Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Full integration of encrypted properties in Spring 4/Boot

We're using Jasypt to encrypt some config properties (database passwords) but since the decryption key is stored on each environment's file system we have to do some manual @Bean configuration to load the password from the file then overlay loading properties with an EncryptablePropertiesPropertySource.

Because it is so manual we've had to run this code in @PostConstruct of the WebApplicationConfig class and (although this hasn't happened yet) it runs the risk of loading these after the datasource bean is configured with calls to the Environment - giving null pointer exception. @Lazy loading would be an option but obviously this means we'd then be working with fragile config which we'd like to avoid.

Ultimately we want to be able to use the default classpath:application.properties so don't want to affect existing (default) setup, but we do want to be able to use an encryptable property source as a complete replacement to the Spring one, and to have Spring load the decryption code from a file before anything else happens. Is there a way to tighter integrate loading encryptable properties earlier in the application startup and configuration?

like image 629
user1016765 Avatar asked Sep 29 '14 08:09

user1016765


People also ask

What encryption does spring boot use?

The "standard" encryption method is 256-bit AES using PKCS #5's PBKDF2 (Password-Based Key Derivation Function #2). This method requires Java 6.

What is the use of Jasypt?

Jasypt is a Java library which allows developers to add basic encryption capabilities to projects with minimum effort, and without the need of having an in-depth knowledge about implementation details of encryption protocols.


1 Answers

I'm "tailoring down" my previous answer since it got deleted because it was duplicate from a different question:

This library does exactly what you need jasypt-spring-boot which is basically to allow you use the @PropertySource annotation to define your properties the same way you're use to. You just have to add an extra annotation (@EnableEncryptableProperties) to your configuration file. It is not only limited to that, every PropertySource present in Environment will be converted to EncryptablePropertySourceWrapper, a custom wrapper that checks when a property is encrypted and decrypts it on access.

like image 164
Ulises Avatar answered Nov 16 '22 01:11

Ulises