对配置文件中数据库密码,用户名,数据库连接参数加密设置
对敏感的数据加密
pom
<!-- https://mvnrepository.com/artifact/com.github.ulisesbocchio/jasypt-spring-boot-starter -->
<dependency>
<groupId>com.github.ulisesbocchio</groupId>
<artifactId>jasypt-spring-boot-starter</artifactId>
<version>3.0.4</version>
</dependency>
2.yml引入加密钥匙配置 :
#jasypt加密的密匙
jasypt:
encryptor:
password: JCCCCgd6Tsjckd87xGy6H1JGb47G2H72
可作为启动参数传入
-Djasypt.encryptor.password=JCCCCgd6Tsjckd87xGy6H1JGb47G2H72
如果是使用jar运行就对应命令里面加入 类似:
java -jar -Djasypt.encryptor.password=JCCCCgd6Tsjckd87xGy6H1JGb47G2H72 XXX-xxxx.jar
把需要加密的敏感数据拿出来,提前加密:
@Autowired
StringEncryptor encryptor;
@Test
void contextLoads() {
String dbUrl = encryptor.encrypt("jdbc:mysql://localhost:3306/mytest?useSSL=false&useUnicode=true&characterEncoding=UTF-8&serverTimezone=GMT%2B8&zeroDateTimeBehavior=convertToNull");
System.out.println(dbUrl);
String username = encryptor.encrypt("root");
System.out.println(username);
String password = encryptor.encrypt("root");
System.out.println(password);
}
加密完后的数据替换配置到 yml文件里
spring:
datasource:
druid:
url: ENC(OGNie1iT/W6LBSdXvmIv/tyQA69HbI1OUSh3MM/UeTv2dufbuJBu0aEf7EN86DOPiXOZyHtYTVwu+3AHtmPPZYxXbaw9xU04x8POZsWjx6BmQBmdNRyBVcO7IixG9F+WK6+jlRhXEsgqTk+MOpDuPBBmf8Zw+LoWeKPICfqn2SOJAOJ2gSrE7wDSR4YRejgDWDPcMIvo4yfKG8pJZZ6OeQ==)
username: ENC(cuaMHDblkuVeHSFyV+OKmQ==)
password: ENC(BEQNsEv0gIkvRWwg2P9ktg==)
启动项目进行测试