Spring Boot 数据库链接配置文件加密
1、首先 pom.xml 加入依赖
<!-- 数据库连接加密 -->
<dependency>
<groupId>com.github.ulisesbocchio</groupId>
<artifactId>jasypt-spring-boot-starter</artifactId>
<version>2.1.0</version>
</dependency>
2、生成加密字符的测试类
package com.test.util;
import org.jasypt.encryption.pbe.StandardPBEStringEncryptor;
import org.jasypt.encryption.pbe.config.EnvironmentPBEConfig;
/**
* 数据库连接信息加密
*/
public class JasyptTest {
/**
* 加密的方法
**/
public void testEncrypt() throws Exception {
StandardPBEStringEncryptor standardPBEStringEncryptor = new StandardPBEStringEncryptor();
EnvironmentPBEConfig config = new EnvironmentPBEConfig();
// 加密的算法,这个算法是默认的
config.setAlgorithm("PBEWithMD5AndDES");
// 加密的密钥 需配置在 application-dev.properties 或者 yml配置 jasypt.encryptor.password=hello
config.setPassword("hello");
standardPBEStringEncryptor.setConfig(config);
// 账号
String usernameText = "root";
String encryptedUsernameText = standardPBEStringEncryptor.encrypt(usernameText);
System.out.println("账号加密");
System.out.println(encryptedUsernameText);
// 密码
String passwordText = "123456";
String encryptedPasswordText = standardPBEStringEncryptor.encrypt(passwordText);
System.out.println("密码加密");
System.out.println(encryptedPasswordText);
// url
String urlText = "jdbc:mysql://localhost:3306/test?characterEncoding=utf8&serverTimezone=GMT%2B8";
String encryptedUrlText = standardPBEStringEncryptor.encrypt(urlText);
System.out.println("url加密");
System.out.println(encryptedUrlText);
}
/**
* 解密的方法
**/
public void testDe() throws Exception {
StandardPBEStringEncryptor standardPBEStringEncryptor = new StandardPBEStringEncryptor();
EnvironmentPBEConfig config = new EnvironmentPBEConfig();
config.setAlgorithm("PBEWithMD5AndDES");
config.setPassword("hello");
standardPBEStringEncryptor.setConfig(config);
// 加密后的账号
String usernameText = "08AuNZWT1CrTUNmA==";
String plainUsernameText = standardPBEStringEncryptor.decrypt(usernameText);
System.out.println("账号解密");
System.out.println(plainUsernameText);
// 加密后的密码
String encryptedText = "HFYm0GhenphdhGw==";
String plainText = standardPBEStringEncryptor.decrypt(encryptedText);
System.out.println("密码解密");
System.out.println(plainText);
// 加密后的url
String encryptedUrlText = "HIYuxtD5Cjq+FJFV/1dMbL17DXYl1sY87TmF3A4aN2/Dh6d1j+RNYRfbx6K0Qfy1x38NQBTfp/QDSBpZXT3uE+1E2sx86NJXzi";
String plainUrlText = standardPBEStringEncryptor.decrypt(encryptedUrlText);
System.out.println("url解密");
System.out.println(plainUrlText);
}
public static void main(String[] args) throws Exception {
JasyptTest test = new JasyptTest();
test.testEncrypt();
System.out.println("****");
test.testDe();
}
}
注意:config.setPassword(“hello”); hello是自己的秘钥,不可以泄露!
3、在启动类上加上@EnableEncryptableProperties注解
@SpringBootApplication
@EnableEncryptableProperties //开启加密注解
public class TestApplication {
public static void main(String[] args) {
SpringApplication.run(TestApplication .class, args);
}
}
4、在application.properties或yml的配置文件中加入以下参数
jasypt.encryptor.password=hello
5、在需要加密的地方可以加密了
#datasource
spring.datasource.driver-class-name=com.mysql.cj.jdbc.Driver
#注意:需要将加密的字符放入 ENC() 括号里面才可以
spring.datasource.url=ENC(kKXfxDIdoTxyx6bBI/mrcOby6O58E0tpUo1/M1Csq6hoUuyRVMgoMruynY4rxoAUeSdjNWd2sLweEOJ09w70IIg8rEsat3)
spring.datasource.username=ENC(o2UeJiFS9n0P4juaQ==)
spring.datasource.password=ENC(Y+6u7WXeapTQ==)
暂时总结如上。