前言
SpringBoot项目yml配置文件关键数据脱敏加密
例如:数据库的用户名、密码、url;Redis的密码、url等。
一、使用的三方库
Jasypt: Java simplified encryption - Jasypt: Java simplified encryption - Main
http://www.jasypt.org/
配置信息加密主要利用了http://www.jasypt.org/ 这个类库,Jasypt是一个Java库,允许开发人员以最小的努力将基本的加解密功能添加到你的项目中,而无需对密码加解密的工作原理有深入的了解;
Github:https://github.com/jasypt/jasypt 这个库是java语言写的
二、使用步骤
1.引入库
代码如下(示例):
<!-- jasypt-spring-boot-starter -->
<dependency>
<groupId>com.github.ulisesbocchio</groupId>
<artifactId>jasypt-spring-boot-starter</artifactId>
<version>3.0.3</version>
</dependency>
需要在yml文件中配置加密的秘钥
配置加密的秘钥key
jasypt.encryptor.password=qsakjdnfij234234sdf67
测试代码:
package com.zlw.test;
import org.jasypt.encryption.StringEncryptor;
import org.junit.jupiter.api.Test;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.context.SpringBootTest;
@SpringBootTest
class DemoApplicationTests {
@Test
void contextLoads() {
}
@Autowired
private StringEncryptor stringEncryptor;
@Test
public void encryptPwd() {
//加密
String username = stringEncryptor.encrypt("root");
System.out.println("加密username: " + username);
String decUsername = stringEncryptor.decrypt(username);
System.out.println("解密username: " + decUsername);
//加密
String password = stringEncryptor.encrypt("123456");
System.out.println("password: " + password);
String decPassword = stringEncryptor.decrypt(password);
System.out.println("解密password: " + decPassword);
}
}
=======================================================================================
运行结果:
加密username: gBc+AzFMG6dk3F/RxT08mH2fW8UUCHZdMZkSTf66IhFRfMuo2NTIavVaxrLybPMb
解密username: root
password: xR+l1tRn05jtHPvuNaQayUiLDp8eZTPXYuw2/chY70X9lUZ8wIf5N+1wVq65IEWk
解密password: 123456
得到密文之后要替换yml文件中对应的加密的信息
例如:
原文:
# springboot项目-数据源配置
spring.datasource.type=com.alibaba.druid.pool.DruidDataSource
spring.datasource.driver-class-name=com.mysql.cj.jdbc.Driver
spring.datasource.url=jdbc:mysql://127.0.0.1:3306/mybatis?serverTimezone=GMT%2B8&useUnicode=true&characterEncoding=utf8&rewriteBatchedStatements=true&useSSL=false
spring.datasource.username=root
spring.datasource.password=123456
替换之后:
# springboot项目-数据源配置
spring.datasource.type=com.alibaba.druid.pool.DruidDataSource
spring.datasource.driver-class-name=com.mysql.cj.jdbc.Driver
spring.datasource.url=jdbc:mysql://127.0.0.1:3306/mybatis?serverTimezone=GMT%2B8&useUnicode=true&characterEncoding=utf8&rewriteBatchedStatements=true&useSSL=false
spring.datasource.username=ENC(gBc+AzFMG6dk3F/RxT08mH2fW8UUCHZdMZkSTf66IhFRfMuo2NTIavVaxrLybPMb)
spring.datasource.password=ENC(xR+l1tRn05jtHPvuNaQayUiLDp8eZTPXYuw2/chY70X9lUZ8wIf5N+1wVq65IEWk)
可以修改ENC() 的前后缀:
2.测试
测试代码如下:
yml 配置文件
server.port=8998
#
#
# springboot项目-启动logo开关控制。
#spring.main.banner-mode=console
#
#
# springboot项目-名称
spring.application.name=springboot-test
#
#
# springboot项目-数据源配置
spring.datasource.type=com.alibaba.druid.pool.DruidDataSource
spring.datasource.driver-class-name=com.mysql.cj.jdbc.Driver
spring.datasource.url=jdbc:mysql://127.0.0.1:3306/mybatis?serverTimezone=GMT%2B8&useUnicode=true&characterEncoding=utf8&rewriteBatchedStatements=true&useSSL=false
spring.datasource.username=ENC(gBc+AzFMG6dk3F/RxT08mH2fW8UUCHZdMZkSTf66IhFRfMuo2NTIavVaxrLybPMb)
spring.datasource.password=ENC(xR+l1tRn05jtHPvuNaQayUiLDp8eZTPXYuw2/chY70X9lUZ8wIf5N+1wVq65IEWk)
#
#
# 配置加密的秘钥key
jasypt.encryptor.password=qsakjdnfij234234sdf67
package com.zlw.test;
import com.zlw.test.bean.MyBean;
import com.zlw.test.service.GoodsService;
import lombok.extern.log4j.Log4j;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.Banner;
import org.springframework.boot.CommandLineRunner;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.boot.builder.SpringApplicationBuilder;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.context.annotation.Import;
/**
* @author zhaoluowei
* @description TODO springboot 默认是 logback日志文件
* @return
* @date 2021/1/22 13:59
*/
@Slf4j
@Import({MyBean.class,})
@SpringBootApplication
public class DemoApplication {
@Value("${spring.application.name}")
private String applicationName;
public static void main(String[] args) {
//启动方式一
//SpringApplication.run(DemoApplication.class, args);
//启动方式二
ConfigurableApplicationContext context = new SpringApplicationBuilder()
.sources(DemoApplication.class)
.bannerMode(Banner.Mode.CONSOLE)
.run(args);
//service -> mapper 获取数据
GoodsService goodsService = context.getBean(GoodsService.class);
System.out.println("goodsService.selectByPrimaryKey(1) = " + goodsService.selectByPrimaryKey(1));
}
}
可以成功获取数据.
代码地址
https://gitee.com/zhaoxiaoluo/spring-boot-test.git