©2020-2024 ioDraw All rights reserved
SpringBoot The project often puts the password plaintext for connecting to the database in the configuration file , The security is lower , Especially in some enterprises, the security requirements are very high , So we consider how to encrypt the password .
jasypt Is an easy-to-use encryption and decryption Java library , Can be quickly integrated into Spring Boot In the project , And provides automatic configuration , Easy to use .
The steps are as follows :
* 1) introduce maven rely on <dependency> <groupId>com.github.ulisesbocchio</groupId> <
artifactId>jasypt-spring-boot-starter</artifactId> <version>1.17</version> </
dependency>
* 2) Reconfigure file application.yml jasypt: encryptor: password: 123456 # jasypt Encrypted salt value
* 3) Generate the encrypted key in the test case import org.jasypt.encryption.pbe.StandardPBEStringEncryptor;
import org.junit.jupiter.api.Test; public class TestEncryptorTest { @Test public
void test() { StandardPBEStringEncryptor encryptor = new
StandardPBEStringEncryptor(); encryptor.setPassword("123456");//yml Set in the file key
String url= encryptor.encrypt(
"jdbc:mysql://localhost:3306/test?createDatabaseIfNotExist=true"); String name =
encryptor.encrypt("root"); String password = encryptor.encrypt("root"); String
url1= encryptor.decrypt(url); String name1 = encryptor.decrypt(name); String
password1= encryptor.decrypt(password); System.out.println("url ciphertext :"+url); System
.out.println("url Plaintext :"+url1); System.out.println("username ciphertext :"+name); System.out.
println("username Plaintext :"+name1); System.out.println("password ciphertext :"+password); System
.out.println("password Plaintext :"+password1); } } /* output :
url ciphertext :1L+DJGp6GKaSjXWQDGafQdjPrxEvOebftER88SsTAux/zJsaWSHs4K61s7QNyBwdKd0UEYVmnNaFtVMXHkj7nFh8UlvpmvgmtPSscC+Qeww=
url Plaintext :jdbc:mysql://localhost:3306/test?createDatabaseIfNotExist=true
username ciphertext :TeRrFJqzQGcsuIsQ20ANsg== username Plaintext :root
password ciphertext :2HhGPhzjfTCdPiLGBZuY53DIHAMNTNRe password Plaintext :root */
* 4) Add the generated key above to application.yml In configuration , This is mainly used for database password ciphertext ENC Identify spring: datasource:
url: ENC(1L+DJGp6GKaSjXWQDGafQdjPrxEvOebftER88SsTAux/
zJsaWSHs4K61s7QNyBwdKd0UEYVmnNaFtVMXHkj7nFh8UlvpmvgmtPSscC+Qeww=) username: ENC(
TeRrFJqzQGcsuIsQ20ANsg==) password: ENC(2HhGPhzjfTCdPiLGBZuY53DIHAMNTNRe)
* 5) Running program , Can be connected to the database . The specific connection information cannot be seen in the configuration file , Relative safety .
supplement :API Interface for data encryption
The data transmitted by the interface can also be encrypted . The back end encrypts the interface that transmits data , And provide corresponding decryption interface , When the front end calls the data interface for transmission , Also call the decryption interface , It realizes the encryption and decryption of data . The advantage of this is , The front end can only see the data it wants to see and can see , Make data relatively safe .
Technology