Jasypt configuration file encryption ｜ quick start ｜ actual combat

Jasypt (Java Simplified Encryption) It's a java library , It allows developers to add basic encryption capabilities to projects at minimal cost , There is no need to understand the working principle of cryptography .

Introduce dependencies

 <dependency>
     <groupId>com.github.ulisesbocchio</groupId>
     <artifactId>jasypt-spring-boot-starter</artifactId>
     <version>3.0.4</version>
 </dependency>

take effect

If it's for spring boot Project configuration file encryption , No additional configuration is required , Start... On the class @SpringBootApplication It will be automatically injected into the program , Make it effective .

Scope

Specify the scope of the configuration file , Other configuration files are not affected jasypt influence

@Configuration
@EncryptablePropertySources({
    
	@EncryptablePropertySource("classpath:sentinel-1.properties"),                          
	@EncryptablePropertySource("classpath:sentinel-2.properties")
	})

application

Tool class

import org.jasypt.encryption.StringEncryptor;
import org.jasypt.encryption.pbe.PooledPBEStringEncryptor;
import org.jasypt.encryption.pbe.config.SimpleStringPBEConfig;

/** * @author issavior */
public class JasyptUtil {
    
    /** * org.jasypt.encryption.StringEncryptor object  */
    private static StringEncryptor stringEncryptor = null;

    public static StringEncryptor getInstance(String secretKey) throws Exception {
    
        if (secretKey == null || secretKey.trim().equals("")) {
    
            System.out.println(" The secret key cannot be empty ！");
            throw new Exception("org.jasypt.encryption.StringEncryptor The secret key cannot be empty ！");
        }
        if (stringEncryptor == null) {
    
            PooledPBEStringEncryptor encryptor = new PooledPBEStringEncryptor();
            SimpleStringPBEConfig config = new SimpleStringPBEConfig();
            //  This secret key must be defined by ourselves 
            config.setPassword(secretKey);
            config.setAlgorithm("PBEWITHHMACSHA512ANDAES_256");
            config.setKeyObtentionIterations("1000");
            config.setPoolSize("1");
            config.setProviderName("SunJCE");
            config.setSaltGeneratorClassName("org.jasypt.salt.RandomSaltGenerator");
            config.setIvGeneratorClassName("org.jasypt.iv.RandomIvGenerator");
            config.setStringOutputType("base64");
            encryptor.setConfig(config);

            stringEncryptor = encryptor;
        }
        return stringEncryptor;
    }

    public static void main(final String[] args) {
    

        //  Secret key string 
        String secretKey = "[email protected]#";

        //  Plaintext password to be encrypted 
        String pass = "123456";
        try {
    
            StringEncryptor stringEncryptor = JasyptUtil.getInstance(secretKey);
            String encryptPass = stringEncryptor.encrypt(pass);
            System.out.println("【" + pass + "】 Encrypted into 【" + encryptPass + "】");

            String clearPass = stringEncryptor.decrypt(encryptPass);
            System.out.println("【" + encryptPass + "】 Decrypted as 【" + clearPass + "】");

        } catch (Exception e) {
    
            e.printStackTrace();
        }
    }

}

To configure

jasypt:
  encryptor:
    password: 123[email protected]#
my:
  #  Must use ENC() wrap up , such jasypt To recognize this password, decrypt it and then send it to the application 
  msg: ENC(PwyGulNOC9YERAC9A6zpH8Da1tn50dtgJ1XBqygkdNoBTkjmENd+F5yJJMp4sthf)

List of properties

Advanced

Its internal properties can be rewritten , Include ENC() etc. .

Yes, of course , Your salt and password must be stored separately , in other words , The encrypted password is configured in the configuration file , The encrypted salt can be placed on the startup parameters .