项目引入插件依赖,引入starter后会自动启用jasypt
<dependencies>
<dependency>
<groupId>com.github.ulisesbocchio</groupId>
<artifactId>jasypt-spring-boot-starter</artifactId>
<version>3.0.4</version>
</dependency>
</dependencies>
<plugins>
<plugin>
<groupId>com.github.ulisesbocchio</groupId>
<artifactId>jasypt-maven-plugin</artifactId>
<version>3.0.4</version>
</plugin>
</plugins>
加密配置文件(application-test.yml ),将需要加密的配置项 用 DEC()包裹
针对配置项加密 spring.datasource.password = 123456,改写如下:
spring:
datasource:
driver-class-name: com.mysql.cj.jdbc.Driver
jdbc-url: jdbc:mysql://127.0.0.1:3306/test?useUnicode=true&characterEncoding=utf8&useAffectedRows=true&serverTimezone=UTC&useSSL=false
username: test
password: DEC(1234567)
将待加密的配置文件改写后,运行如下maven命令,实现配置加密。jasypt.encryptor.password表示加密的秘钥,jasypt.plugin.path指定加密的配置文件路径
mvn jasypt:encrypt -Djasypt.encryptor.password=123456 -Djasypt.plugin.path=file:src/main/resources/application-test.yml ##指定配置所在文件
命令执行完成后,发现配置文件中的DEC包裹相关配置已变成密文(插件会自动修改替换配置项):
spring:
datasource:
driver-class-name: com.mysql.cj.jdbc.Driver
jdbc-url: jdbc:mysql://127.0.0.1:3306/test?useUnicode=true&characterEncoding=utf8&useAffectedRows=true&serverTimezone=UTC&useSSL=false
username: test
password: ENC(yhghgg78u77gggy+jkjkhji557ghgh+7786ggghf6) ##随手写的
解密运行服务
在前文中加密的秘钥为123456,服务启动时,通过环境变量或启动参数指定解密的秘钥
-Djasypt.encryptor.password=123456 ##dev/test使用
## 启动参数
java -Djasypt.encryptor.password=123456 -jar spring-boot-test.jar
默认配置
版本 3.0.4,默认配置项如下:
jasypt.encryptor.password True
jasypt.encryptor.algorithm False PBEWITHHMACSHA512ANDAES_256
jasypt.encryptor.key-obtention-iterations False 1000
jasypt.encryptor.pool-size False 1
jasypt.encryptor.provider-name False SunJCE
jasypt.encryptor.provider-class-name False null
jasypt.encryptor.salt-generator-classname False org.jasypt.salt.RandomSaltGenerator
jasypt.encryptor.iv-generator-classname False org.jasypt.iv.RandomIvGenerator
jasypt.encryptor.string-output-type False base64
jasypt.encryptor.proxy-property-sources False false
jasypt.encryptor.skip-property-sources False empty list