关于yml中数据库密码加密与解密

一、自定义加密解密方式：

1、获取yml中的数据进行解码，配置数据源

package com.example.thymeleaf.config;

import com.example.thymeleaf.utils.SecurityUtil;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.env.Environment;
import org.springframework.jdbc.datasource.DriverManagerDataSource;
import javax.sql.DataSource;
@Configuration
public class DataSourceConfig {
    @Autowired
    private Environment env;
    @Value("${spring.datasource.password}")
    private String password;
    @Bean(name = "dataSource")
    public DataSource getDataSource() {
        DriverManagerDataSource dataSource = new DriverManagerDataSource();
        dataSource.setDriverClassName(env.getProperty("spring.datasource.driver-class-name"));
        dataSource.setUrl(env.getProperty("spring.datasource.url"));
        dataSource.setUsername(env.getProperty("spring.datasource.username"));
        dataSource.setPassword(SecurityUtil.getBase64Decrypt(password));
        return dataSource;
    }
}

这里可以通过以下两种方式来获取yml中的配置数据
@Autowired
private Environment env;

@Value("${spring.datasource.password}")
private String password;

2、自定义加密方式对密码进行加密

    username: root
    password: MTIzNDU2Z3A=

package com.example.thymeleaf.utils;

import java.nio.charset.StandardCharsets;
import java.util.Base64;
public class SecurityUtil {

    public static String getBase64Encrypt(String encrypt){
        String encryptString = Base64.getEncoder().encodeToString(encrypt.getBytes(StandardCharsets.UTF_8));
        return encryptString;
    }

    public static String getBase64Decrypt(String decrypt){
        byte[] decryptString = Base64.getDecoder().decode(decrypt);
        return new String(decryptString, StandardCharsets.UTF_8);
    }
}

二、alibaba druid加解密

1、首先引入druid依赖

        <!-- druid -->
        <dependency>
            <groupId>com.alibaba</groupId>
                <artifactId>druid-spring-boot-starter</artifactId>
            <version>1.2.16</version>
        </dependency>

2、在测试类中生成所需要的密文

@Test
    public void druidEncrypt() throws Exception {
        //密码明文
        String password = "123456";
        System.out.println("明文密码: " + password);

        String encrypt = ConfigTools.encrypt(password);
        System.out.println("未使用秘钥加密的密文 - encrypt：" + encrypt);
        String decrypt = ConfigTools.decrypt(encrypt);
        System.out.println("未使用秘钥加密解密后 - encrypt：" + decrypt);

        String[] keyPair = ConfigTools.genKeyPair(512);
        //私钥
        String privateKey = keyPair[0];
        //公钥
        String publicKey = keyPair[1];

        System.out.println("私钥 - privateKey:" + privateKey);
        System.out.println("公钥 - publicKey:" + publicKey);

        //用私钥加密后的密文
        password = ConfigTools.encrypt(privateKey, password);
        System.out.println("私钥加密后的密文 - password:" + password);

        String decryptPassword = ConfigTools.decrypt(publicKey, password);
        System.out.println("解密后:" + decryptPassword);
    }

3、修改yml文件，密文替换密码，添加以下配置

    # 此处使用公钥加密过的密码
    password: jSdkuq4t4OzhufFKsNq0GVc239lDBdQZkzeFuYqZHIWdxRSzNUuvSZ+eRb3m5kVFzZepbBgiB/JeakrZrwApCg==
    druid:
      db-type: mysql
      filter:
        config:
          # 开启此配置，如果为false，则上面的密码要为明文密码
          enabled: true
      connect-properties:
        # 是否要解密，如果为false，则上面的密码要为明文密码
        config.decrypt: true
        # 此处为公钥，可以省略此配置，如果省略，则上面的密码在加密时可以不使用私钥加密
        config.decrypt.key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAK9ccOyIvGSX51qarEHjRC0tg/s3w7vTAQk7nXfVj4JUy0elbzlfbfJuGSb9wGRFDTrKrs47lIFp2CPx3Hr8oQECAwEAAQ==

三、集成jasypt加密

<dependency>
	<groupId>com.github.ulisesbocchio</groupId>
    <artifactId>jasypt-spring-boot-starter</artifactId>
    <version>3.0.4</version>
</dependency>

依赖没有拉下来，暂未尝试