How SpringBoot encrypts the SQL account password of the configuration file

1. Introduce dependencies into the Maven project

<dependency>
    <groupId>com.github.ulisesbocchio</groupId>
    <artifactId>jasypt-spring-boot-starter</artifactId>
    <version>2.1.0</version>
</dependency>

2. At the same time, you need to configure the password in the application.yml configuration file

because the tool uses this password for encryption or decryption. Therefore, you must ensure that the encrypted string in the configuration is encrypted with the same password, otherwise it will not be decrypted when the project is started.

jasypt:
    encryptor:
        password: 123456

3. You can

encrypt the original information in the test case. The method of use is very simple. The simple Demo is as follows:

@RunWith(SpringRunner.class)
@SpringBootTest
@WebAppConfiguration
public class Test {
    @Autowired
    StringEncryptor encryptor;
 
    @Test
    public void getPass() {
        #直接调用加密的方法
        String mysql = encryptor.encrypt("mysql-username|mysql-password");
    }
}

4. Finally, just put the encrypted string in the configuration file

Such as the "mysql" string above

url: ENC(mysql==)
username: ENC(mysql==)
password: ENC(mysql=)

Pay attention to ENC ( ) is a fixed way of writing, and mysql== is your encrypted corresponding string.

In this way, you can pretend to encrypt sensitive information, hahaha, the reason why I say pretend. Many people may be confused by this issue because the encrypted password is stored in the configuration file in clear text and can be easily decrypted by anyone.

Yes, that is indeed the case. This kind of encryption method can only be said to not allow people to see the account password at once.

Even if the data is encrypted, it is meaningless after the hacker obtains access to your project, because encryption is just a false security measure. Therefore, it is the most basic and important to ensure the security of projects and servers.

OK!OK!OK!

Encrypt the configuration file

Students in development all know that, for example, project dependency information and database information are generally saved in the configuration file , and they are all plain text, so encryption processing is required. Today I will introduce the configuration of jasypt integrated with springboot encryption.

First of all, these are based on the premise that your springboot project can run normally.

Step one: Add dependencies to the pom file, as shown in the figure

A version is provided here

<dependency>
   <groupId>com.github.ulisesbocchio</groupId>
   <artifactId>jasypt-spring-boot-starter</artifactId>
   <version>2.1.0</version>
</dependency>

Step two: Generate the key

Find the jasypt jar package in your local maven warehouse, and open the cmd command window in that directory, as shown in the figure:

Execute

java -cp jasypt-1.9.2.jar org.jasypt.intf.cli.JasyptPBESTringEncryptionCLI input="test" password=test algorithm=PBEWithMD5AndDES

where Input is your plain text password, here I am demonstrating test, password is your private key, algorithm is a rule, do not change it! ! ! . After execution, as shown in the figure:

# Briefly explain, the OUTPUT here is the encrypted ciphertext (password). Here is a method to copy text using cmd (because I didn’t know how to copy using cmd at first): right-click the mouse to mark and select the content you want to copy, and then you can copy it.

Step 3: Add configuration to the springboot configuration file, as shown in the figure

Here I use the application.yml file, and the application.properties file is written like this :jasypt.encryptor.password=test.

But what is actually used is System.setProperty("jasypt.encryptor.password", "demo"); in the startup class to reassign the value between this node, which will help protect the private key again (if If anyone has a better solution, please leave a message in time and we can discuss it together.)

Note: The first password in the above picture corresponds to the password in ARGUEMENTS in the second step. , the second password corresponds to the result in OUTPUT in the second step, and the form must be added with ENC (you password), as shown in the figure.

Step 4: Decrypt the password through the command

Execute the command

java -cp jasypt-1.9.2.jar org.jasypt.intf.cli.JasyptPBESTringDecryptionCLI input="nhyL4CzSQv/aPxoe7TzpOQ==" password=test algorithm=PBEWithMD5AndDES

The result is as shown below:

At the end, the integration of springboot and jasypt is completed. It seems to be quite easy to implement, haha. But one thing to note is that you must not leak your configuration file (especially the password in ARGUMENTS, which is equivalent to the private key), otherwise others can decrypt your password through the fourth step. It is recommended to put the configuration file in Configuration Center

The above is the detailed content of How SpringBoot encrypts the SQL account password of the configuration file. For more information, please follow other related articles on the PHP Chinese website!