第一种Jasypt加密
1.maven依赖,不同的spring boot版本引入的jasypt版本不同
<!-- Jasypt加密 -->
spring boot 版本号1依赖
<dependency>
<groupId>com.github.ulisesbocchio</groupId>
<artifactId>jasypt-spring-boot-starter</artifactId>
<version>2.0.0</version>
</dependency>
spring boot 版本号2依赖
<dependency>
<groupId>com.github.ulisesbocchio</groupId>
<artifactId>jasypt-spring-boot-starter</artifactId>
<version>3.0.3</version>
</dependency>
2. 在配置中心增加相关配置
jasypt.encryptor.password=henghe #加密密钥
或者
为了防止salt(盐)泄露,反解出密码.可以在项目部署的时候使用命令传入salt(盐)值:
java -jar xxx.jar -Djasypt.encryptor.password=henghe
3.将application.yml或配置中心中重要的配置改为加密格式
password: ENC(tnJpIM6iACWO/wRI//7XsbBqy/Mpx6MG1hXe4S7U4cNWmGhajnUSeXmBmQiniKEU)
4.springboot程序在启动会自动检测appliction.yml或者配置中心中有ENC(xx)的配置并做解密
5.加解密的测试类
import org.jasypt.encryption.pbe.PooledPBEStringEncryptor;
import org.jasypt.encryption.pbe.StandardPBEByteEncryptor;
import org.jasypt.encryption.pbe.config.SimpleStringPBEConfig;
/**
* @Created with Intellij IDEA
* @Author :
* @Date : 2018/5/18 - 10:37
* @Copyright (C), 2018-2018
* @Descripition : Jasypt安全框架加密类工具包
*/
public class JasyptUtils {
/**
* Jasypt生成加密结果
*
* @param password 配置文件中设定的加密密码 jasypt.encryptor.password
* @param value 待加密值
* @return
*/
public static String encryptPwd(String password, String value) {
PooledPBEStringEncryptor encryptOr = new PooledPBEStringEncryptor();
encryptOr.setConfig(cryptOr(password));
String result = encryptOr.encrypt(value);
return result;
}
/**
* 解密
*
* @param password 配置文件中设定的加密密码 jasypt.encryptor.password
* @param value 待解密密文
* @return
*/
public static String decyptPwd(String password, String value) {
PooledPBEStringEncryptor encryptOr = new PooledPBEStringEncryptor();
encryptOr.setConfig(cryptOr(password));
String result = encryptOr.decrypt(value);
return result;
}
/**
* @param password salt
* @return
*/
public static SimpleStringPBEConfig cryptOr(String password) {
SimpleStringPBEConfig config =