Encrypt Passwords In Spring Boot Configuration Using JASYPT

Introduction

Most of us has worked on developing enterprise level applications , but did you wonder is there a better way of storing sensitive password in application properties in Spring boot , or storing a database password .

More often we come approach this kind of scenarios where we need to store sensitive passwords or keys in our application.properties file , there are ways you can encrypt those passwords and sensitive credentials using jasypt-spring-boot .

What is Jasypt ?

Jasypt stands for Java simple encryption used as a library in spring boot to enable encryption of sensitive information such as DB credentials passwords for any other sensitive keys that can be used by your application.

 Jasypt provides a set of utilities  to  encrypt sensitive data without the need of understanding Complex cryptographic algorithms .

We will understand how can we integrate jar shaped in our spring boot application in a very simple and easy steps.

Steps to Integrate Jasypt with Spring Boot

In order to use jasypt-spring-boot in your project the most recommended and the simplest way is to use jasypt-spring-boot-starter . Lets start by doing simple steps and add the following dependency .

        <dependency>
            <groupId>com.github.ulisesbocchio</groupId>
            <artifactId>jasypt-spring-boot-starter</artifactId>
            <version>3.0.4</version>
        </dependency>

Once you have added the jasypt-spring-boot-starter in your dependency the next step is to encrypt your database password and store in your configuration file .

There is an additional step to configure spring boot , you need to add Jasypt maven plugin as shown below under project build section.

<build>
  <plugins>
    <plugin>
      <groupId>com.github.ulisesbocchio</groupId>
      <artifactId>jasypt-maven-plugin</artifactId>
      <version>3.0.4</version>
    </plugin>
  </plugins>
</build>

Now , that we have configured Jasypt Spring boot Project , its time to Encrypt Passwords

Encrypting Passwords Using Jasypt

If you haven’t created your spring boot project , you can follow the steps to create a simple spring boot project and come back here .

Now , in this example we are using spring boot along with JPA and MySql . We will encrypt Mysql database password here .

Make sure you have defined your JPA related configurations as show below .

spring.datasource.url=jdbc:mysql://localhost:3306/broadleaf
spring.datasource.username= root
spring.datasource.password= DEC(root)
jasypt.encryptor.algorithm= PBEWithMD5AndDES
jasypt.encryptor.iv-generator-classname: org.jasypt.iv.NoIvGenerator

The first step to Encrypt any property is Put it under DEC() and add the string value We will encrypt the password root using Jasypt library .

Navigate to the project directory and use the command below .

mvn jasypt:encrypt -Djasypt.encryptor.password=frugalisminds

Note :- The above command wont work if you have not added the JASYPT plugin as mentioned above .

I hope you are able to follow this guide step by step like and share if you can .

Must Read

You should see something below in your application.properties.

encrypt properties in spring boot using Jasypt Spring Boot. In the above step we have provided the password as frugalisminds and encrypted my database password .

Now once you try to run the application , we need to specify the same password in VM arguments or inside code.

Navigate to your favorite IDE and update the run configurations .
Jasypt Password Spring Boot

As an alternative you can also set password programmatically . You can do this in your main class as system property , but this is not the recommended way . You can do this just for testing purpose.

Setting Jasypt Password Programatically

Configure Jasypt Password Using application.yml

Most of the times our application uses application.yml . In that case you can also set the encryption shown above using the below command .

mvn jasypt:encrypt -Djasypt.encryptor.password=frugalisminds -Djasypt.plugin.path="file:src/main/resources/application-test.properties"

We need to specify -Djasypt.plugin.path as argument and specify the path of yml file.

Encrypt Passwords as Single Value

Lets say we want to encrypt a single value and get the encrypted value , we can do that using the command below .

mvn jasypt:encrypt-value -Djasypt.encryptor.password="encryptionpassword" -Djasypt.plugin.value="myvaluetoencrypt"

We have added two parameters

  1. jasypt.encryptor.password – It is basically the secret key with which the encryption would happen .
  2. jasypt.plugin.value – It is basically the value in want to be encrypted , in our case database password is the value we want to encrypt .

We get the encrypted value as marked in red above . We can directly use this encrypted value in our properties and run the application .

Encrypt Passwords Using spring Profiles

In case your application is using any kind of profiling and you want to encrypt different passwords based on profile . You can also have a look How to Setup Spring Profiling .

You can use the command below and make sure you always have your target enclosed with DEC("your target string to be encrypted ") .

Moastly if you need to encrypt or decrypt any values or you want to use any kind of cryptography in your application , you can blindly use Jasypt and enable encryption and decryption .

mvn jasypt:encrypt -Dspring.profiles.active=test -Djasypt.encryptor.password=frugalis

Last Updated on 8 months by frugalis_blog