Intro

In this post we take a look at how to quickly and easily encrypt properties in Spring Boot applications. To do that, we use the nifty jasypt-spring-boot project up on Github and on Maven Central.

Also, the “app” we build is up on Github (master branch) if you want to simply clone and run.

Something to work with

Technically, we could do with a lot less than what I decided to go with in order to see this thing work, but in an effort to make it more real we actually encrypt something sensitive; a database user’s password.

So to get started we need to bring in some dependencies:

• jasypt-spring-boot-starter
• spring-boot-starter-web
• spring-jdbc
• mysql-connector-java

(see pom.xml).

Let’s now move on to setting up our database by logging in and executing the following (note you can get the .sql files from the repo):

Next up, the Spring Boot application config:

Here, we are getting access to property values and using them to configure our data source, as well as defining a ContactRepository bean which we’ll use in our controller below:

As you can see, we’re simply grabbing some path parameters and passing them to our repo implementation below:

Properties

I’m defining properties in src/main/resources/config/application.properties so that they’re picked up automatically by Spring Boot. I’m also using spring.profiles.active in order to specify the active profiles, one of which is mysql in this case. This means that properties in src/main/resources/config/application-mysql.properties is also picked up when this profile is active:

As you can see, db.password‘s value is encrypted. But how was this generated? I left a note of this in notes/jasypt.txt:

i.e. you can use the jasypt jar file which you can pull down with Maven.

Make note of the supersecretz which is the actual password we’ll be using when starting up our app (it will then be used to decrypt the db.password property in our properties file which is contactspassword).

Running

When running the app, make sure you don’t forget to pass in a value of supersecretz for the argument (command line or JVM) jasypt.encryptor.password e.g:

mvn -Djasypt.encryptor.password=supersecretz spring-boot:run

You can then verify the connection to the database by hitting the REST endpoint:

http://localhost:8080/contacts?offset=2&rowCount=6

I hope this post has been of some use in showing how easily you can encrypt properties with jasypt-spring-boot. The details regarding different configuration options, as well as other information in general, can be found in the project’s README.md file up on Github.

Thanks for reading!