Spring Boot 数据库druid密码加密
前言
为了避免密码被开发人员获知,对druid数据库密码加密,下面介绍如何实现的。
使用JAR版本:druid-1.1.9.jar
实现步骤
生成公钥、私钥、加密密码
- 工具类获取
package ba.la.ba.la.common.util;
import com.alibaba.druid.filter.config.ConfigTools;
public class DruidTest {
public static void main(String[] args) throws Exception {
// 明文密码
String password = "abc@123";
System.out.println("密码[ "+password+" ]的加密信息如下:\n");
// 获取密码对,参数不能小于512,否则会报错
String [] keyPair = ConfigTools.genKeyPair(512);
// 私钥
String privateKey = keyPair[0];
// 公钥
String publicKey = keyPair[1];
// 用私钥加密后的密文
password = ConfigTools.encrypt(privateKey, password);
System.out.println("privateKey:"+privateKey);
System.out.println("publicKey:"+publicKey);
System.out.println("password:"+password);
// 通过公钥和密文密码获取密码明文
String decryptPassword = ConfigTools.decrypt(publicKey, password);
System.out.println("decryptPassword:"+decryptPassword);
}
}
- 输出结果
密码[ abc@123 ]的加密信息如下:
privateKey:MIIBVQIBADANBgkqhkiG9w0BAQEFAASCAT8wggE7AgEAAkEA5Ifto6WuKXGnMz5vGpo8X9pJOwnYkaYOIlL5lgqQWjPeKCzHRRCNjB0HWIqzcYnDg1DdKK99k1ADyUwV47nfDwIDAQABAkEAiRxkn4KP852Uy1HyJuvSvU+iECHgJcKTSFSwGi1MXlEN00VMk6pX3en7lW5lIX+XzT2N7BAgjX3MdONwv9v6gQIhAPrCxKzTGzD5JkRDyZomYmvVg2i+mm+XCG/lFFnZuzv3AiEA6U5Cp6R9BW71+JOfH1YPlUO4wZgwyT+IW/x9fgkuv6kCIBzZk68eip5Ty+dGtUca62/knL3MUBBOnBXjkTfVKQl5AiBa87x+eFyY2qofbwVQhQ9sJEuJhVg3jIIPQj51/QRxiQIhALF9y9puZxMiSqwCiMu9lkDFH22t4pvN3oqigTlSrksM
publicKey:MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAOSH7aOlrilxpzM+bxqaPF/aSTsJ2JGmDiJS+ZYKkFoz3igsx0UQjYwdB1iKs3GJw4NQ3SivfZNQA8lMFeO53w8CAwEAAQ==
password:ygUHR0YYBD0dByVjhX/2/70Q/WOEYVeMutL0eV4hAndFE8/bs1sPhj40xNmy3qeYFISbfJrG0nYGJTQoz/zL3w==
decryptPassword:abc@123
修改数据库配置 yml
- 修改密码
spring:
datasource:
#druid相关配置
druid:
#基本属性
url: jdbc:mysql://balabala.aliyuncs.com:3306/bala_database?useUnicode=true&characterEncoding=UTF-8&allowMultiQueries=true
username: balabala
password: ygUHR0YYBD0dByVjhX/2/70Q/WOEYVeMutL0eV4hAndFE8/bs1sPhj40xNmy3qeYFISbfJrG0nYGJTQoz/zL3w==
connection-properties: config.decrypt=true;config.decrypt.key=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAOSH7aOlrilxpzM+bxqaPF/aSTsJ2JGmDiJS+ZYKkFoz3igsx0UQjYwdB1iKs3GJw4NQ3SivfZNQA8lMFeO53w8CAwEAAQ==
# 必须添加filter.config.enabled=true,否则不生效
filter:
config:
enabled: true
必须添加filter.config.enabled=true,否则不生效
总结
好,大功告成