Spring Boot how to hide passwords in properties file

by

You can use Jasypt to encrypt properties, so you could have your property like this:

db.password=ENC(XcBjfjDDjxeyFBoaEPhG14wEzc6Ja+Xx+hNPrJyQT88=)

Jasypt allows you to encrypt your properties using different algorithms, once you get the encrypted property you put inside the ENC(...). For instance, you can encrypt this way through Jasypt using the terminal:

encrypted-pwd$ java -cp ~/.m2/repository/org/jasypt/jasypt/1.9.2/jasypt-1.9.2.jar  org.jasypt.intf.cli.JasyptPBEStringEncryptionCLI input="contactspassword" password=supersecretz algorithm=PBEWithMD5AndDES

----ENVIRONMENT-----------------

Runtime: Oracle Corporation Java HotSpot(TM) 64-Bit Server VM 24.45-b08



----ARGUMENTS-------------------

algorithm: PBEWithMD5AndDES
input: contactspassword
password: supersecretz



----OUTPUT----------------------

XcBjfjDDjxeyFBoaEPhG14wEzc6Ja+Xx+hNPrJyQT88=

To easily configure it with Spring Boot you can use its starter jasypt-spring-boot-starter with group ID com.github.ulisesbocchio

Keep in mind, that you will need to start your application using the same password you used to encrypt the properties. So, you can start your app this way:

mvn -Djasypt.encryptor.password=supersecretz spring-boot:run

Or using the environment variable (thanks to spring boot relaxed binding):

export JASYPT_ENCRYPTOR_PASSWORD=supersecretz
mvn spring-boot:run

You can check below link for more details:

https://www.ricston.com/blog/encrypting-properties-in-spring-boot-with-jasypt-spring-boot/

To use your encrypted properties in your app just use it as usual, use either method you like (Spring Boot wires the magic, anyway the property must be of course in the classpath):

Using @Value annotation

@Value("${db.password}")
private String password;

Or using Environment

@Autowired
private Environment environment;

public void doSomething(Environment env) {
    System.out.println(env.getProperty("db.password"));
}

Update: for production environment, to avoid exposing the password in the command line, since you can query the processes with ps, previous commands with history, etc etc. You could:

  • Create a script like this: touch setEnv.sh
  • Edit setEnv.sh to export the JASYPT_ENCRYPTOR_PASSWORD variable

    #!/bin/bash

    export JASYPT_ENCRYPTOR_PASSWORD=supersecretz

  • Execute the file with . setEnv.sh
  • Run the app in background with mvn spring-boot:run &
  • Delete the file setEnv.sh
  • Unset the previous environment variable with: unset JASYPT_ENCRYPTOR_PASSWORD

More Related Contents:

  1. Running code after Spring Boot starts
  2. Spring Boot REST API – request timeout?
  3. How to customise the Jackson JSON mapper implicitly used by Spring Boot?
  4. Spring Boot configure and use two data sources
  5. Can a spring boot @RestController be enabled/disabled using properties?
  6. Is it possible with Spring Boot to serve up JSPs with a JAR packaging?
  7. How do I tell Spring Boot which main class to use for the executable jar?
  8. How to configure embedded Tomcat integrated with Spring to listen requests to IP address, besides localhost?
  9. Spring Boot Actuator application won’t start on Ubuntu VPS
  10. java.lang.NoClassDefFoundError: org/springframework/core/env/ConfigurableEnvironment
  11. How to enable HTTP response caching in Spring Boot
  12. Spring Boot with redirecting with single page angular2
  13. Multiple WebSecurityConfigurerAdapter in spring boot for multiple patterns
  14. How can I register a secondary servlet with Spring Boot?
  15. how to use Spring Boot profiles
  16. Heroku cannot deploy Java 11 Spring Boot App [duplicate]
  17. Configure ViewResolver with Spring Boot and annotations gives No mapping found for HTTP request with URI error
  18. Maven Resource Filtering with Spring Boot: Could not resolve placeholder
  19. Unable to use Spring Property Placeholders in logback.xml
  20. Max limit of MultipartFile in Spring Boot
  21. How do I run a spring boot executable jar in a Production environment?
  22. How do I create beans programmatically in Spring Boot?
  23. How to set a Spring Boot property with an underscore in its name via Environment Variables?
  24. How to re-create database before each test in Spring?
  25. Table ‘DBNAME.hibernate_sequence’ doesn’t exist
  26. Spring’s @RequestParam with Enum
  27. How do you configure Embedded MongDB for integration testing in a Spring Boot application?
  28. What does Cookie CsrfTokenRepository.withHttpOnlyFalse () do and when to use it?
  29. Externalize query in spring boot application
  30. disabling spring security in spring boot app [duplicate]

Leave a Comment