spring boot not loading correct Jasypt application.properties for environment

Question

I am trying to implement Jasypt in my Spring Boot 1.4 application because it seems overkill to use Spring Cloud Config for a small app like this. However, I am clearly not understanding how Spring Boot determines which environment its running, and use the appropriate properties file. I need to encrypt the datasource properties stored such as:

spring.datasource.url=jdbc:postgresql://localhost:5432/myschema
spring.datasource.username=myuser
spring.datasource.password=ENC(ZwXHbQl^8c2U)
spring.datasource.driverClassName=org.postgresql.Driver
spring.jpa.database=POSTGRESQL

In my project/config/ directory I have three files:

• application.properties : single entry of: spring.profiles.active=local
• application-local.properties : config values for develop, including local db credentials
• application-test.properties : config values for test env such as db credentials, etc
• application-prod.properties : config values for production env such as db credentials, etc

I am importing Jasypt via:

compile group: 'com.github.ulisesbocchio', name: 'jasypt-spring-boot-starter', version: '1.7'

I run local Spock / Goovy integration tests, so I annotate my Base Test class with

@ActiveProfiles("local, test")

But that didn't seem to pickup the properties file.
< FIXED > by adding @ActiveProfiles(["local", "test"])

I added the /config/application.properties file to set the

spring.profiles.active=local jasypt.encryptor.password=

I have looked at the documentation for how Jasypt works, so I can try and understand how to encrypt my db credentials per environment. Also, I have been able to figure out how to get the proper properties file loaded to test the encryption yet.

UPDATE

It would appear that the proper *.properties file is being loaded now (thanks to the great feedback!) but the database password is either not found or not able to be decrypted. I see the following in the logs:

eEncryptablePropertySourcesPostProcessor : Post-processing PropertySource instances
c.u.j.c.StringEncryptorConfiguration     : String Encryptor custom Bean not found with name 'jasyptStringEncryptor'. Initializing String Encryptor based on properties with name 'jasyptStringEncryptor'
eEncryptablePropertySourcesPostProcessor : Converting PropertySource commandLineArgs [to EncryptableEnumerablePropertySourceWrapper
eEncryptablePropertySourcesPostProcessor : Converting PropertySource servletConfigInitParams [org.springframework.core.env.PropertySource$StubPropertySource] to EncryptablePropertySourceWrapper
eEncryptablePropertySourcesPostProcessor : Converting PropertySource servletContextInitParams [org.springframework.core.env.PropertySource$StubPropertySource] to EncryptablePropertySourceWrapper
eEncryptablePropertySourcesPostProcessor : Converting PropertySource systemProperties [org.springframework.core.env.MapPropertySource] to EncryptableMapPropertySourceWrapper
 eEncryptablePropertySourcesPostProcessor : Converting PropertySource systemEnvironment [org.springframework.core.env.SystemEnvironmentPropertySource] to EncryptableMapPropertySourceWrapper
eEncryptablePropertySourcesPostProcessor : Converting PropertySource random [org.springframework.boot.context.config.RandomValuePropertySource] to EncryptablePropertySourceWrapper
eEncryptablePropertySourcesPostProcessor : Converting PropertySource applicationConfig: [file:./config/application-local.properties] [org.springframework.core.env.PropertiesPropertySource] to EncryptableMapPropertySourceWrapper
eEncryptablePropertySourcesPostProcessor : Converting PropertySource applicationConfig: [file:./config/application.properties] [org.springframework.core.env.PropertiesPropertySource] to EncryptableMapPropertySourceWrapper
eEncryptablePropertySourcesPostProcessor : Converting PropertySource applicationConfig: [classpath:/application.properties] [org.springframework.core.env.PropertiesPropertySource] to EncryptableMapPropertySourceWrapper
 .c.EncryptablePropertySourcesInitializer : Created Encryptable Property Source 'EncryptedProperties' from locations: [classpath:application.properties]

 Encryptor config not found for property jasypt.encryptor.algorithm, using default value: PBEWithMD5AndDES
 c.u.j.c.StringEncryptorConfiguration     : Encryptor config not found for property jasypt.encryptor.keyObtentionIterations, using default value: 1000
c.u.j.c.StringEncryptorConfiguration     : Encryptor config not found for property jasypt.encryptor.poolSize, using default value: 1
c.u.j.c.StringEncryptorConfiguration     : Encryptor config not found for property jasypt.encryptor.providerName, using default value: SunJCE
c.u.j.c.StringEncryptorConfiguration     : Encryptor config not found for property jasypt.encryptor.saltGeneratorClassname, using default value: org.jasypt.salt.RandomSaltGenerator
c.u.j.c.StringEncryptorConfiguration     : Encryptor config not found for property jasypt.encryptor.stringOutputType, using default value: base64
j.LocalContainerEntityManagerFactoryBean : Building JPA container EntityManagerFactory for persistence unit 'default'

According to this line:

Property Source 'EncryptedProperties' from locations:[classpath:application.properties]

It almost seems like we have to explicitly declare which properties files to search for encrypted values in the @EnableEncryptableProperties( ) annotation, but that doesn't seem to take a list of files or property values, nor do I find anyone saying that needs to be done.

Answer 1

Using {} for annotations with multiple values will not work in Groovy , try @ActiveProfiles(["local", "test"]) or @ActiveProfiles(["local", "test"] as String[]) . See Arrays

Answer 2

if you have set spring.profiles.active=local in application.properties then you dont have to use @ActiveProfiles annotation it will look for application-local.properties

The spring.profiles.active property follows the same ordering rules as other properties, the highest PropertySource will win. This means that you can specify active profiles in application.properties then replace them using the command line switch.

Hope this helps!

Answer 3

Base on the Spring docs, it should be: @ActiveProfiles({"local", "test"}). Can you try it?! Refer more details on here: http://docs.spring.io/spring/docs/current/spring-framework-reference/html/integration-testing.html

Hope this help!

Answer 4

In your case you myst try Bootstrapping Jasypt !!! It's needed Jasypt to decrypt encrypted properties before config-server starts pulling configurations from config repository.

bootstrap.yaml

spring.cloud.config.server.bootstrap=true

spring.application.name=config-server
spring.cloud.config.server.git.uri=https://github.com/jamesmedice
spring.cloud.config.server.git.username=james@medici.com
spring.cloud.config.server.git.password=ENC(#################)
jasypt.encryptor.algorithm=PBEWithMD5AndDES
jasypt.encryptor.password=superkey


@Configuration
@ConditionalOnClass(name = "org.springframework.cloud.bootstrap.BootstrapApplicationListener")
@ConditionalOnProperty(name = "spring.cloud.bootstrap.enabled", havingValue = "true", matchIfMissing = true)
public class JasyptSpringCloudBootstrapConfiguration {

     @Configuration
     @ConditionalOnProperty(name = "jasypt.encryptor.bootstrap", havingValue = "true", matchIfMissing = true)
     @Import(EnableEncryptablePropertiesConfiguration.class)
     protected static class BootstrappingEncryptablePropertiesConfiguration {

     }
}

@ConditionalOnClass('BootstrapApplicationListener') makes sure the configuration will be effective in spring cloud based environments only. @ConditionalOnProperty(“spring.cloud.bootstrap.enabled” ...) ensures that it's not the case, once is provided the jasypt.encryptor.bootstrap configuration in order to explicitly disable 'bootstrapping Jasypt' , Jasypt will be auto-configured as well.