1、加依赖
<!--加密工具启动加密-->
<dependency>
<groupId>com.github.ulisesbocchio</groupId>
<artifactId>jasypt-spring-boot-starter</artifactId>
<version>3.0.4</version>
</dependency>
2、加配置
sh2tsuhjEPY2VWKcwW+3fz8rIRjl9Zpmo1OTu4OU1nC1TY8QLm/g+QABeUnM3hag是你加密后的密文 ENC(你生成的密文)
spring:
application:
name: springcloudalibaba
profiles:
active: @spring.profiles.active@
cloud:
nacos:
config:
server-addr: @nacos.address@
namespace: @nacos.namespace@
file-extension: yaml
username: nacos
password: ENC(sh2tsuhjEPY2VWKcwW+3fz8rIRjl9Zpmo1OTu4OU1nC1TY8QLm/g+QABeUnM3hag)
shared-configs:
- data-id: common.ymal
refresh: true
jasypt:
encryptor:
password: 你的加密密码 自己定义#生产需要提高安全性 打包时用参数注入
algorithm: PBEWITHHMACSHA512ANDAES_256
iv-generator-classname: org.jasypt.iv.RandomIvGenerator
salt-generator-classname: org.jasypt.salt.RandomSaltGenerator
string-output-type: base64
provider-name: SunJCE
pool-size: 1
key-obtention-iterations: 1000
这样就可以了,密文的生产可以使用下面工具类生成,注意需要加密方式需要与配置一致
3、生成工具类
public static void main(String[] args) {
PooledPBEStringEncryptor encryptor = new PooledPBEStringEncryptor();
SimpleStringPBEConfig config = new SimpleStringPBEConfig();
config.setPassword("123456");#加密密码自己定义
// 默认值
config.setAlgorithm("PBEWITHHMACSHA512ANDAES_256");
config.setKeyObtentionIterations("1000");
config.setPoolSize("1");
config.setProviderName("SunJCE");
config.setSaltGeneratorClassName("org.jasypt.salt.RandomSaltGenerator");
config.setIvGeneratorClassName("org.jasypt.iv.RandomIvGenerator");
config.setStringOutputType("base64");
encryptor.setConfig(config);
System.out.println("beinet 加密后: " + encryptor.encrypt("你要加密的密码"));
}
4、秘钥是个安全性要求比较高的属性,一般不建议直接放在项目内,可以通过启动时-D
参数注入,或者放在配置中心,避免泄露
java -jar -Djasypt.encryptor.password=123456 springcloudalibab.jar