Monday, January 6, 2020

Encrypt properties value for spring boot application

Encrypt password value in properties file in spring boot application

Now a days, it is very important to encrypt the value that we configure in properties files to secure the data.
To encrypt the values in properties file specially in Spring based web application we can use available framework (jasypt) as below:
For example: We have folloing properties value in properties files

db.password=12345

  1. Add   maven plugin in pom as below
    <dependency>
       <groupId>com.github.ulisesbocchio</groupId>
       <artifactId>jasypt-spring-boot-starter</artifactId>
       <version>2.0.0</version>
      </dependency>
  2. Now, configure jasypt encryptor password and algorithm in application properties files as below:
    jasypt.encryptor.password=secretKey
    jasypt.encryptor.algorithm=PBEWithMD5AndDES
  3. Now, generate encrypted value of db.password (12345) using the jar and define in properties files as below:
    To generated encrypted value we need to  use jasypt jar file, password and algorithm as below in cmd:
    java -cp jasypt-1.9.2.jar  org.jasypt.intf.cli.JasyptPBEStringEncryptionCLI password=secretKey input=12345 algorithm=PBEWithMD5AndDES

    When we run above command, it will generate  encrypted value as below:isUphpA4A5/R+4nPV7tfrQ==

Example:
C:\user\.m2\repository\org\jasypt\jasypt\1.9.2>java -cp jasypt-1.9.2.jar  org.jasypt.intf.cli.JasyptPBEStringEncryptionCLI password=secretKey
 input=12345 algorithm=PBEWithMD5AndDES

----ENVIRONMENT-----------------

Runtime: Oracle Corporation Java HotSpot(TM) 64-Bit Server VM 24.80-b11

----ARGUMENTS-------------------

algorithm: PBEWithMD5AndDES
input: 12345
password: secretKey

----OUTPUT----------------------

isUphpA4A5/R+4nPV7tfrQ==




Now, copy above encrypt value to properties file as below with ENC(..):
db.password=ENC(isUphpA4A5/R+4nPV7tfrQ==)

No comments:

Post a Comment