Full integration of encrypted properties in Spring 4/Boot

Question

We're using Jasypt to encrypt some config properties (database passwords) but since the decryption key is stored on each environment's file system we have to do some manual @Bean configuration to load the password from the file then overlay loading properties with an EncryptablePropertiesPropertySource.

Because it is so manual we've had to run this code in @PostConstruct of the WebApplicationConfig class and (although this hasn't happened yet) it runs the risk of loading these after the datasource bean is configured with calls to the Environment - giving null pointer exception. @Lazy loading would be an option but obviously this means we'd then be working with fragile config which we'd like to avoid.

Ultimately we want to be able to use the default classpath:application.properties so don't want to affect existing (default) setup, but we do want to be able to use an encryptable property source as a complete replacement to the Spring one, and to have Spring load the decryption code from a file before anything else happens. Is there a way to tighter integrate loading encryptable properties earlier in the application startup and configuration?

Answer 1

I'm "tailoring down" my previous answer since it got deleted because it was duplicate from a different question:

This library does exactly what you need jasypt-spring-boot which is basically to allow you use the @PropertySource annotation to define your properties the same way you're use to. You just have to add an extra annotation (@EnableEncryptableProperties) to your configuration file. It is not only limited to that, every PropertySource present in Environment will be converted to EncryptablePropertySourceWrapper, a custom wrapper that checks when a property is encrypted and decrypts it on access.