Most of us has worked on developing enterprise level applications , but did you wonder is there a better way of storing sensitive password in application properties in Spring boot , or storing a database password .
More often we come approach this kind of scenarios where we need to store sensitive passwords or keys in our
application.properties file , there are ways you can encrypt those passwords and sensitive credentials using jasypt-spring-boot .
What is Jasypt ?
Jasypt stands for Java simple encryption used as a library in spring boot to enable encryption of sensitive information such as DB credentials passwords for any other sensitive keys that can be used by your application.
Jasypt provides a set of utilities to encrypt sensitive data without the need of understanding Complex cryptographic algorithms .
We will understand how can we integrate jar shaped in our spring boot application in a very simple and easy steps.
Steps to Integrate Jasypt with Spring Boot
In order to use jasypt-spring-boot in your project the most recommended and the simplest way is to use jasypt-spring-boot-starter . Lets start by doing simple steps and add the following dependency .
<dependency> <groupId>com.github.ulisesbocchio</groupId> <artifactId>jasypt-spring-boot-starter</artifactId> <version>3.0.4</version> </dependency>
Once you have added the jasypt-spring-boot-starter in your dependency the next step is to encrypt your database password and store in your configuration file .
There is an additional step to configure spring boot , you need to add Jasypt maven plugin as shown below under project build section.
<build> <plugins> <plugin> <groupId>com.github.ulisesbocchio</groupId> <artifactId>jasypt-maven-plugin</artifactId> <version>3.0.4</version> </plugin> </plugins> </build>
Now , that we have configured Jasypt Spring boot Project , its time to Encrypt Passwords
Encrypting Passwords Using Jasypt
If you haven’t created your spring boot project , you can follow the steps to create a simple spring boot project and come back here .
Now , in this example we are using spring boot along with JPA and MySql . We will encrypt Mysql database password here .
Make sure you have defined your JPA related configurations as show below .
spring.datasource.url=jdbc:mysql://localhost:3306/broadleaf spring.datasource.username= root spring.datasource.password= DEC(root) jasypt.encryptor.algorithm= PBEWithMD5AndDES jasypt.encryptor.iv-generator-classname: org.jasypt.iv.NoIvGenerator
The first step to Encrypt any property is Put it under DEC() and add the string value We will encrypt the password root using Jasypt library .
Navigate to the project directory and use the command below .
mvn jasypt:encrypt -Djasypt.encryptor.password=frugalisminds
Note :- The above command wont work if you have not added the JASYPT plugin as mentioned above .
I hope you are able to follow this guide step by step like and share if you can .
- Learn Spring Boot for Beginners Step by Step
- How Authentication Works on Spring Security – An Exhaustive Guide
- Understand Secrets Of Spring Boot Fat Jar File
- Best Ways to Run a Spring Boot App Via Command Line
You should see something below in your
As an alternative you can also set password programmatically . You can do this in your main class as system property , but this is not the recommended way . You can do this just for testing purpose.
Configure Jasypt Password Using application.yml
Most of the times our application uses
application.yml . In that case you can also set the encryption shown above using the below command .
mvn jasypt:encrypt -Djasypt.encryptor.password=frugalisminds -Djasypt.plugin.path="file:src/main/resources/application-test.properties"
We need to specify
-Djasypt.plugin.path as argument and specify the path of yml file.
Encrypt Passwords as Single Value
Lets say we want to encrypt a single value and get the encrypted value , we can do that using the command below .
mvn jasypt:encrypt-value -Djasypt.encryptor.password="encryptionpassword" -Djasypt.plugin.value="myvaluetoencrypt"
We have added two parameters
- jasypt.encryptor.password – It is basically the secret key with which the encryption would happen .
- jasypt.plugin.value – It is basically the value in want to be encrypted , in our case database password is the value we want to encrypt .
We get the encrypted value as marked in red above . We can directly use this encrypted value in our properties and run the application .
Encrypt Passwords Using spring Profiles
In case your application is using any kind of profiling and you want to encrypt different passwords based on profile . You can also have a look How to Setup Spring Profiling .
You can use the command below and make sure you always have your target enclosed with
DEC("your target string to be encrypted ") .
Moastly if you need to encrypt or decrypt any values or you want to use any kind of cryptography in your application , you can blindly use Jasypt and enable encryption and decryption .
mvn jasypt:encrypt -Dspring.profiles.active=test -Djasypt.encryptor.password=frugalis