Spring Boot 数据库链接配置文件加密

Spring Boot 数据库链接配置文件加密

1、首先 pom.xml 加入依赖

        <!-- 数据库连接加密 -->
		<dependency>
			<groupId>com.github.ulisesbocchio</groupId>
			<artifactId>jasypt-spring-boot-starter</artifactId>
			<version>2.1.0</version>
		</dependency>

2、生成加密字符的测试类

package com.test.util;

import org.jasypt.encryption.pbe.StandardPBEStringEncryptor;
import org.jasypt.encryption.pbe.config.EnvironmentPBEConfig;

/**
 * 数据库连接信息加密
 */
public class JasyptTest {
    /**
     * 加密的方法 
    **/
    public void testEncrypt() throws Exception {
        StandardPBEStringEncryptor standardPBEStringEncryptor = new StandardPBEStringEncryptor();
        EnvironmentPBEConfig config = new EnvironmentPBEConfig();
        // 加密的算法，这个算法是默认的
        config.setAlgorithm("PBEWithMD5AndDES");
        // 加密的密钥 需配置在 application-dev.properties 或者 yml配置  jasypt.encryptor.password=hello
        config.setPassword("hello");
        standardPBEStringEncryptor.setConfig(config);
        // 账号
        String usernameText = "root";
        String encryptedUsernameText = standardPBEStringEncryptor.encrypt(usernameText);
        System.out.println("账号加密");
        System.out.println(encryptedUsernameText);
        // 密码
        String passwordText = "123456";
        String encryptedPasswordText = standardPBEStringEncryptor.encrypt(passwordText);
        System.out.println("密码加密");
        System.out.println(encryptedPasswordText);
        // url
        String urlText = "jdbc:mysql://localhost:3306/test?characterEncoding=utf8&serverTimezone=GMT%2B8";
        String encryptedUrlText = standardPBEStringEncryptor.encrypt(urlText);
        System.out.println("url加密");
        System.out.println(encryptedUrlText);
    }

    /**
     * 解密的方法 
    **/
    public void testDe() throws Exception {
        StandardPBEStringEncryptor standardPBEStringEncryptor = new StandardPBEStringEncryptor();
        EnvironmentPBEConfig config = new EnvironmentPBEConfig();
        config.setAlgorithm("PBEWithMD5AndDES");
        config.setPassword("hello");
        standardPBEStringEncryptor.setConfig(config);
        // 加密后的账号
        String usernameText = "08AuNZWT1CrTUNmA==";
        String plainUsernameText = standardPBEStringEncryptor.decrypt(usernameText);
        System.out.println("账号解密");
        System.out.println(plainUsernameText);
        // 加密后的密码
        String encryptedText = "HFYm0GhenphdhGw==";
        String plainText = standardPBEStringEncryptor.decrypt(encryptedText);
        System.out.println("密码解密");
        System.out.println(plainText);
        // 加密后的url
        String encryptedUrlText = "HIYuxtD5Cjq+FJFV/1dMbL17DXYl1sY87TmF3A4aN2/Dh6d1j+RNYRfbx6K0Qfy1x38NQBTfp/QDSBpZXT3uE+1E2sx86NJXzi";
        String plainUrlText = standardPBEStringEncryptor.decrypt(encryptedUrlText);
        System.out.println("url解密");
        System.out.println(plainUrlText);
    }

    public static void main(String[] args) throws Exception {
        JasyptTest test = new JasyptTest();
        test.testEncrypt();
        System.out.println("****");
        test.testDe();
    }

}

注意：config.setPassword(“hello”); hello是自己的秘钥，不可以泄露！

 

3、在启动类上加上@EnableEncryptableProperties注解

@SpringBootApplication
@EnableEncryptableProperties //开启加密注解
public class TestApplication {

	public static void main(String[] args) {
		SpringApplication.run(TestApplication .class, args);
	}

}

4、在application.properties或yml的配置文件中加入以下参数

jasypt.encryptor.password=hello

5、在需要加密的地方可以加密了

#datasource
spring.datasource.driver-class-name=com.mysql.cj.jdbc.Driver
#注意：需要将加密的字符放入 ENC() 括号里面才可以
spring.datasource.url=ENC(kKXfxDIdoTxyx6bBI/mrcOby6O58E0tpUo1/M1Csq6hoUuyRVMgoMruynY4rxoAUeSdjNWd2sLweEOJ09w70IIg8rEsat3)
spring.datasource.username=ENC(o2UeJiFS9n0P4juaQ==)
spring.datasource.password=ENC(Y+6u7WXeapTQ==)

暂时总结如上。