一、使用jasypt对数据库密码加密
1、pom.xml引入jasypt包
<dependency>
<groupId>com.github.ulisesbocchio</groupId>
<artifactId>jasypt-spring-boot-starter</artifactId>
<version>3.0.3</version>
</dependency>
2、利用工具类对明文密码进行加密
package com.demo.util;
import org.jasypt.encryption.pbe.PooledPBEStringEncryptor;
import org.jasypt.encryption.pbe.config.SimpleStringPBEConfig;
/**
* @Author
* @Date 2023/10/16 14:55
* @Description
* @Version 1.0
*/
public class JasyptEncryptorUtils {
private static final String salt = "123456";
private static PooledPBEStringEncryptor encryptor = new PooledPBEStringEncryptor();
static {
SimpleStringPBEConfig config = new SimpleStringPBEConfig();
config.setPassword(salt);
config.setAlgorithm("PBEWITHHMACSHA512ANDAES_256");
config.setKeyObtentionIterations("1000");
config.setPoolSize("1");
config.setProviderName("SunJCE");
config.setSaltGeneratorClassName("org.jasypt.salt.RandomSaltGenerator");
config.setIvGeneratorClassName("org.jasypt.iv.RandomIvGenerator");
config.setStringOutputType("base64");
encryptor.setConfig(config);
}
private JasyptEncryptorUtils() {
}
/**
* 明文加密
*
* @param plaintext
* @return
*/
public static String encode(String plaintext) {
String ciphertext = encryptor.encrypt(plaintext);
return ciphertext;
}
/**
* 密文解密
*
* @param ciphertext
* @return
*/
public static String decode(String ciphertext) {
String plaintext = encryptor.decrypt(ciphertext);
return plaintext;
}
public static void main(String[] args) {
System.out.println(JasyptEncryptorUtils.encode("123456"));
}
}
3、修改数据库的配置文件内容信息
a、 用ENC包裹用JasyptEncryptorUtils 生成的加密串
password: ENC(cfWul8dF/Y3qs+VOn/IOrmUXj3PyKJbCakNsk6QUMBEsOJLXJqEeFJu4ymVJHLku)
b、配置密钥
jasypt:
encryptor:
password: 123456
ps: 在生产环境中,建议放在启动命令里面,避免密钥泄露
java -jar -Djasypt.encryptor.password=123456