springboot配置文件加密处理方式

1.引入包

  <dependency>
      <groupId>com.github.ulisesbocchio</groupId>
      <artifactId>jasypt-spring-boot-starter</artifactId>
      <version>2.1.0</version>
  </dependency>

2. 配置加/解的密码

# jasypt加密的密匙
jasypt:
  encryptor:
    password: Y6M9fAJQdU7jNp5MW

3. 测试用例中生成加密后的秘钥

package com.yicall.screen.controller;

import org.jasypt.encryption.StringEncryptor;
import org.junit.Assert;
import org.junit.runner.RunWith;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.test.context.junit4.SpringRunner;

/**
 * @Author 谢 洁
 * @Date 2022/2/13 22:45
 * @Version 1.0
 */
@RunWith(SpringRunner.class)
@SpringBootTest
public class Test {
    @Autowired
    private StringEncryptor encryptor;

    @org.junit.Test
    public void getPass() {
        String url = encryptor.encrypt("jdbc:mysql://47.114.62.126:3306/onecallcore_extend?allowMultiQueries=true&useUnicode=true&useSSL=false&serverTimezone=Asia/Shanghai");
        String name = encryptor.encrypt("root");
        String password = encryptor.encrypt("dbLuQi_test@123");
        System.out.println("database url: " + url);
        System.out.println("database name: " + name);
        System.out.println("database password: " + password);
        Assert.assertTrue(url.length() > 0);
        Assert.assertTrue(name.length() > 0);
        Assert.assertTrue(password.length() > 0);
    }
}

4. 将加密后的字符串替换原明文

server:
  port: 9999
spring:
  datasource:
    driver-class-name: com.mysql.cj.jdbc.Driver
    hikari:
      first:
        jdbc-url: ENC(2JexbIZOnzUaO8y2ZCSrE1BaED2U2DCdf9PEyvq929rye/Vt6OHv8uaMl8qdUlC3O9aR3b4jvU/ZWOa1Qm4rNRuXDCOnxumWR+NhAN3yyNJAA9uVzX8y3UdR21Q+XXvXIMKwaa0BCevLNRExR581dYKy2f47HBRLApUfZOljmOAGROrP3U9md+eRhZO8E+Uw)
        username: ENC(/pbhH3BKRUmtkSoUZr/pIA==)
        password: ENC(xEsKW62RiFg2jefpRhJ3yl/bBx44ig7C)

      minimum-idle: 5
      maximum-pool-size: 15
      auto-commit: true
      idle-timeout: 30000
      max-lifetime: 1800000
      connection-timeout: 30000
      connection-test-query: SELECT 1

logging:
  level:
    com.yicall: info

swagger:
  enabled: true

work:
  id: 1
datacenter:
  id: 1
sequence: 1

# jasypt加密的密匙
jasypt:
  encryptor:
    password: Y6M9fAJQdU7jNp5MW

5. 将加密后的字符串替换原明文部署时配置salt(盐)值

为了防止salt(盐)泄露,反解出密码.可以在项目部署的时候使用命令传入salt(盐)值：

java -jar screen_api.jar -Djasypt.encryptor.password=Y6M9fAJQdU7jNp5MW