如何通过DataSourceBuilder将Jasypt加密密码传递给数据库

Question

Need to store encrypted password in .properties file and then need to decrypt in configuration class and need to pass to database using jasypt

Trying to Encrypt and decrypt the password using jasypt in springboot application
Reference link-1 link-2

Added dependency in POM.XML

<dependency>
    <groupId>com.github.ulisesbocchio</groupId>
    <artifactId>jasypt-spring-boot-starter</artifactId>
    <version>2.0.0</version>
</dependency>

Added encrypted password in .properties file

mail.encrypted.property=ENC(Fy/hjJHHbIYYwijL5YwXAj8Ho2YTwzhi)

In Springboot Application class

@SpringBootApplication
@EnableEncryptableProperties
@PropertySource(name="EncryptedProperties", value = "classpath:encrypted.properties")
public class MyApplication {
    ...
}

In configuration class

@Value("${mail.encrypted.property}")
private String password;

@ConfigurationProperties(prefix = "mail")
public Datasource ConfigProperties {
    return DataSourceBuilder
        .create()
        .password(password)
        .build();
}

But getting the error due to wrong password, without adding encryption code application is working fine

Answer 1

I managed to make it work like so:

1. the encryptorBean! The encrypted parts are going to be decrypted through this bean. It is wired in the application.properties file with the jasypt.encryptor.bean placeholder, this is where you provide your magic word (password) for the decryption to work

application.properties

jasypt.encryptor.bean=encryptorBean

info.jdbcUrl=jdbc:jtds:sqlserver://xxx.xxx.xxx.xxx:yyy/DEUR
info.username=ENC(1es1kdTptS7HNG5nC8UzT1pmfeYFkww)
info.password=ENC(z6selbQvJrjpxErfsERU6BDtFeweUZX)
info.driverClassName=net.sourceforge.jtds.jdbc.Driver
info.connectionTestQuery=select 1

Then, how do I access the encrypted properties? The "magic" is done throughout the following excerpt

The Database Configurator

package com.telcel.info;

import com.ulisesbocchio.jasyptspringboot.annotation.EnableEncryptableProperties;
import org.jasypt.encryption.pbe.PBEStringCleanablePasswordEncryptor;
import org.jasypt.encryption.pbe.StandardPBEStringEncryptor;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.boot.jdbc.DataSourceBuilder;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.PropertySource;
import org.springframework.core.env.Environment;

import javax.sql.DataSource;

@Configuration
@EnableEncryptableProperties
@PropertySource("classpath:application.properties")
public class DatabaseConfig {

    @Autowired
    private Environment env;

    @Bean(name = "encryptorBean")
    public PBEStringCleanablePasswordEncryptor basicTextEncryptor() {
        StandardPBEStringEncryptor encryptor;
        encryptor = new StandardPBEStringEncryptor();
        encryptor.setAlgorithm("PBEWithMD5AndDES");
        encryptor.setPassword("hocus pocus");
        return encryptor;
    }

    @Bean(name = "infoDS")
    @ConfigurationProperties(prefix = "info")
    public DataSource infoDatasource() {
        String username = env.getProperty("info.username");
        String password = env.getProperty("info.password");

        return DataSourceBuilder.create()
                .username(username)
                .password(password)
                .build();
    }

}

Behind the scenes Environment has registered the classpath.properties also as an encrypted property source, hence when you ask for a property if its surrounded with ENC() it calls the jasypt.encryptor.bean to try to decode the property.

Hope this helps!

Cheers