported jasypt-spring-boot project. You can see it here:
https://github.com/ulisesbocchio/jasypt-spring-boot#encryption-configuration