SpringBoot项目 yml文件脱敏加密配置

---

前言

SpringBoot项目yml配置文件关键数据脱敏加密
例如：数据库的用户名、密码、url；Redis的密码、url等。

一、使用的三方库

Jasypt: Java simplified encryption - Jasypt: Java simplified encryption - Main
http://www.jasypt.org/

配置信息加密主要利用了http://www.jasypt.org/ 这个类库，Jasypt是一个Java库，允许开发人员以最小的努力将基本的加解密功能添加到你的项目中，而无需对密码加解密的工作原理有深入的了解；

Github：https://github.com/jasypt/jasypt 这个库是java语言写的

二、使用步骤

1.引入库

代码如下（示例）：

<!-- jasypt-spring-boot-starter -->
<dependency>
    <groupId>com.github.ulisesbocchio</groupId>
    <artifactId>jasypt-spring-boot-starter</artifactId>
    <version>3.0.3</version>
</dependency>

需要在yml文件中配置加密的秘钥

配置加密的秘钥key
jasypt.encryptor.password=qsakjdnfij234234sdf67

测试代码：
package com.zlw.test;

import org.jasypt.encryption.StringEncryptor;
import org.junit.jupiter.api.Test;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.context.SpringBootTest;

@SpringBootTest
class DemoApplicationTests {

    @Test
    void contextLoads() {
    }


    @Autowired
    private StringEncryptor stringEncryptor;
    @Test
    public void encryptPwd() {

        //加密
        String username = stringEncryptor.encrypt("root");
        System.out.println("加密username: " + username);

        String decUsername = stringEncryptor.decrypt(username);
        System.out.println("解密username: " + decUsername);

        //加密
        String password = stringEncryptor.encrypt("123456");
        System.out.println("password: " + password);
        String decPassword = stringEncryptor.decrypt(password);
        System.out.println("解密password: " + decPassword);
    }


}

=======================================================================================
运行结果：
加密username: gBc+AzFMG6dk3F/RxT08mH2fW8UUCHZdMZkSTf66IhFRfMuo2NTIavVaxrLybPMb
解密username: root
password: xR+l1tRn05jtHPvuNaQayUiLDp8eZTPXYuw2/chY70X9lUZ8wIf5N+1wVq65IEWk
解密password: 123456

得到密文之后要替换yml文件中对应的加密的信息

例如：
原文：
# springboot项目-数据源配置
spring.datasource.type=com.alibaba.druid.pool.DruidDataSource
spring.datasource.driver-class-name=com.mysql.cj.jdbc.Driver
spring.datasource.url=jdbc:mysql://127.0.0.1:3306/mybatis?serverTimezone=GMT%2B8&useUnicode=true&characterEncoding=utf8&rewriteBatchedStatements=true&useSSL=false
spring.datasource.username=root
spring.datasource.password=123456


替换之后：
# springboot项目-数据源配置
spring.datasource.type=com.alibaba.druid.pool.DruidDataSource
spring.datasource.driver-class-name=com.mysql.cj.jdbc.Driver
spring.datasource.url=jdbc:mysql://127.0.0.1:3306/mybatis?serverTimezone=GMT%2B8&useUnicode=true&characterEncoding=utf8&rewriteBatchedStatements=true&useSSL=false
spring.datasource.username=ENC(gBc+AzFMG6dk3F/RxT08mH2fW8UUCHZdMZkSTf66IhFRfMuo2NTIavVaxrLybPMb)
spring.datasource.password=ENC(xR+l1tRn05jtHPvuNaQayUiLDp8eZTPXYuw2/chY70X9lUZ8wIf5N+1wVq65IEWk)

可以修改ENC() 的前后缀：

2.测试

测试代码如下：

yml 配置文件
server.port=8998
#
#
# springboot项目-启动logo开关控制。
#spring.main.banner-mode=console
#
#
# springboot项目-名称
spring.application.name=springboot-test
#
#
# springboot项目-数据源配置
spring.datasource.type=com.alibaba.druid.pool.DruidDataSource
spring.datasource.driver-class-name=com.mysql.cj.jdbc.Driver
spring.datasource.url=jdbc:mysql://127.0.0.1:3306/mybatis?serverTimezone=GMT%2B8&useUnicode=true&characterEncoding=utf8&rewriteBatchedStatements=true&useSSL=false
spring.datasource.username=ENC(gBc+AzFMG6dk3F/RxT08mH2fW8UUCHZdMZkSTf66IhFRfMuo2NTIavVaxrLybPMb)
spring.datasource.password=ENC(xR+l1tRn05jtHPvuNaQayUiLDp8eZTPXYuw2/chY70X9lUZ8wIf5N+1wVq65IEWk)

#
#
# 配置加密的秘钥key
jasypt.encryptor.password=qsakjdnfij234234sdf67

package com.zlw.test;

import com.zlw.test.bean.MyBean;
import com.zlw.test.service.GoodsService;
import lombok.extern.log4j.Log4j;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.Banner;
import org.springframework.boot.CommandLineRunner;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.boot.builder.SpringApplicationBuilder;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.context.annotation.Import;

/**
 * @author zhaoluowei
 * @description TODO springboot 默认是 logback日志文件
 * @return
 * @date 2021/1/22 13:59
 */
@Slf4j
@Import({MyBean.class,})
@SpringBootApplication
public class DemoApplication {


    @Value("${spring.application.name}")
    private String applicationName;


    public static void main(String[] args) {
        //启动方式一
        //SpringApplication.run(DemoApplication.class, args);

        //启动方式二
        ConfigurableApplicationContext context = new SpringApplicationBuilder()
                .sources(DemoApplication.class)
                .bannerMode(Banner.Mode.CONSOLE)
                .run(args);
        
        //service -> mapper 获取数据
        GoodsService goodsService = context.getBean(GoodsService.class);
        System.out.println("goodsService.selectByPrimaryKey(1) = " + goodsService.selectByPrimaryKey(1));
     }   
}

可以成功获取数据.

代码地址
https://gitee.com/zhaoxiaoluo/spring-boot-test.git