SpringBoot configuration file application YML database information encryption

In the process of developing program system, we often need to consider the problem of system security,

Like this, it's like your database is running naked, isn't it? Maybe someone quietly deleted the database and let you run away? Therefore, the plaintext password cannot appear in the configuration file. Next, I will give you a detailed introduction to the encryption method of Spring Boot configuration file database information.

1.jasypt

Jasypt, a Java class package, provides developers with a simple way to add encryption functions to the project, including password Digest authentication, text and object encryption, and integrating hibernate and Spring Security(Acegi) to enhance password management.

Jasypt is a Java library that allows developers to add basic encryption functions to Java projects without much operation, and they do not need to know the encryption principle.

According to jasypt documents, this technology can be used to encrypt tasks and applications, such as encrypting passwords, sensitive information and data communication, and creating sum for complete inspection data Other features include high security, standards based encryption technology, encrypted passwords that can be encrypted in both one-way and two-way at the same time, text, digital and binary files. Jasypt can also be integrated with Acegi Security, that is, Spring Security. Jasypt also has the integration function of encryption application configuration, and provides an open API, so that any Java Cryptography Extension can use jasypt.

Jasypt also complies with RSA standard password based encryption, and provides unconfigured encryption tools and new, highly configurable encryption tools.

1. The open source project can be used for encryption tasks and applications, such as encryption passwords, sensitive information and data communication

2. It also includes high security, standard based encryption technology, encrypted password, text, number and binary files that can be encrypted in one direction and two directions at the same time.

3. Jasypt also complies with RSA standard password based encryption, and provides unconfigured encryption tools and new and highly configurable encryption tools.

4. Encrypted property files, Spring work integration, Hibernate data source configuration for encryption, new command line tools, Apache wicket integration for URL encryption and upgrade documents.

5. Jasypt can also be integrated with Acegi Security, that is, Spring Security. Jasypt also has the integration function of encryption application configuration, and provides an open API, so that any Java Cryptography Extension can use jasypt.

Let's start with a brief introduction. Let's import related dependencies first

<dependency>
	<groupId>com.github.ulisesbocchio</groupId>
	<artifactId>jasypt-spring-boot-starter</artifactId>
	<version>2.1.2</version>
</dependency>

I use version 2.1.2 here, because some features of the new version conflict with the boot version, and an error will be reported!

2. Generate encrypted string

Encrypt the information you want to encrypt to generate a string

    @Test
    public void testDecrypt(){
        BasicTextEncryptor textEncryptor = new BasicTextEncryptor();
        //Salt required for encryption
        textEncryptor.setPassword("Bt%XJ^n1j8mz");
        //Data to be encrypted (user name or password of the database)
        String username = textEncryptor.encrypt("HNJUNDUIDBA");
        String password = textEncryptor.encrypt("admin1234");
        System.out.println("username: " + username);
        System.out.println("password:" + password);
    }

Then run it to get the encrypted string, as shown in the figure

 3. Change the configuration file based on the encrypted string

spring:
    datasource:
        db_dm8:
          #Damon database driver class
          driver-class-name: dm.jdbc.driver.DmDriver
          #Connection pool
          type: com.alibaba.druid.pool.DruidDataSource
          #Connection address assets of Dameng database_ DM is the mode of reaching dreams
          url: jdbc:dm://127.0.0.1:5236/JEECG_BOOT?zeroDateTimeBehavior=convertToNull&useUnicode=true&characterEncoding=utf-8
          #Database account
          username: ENC(0AMroWvwSGgxIjOsyiSRMtZHIasH7jqY)
          #Login password
          password: ENC(eSaRzjquRNFzU/0MeXtnt5+JRIkGcgZ3)

# Key required for encryption
jasypt:
  encryptor:
    password: Bt%XJ^n1j8mz
    # The default encryption method is PBEWithMD5AndDES, which can be changed to PBEWithMD5AndTripleDES
    algorithm: PBEWithMD5AndDES

 (1). The default format is enc (password);

 (2). Jasypt. Must be specified encryptor. Password parameter;

 (3). The secret key can be stored in the configuration file or environment variable;

Next, you can start the project and complete the configuration!

4. Key storage

First of all, we do this encryption for the security of a system to prevent important information from appearing in plaintext in the code. Then we have encrypted it. Since we have encryption, we can also decrypt it.

As long as you get your encryption key, you can easily decrypt it! So putting the password in the configuration file is equivalent to you opening the door with the key, but the key is still hanging on the door.

In this way, you can configure the password into the environment variable. First delete the key jasypt. In the configuration file encryptor. password

  • System properties: Java - jar foo jar -Djasypt. encryptor. password=Bt%XJ^n1j8mz
  • Operating parameters: Java - jar foo jar --jasypt. encryptor. password=Bt%XJ^n1j8mz
  • Environment variables:

 OK! Like the big brother point a praise yo!

 

Keywords: Java Database Spring Boot

Added by minus4 on Thu, 24 Feb 2022 12:07:08 +0200