Spring Boot - Initialization Order of Dependencies

Question

I have a Spring Boot Project which uses Jasypt for encrypting properties in the application.yml file. Jasypt has always initialized and decrypted the passwords, before any dependecy which uses the decrypted password, asked for it.

However I now want to use Azure Key Vault aswell. This dependency now tries to access its properties before they have been decrypted by Jasypt .

How can I change the order in which Spring Boot initializes these dependencies? For both dependencies I do not have defined any @Bean in the application.

I have created a Demo-Repository .

Its a plain Spring Boot Project. Only thing which is changed is the following:

Added both dependencies in pom.xml :

    <!-- Azure Key Vault -->
    <dependency>
        <groupId>com.microsoft.azure</groupId>
        <artifactId>azure-keyvault-secrets-spring-boot-starter</artifactId>
        <version>2.2.5</version>
    </dependency>

    <!-- Jasypt -->
    <dependency>
        <groupId>com.github.ulisesbocchio</groupId>
        <artifactId>jasypt-spring-boot-starter</artifactId>
        <version>2.1.2</version>
    </dependency>

And in application.yml :

jasypt:
  encryptor:
    password: test
azure:
  keyvault:
    enabled: true
    uri: ENC(1pGS+OSU9a9Bs+2iAjhyVd8NonXkLp0BsPBOuUzcyJSFnABs+bc5jw==)
    client-id: test
    client-key: test
    tenant-id: test

The Error:

java.lang.IllegalArgumentException: The Azure Key Vault url is malformed.

(...)

Caused by: java.net.MalformedURLException: no protocol: ENC(1pGS+OSU9a9Bs+2iAjhyVd8NonXkLp0BsPBOuUzcyJSFnABs+bc5jw==)

As you can see, first Azure Key Vault Initializes itself, tries to use the azure.keyvault.uri but Jasypt hasn't decrypted it yet.

What I would expect in this case is that it tries to connect but isn't able to connect because the URL doesn't exist. But it atleast should use the decrypted version.

I am greatful for any suggestions.

Answer 1

I actually found the solution with the help of the Jasypt docs on GitHub (Section: Custom Environment)

@SpringBootApplication
public class DemoApplication {

   public static void main(String[] args) {
       //Doesn't work
       //SpringApplication.run(DemoApplication.class, args);

       //This works:
       new SpringApplicationBuilder().environment(new StandardEncryptableEnvironment())
                                     .sources(DemoApplication.class).run(args);
   }
}

(...) While not required in most scenarios could be useful when customizing Spring Boot's init behavior or integrating with certain capabilities that are configured very early, such as Logging configuration. (...)

The important part is that you specify the StandardEncryptableEnvironment. This will make it that the very first thing Spring (Jasypt) does is decrypt the Variables. Everything else stays in the same order.