Password encryption using Jasypt

  • Java library which helps to encrypt sensitive information without much configuration.
  • Property file is encrypted using Jasypt in Spring Boot.
  • Jasypt stands for Java simplified encryption Library.
  • Add in properties jasypt.encrypted.password=mypasswordkey.
  • We must always encrypt sensitive information in our configuration files.
  • Add Maven/Gradle dependency and plug-in of Jasypt in Spring Boot application.
  • In our main class or configuration class add annotation @EnableEncryptableProperties
  • In our terminal/command prompt from our project folder, when the following command
    • Maven Jasypt plug-in must be added in pom.xml, to run the following commands.
    • To encrypt
      • mvn jasypt:encrypt-value -Djasypt.encryptor.password=springimplant -Djasypt.plugin.value=Password
      • In the above command password is our data source password/information to encrypt. And key to encrypt password is “springimplant”.
      • The above command will generate an encrypted Key.
    • To decrypt
      • mvn jasypt:decrypt-value -Djasypt.encryptor.password=springimplant -Djasypt.plugin.value=nObqvmVPYhxVaykMl09QVtGCQWjpd7al1RJhOsyz1eLkb6J2USMu9Fb//e4a6Vro
      • The above command is to check if our encrypted Key is correct or not it provides back our original information.
    • We need to pass our key to the application while running. We can add it in our configuration file or pass it as a JVM parameter.
  • Remember maven command is used to build/generate the key. The JVM which executes jar is where we need to pass the key.
  • We can further customise our Jasypt encryption parameters as follows
    • Using 'jasyptStringEncryptor' bean.
    • Further, we can configure following properties or their default values will be used as follows.
      • jasypt.encryptor.algorithm, using default value: PBEWITHHMACSHA512ANDAES_256
      • jasypt.encryptor.key-obtention-iterations, default value: 1000
      • jasypt.encryptor.pool-size, default value: 1 
      • jasypt.encryptor.provider-name, default value: null 
      • jasypt.encryptor.provider-class-name, default value: null 
      • jasypt.encryptor.salt-generator-classname, default value: org.jasypt.salt.RandomSaltGeneral
      • jasypt.encryptor.iv-generator-classname, default value: org. jasypt.iv. RandomIvGenerator 
      • jasypt.encryptor.string-output-type, default value: base64
  • Directly encrypt the value in our configuration file
    • In application.properties/application.yml file or any configuration file add DEC(key to encrypt).
    • Spring.datasource.password = DEC(password)
    • Run the maven encryption command with just the password parameter
    • To update in YML file give the file path in the command as follows
      • -Djasypt.plugin.path=“file:src/main/resources/application.yml”
  • Using our own custom encryption logic

No comments:

Post a Comment

Subscribe to: Posts (Atom)

Spring Boot

What is circular/cyclic dependency in spring boot? When two services are interdependent on each other, that is to start one service, we requ...

  • Spring Data
    What is JPA? JPA Is also called as Java persistence API It is a standard form oracle to map object to database relations. Provides specific...
  • Frameworks in Spring
     Technology's / frameworks in Spring Spring core Spring MVC Spring boot Spring data Hibernate
  • minimum web version required to use JSTL
     Q What is the minimal web version required to use JSTL? And : 2.4 For example following tag from web.xml uses web 4.0 <web-app xmlns:xs...