1. Introduce POM
<dependency>
<groupId>com.github.ulisesbocchio</groupId>
<artifactId>jasypt-spring-boot-starter</artifactId>
<version>2.0.0</version>
</dependency>
2. Generate ciphertext based on original text and secret key
After adding the dependency, a file jasypt-1.9.2.jar will be downloaded to the local maven repository path
Use the following commands to generate cipher text based on the original text (sensitive information) and secret key (custom)
java -cp jasypt-1.9.2.jar org.jasypt.intf.cli.JasyptPBEStringEncryptionCLI input=此处填写需要加密的原文 password=此处填写秘钥 algorithm=PBEWithMD5AndDES
The calculation result of the algorithm is different each time.
The decryption verification commands are as follows:
java -cp jasypt-1.9.2.jar org.jasypt.intf.cli.JasyptPBEStringDecryptionCLI input=加密之后的密文 password=秘钥 algorithm=PBEWithMD5AndDES
3. Add the generated ciphertext to the configuration file
Note that ENC() needs to be added, and the ciphertext is added in parentheses. Tell spring that this is the encrypted content and needs to be decrypted. E.g
spring.datasource.url=ENC(aHMBiWporNNBm3IwftEBu+1zA/v7JsO924+UR3MTxf2YNRBP/jZK1cb88YL/dxtYTxdKUyeWOatTCpZcCgQmwKQ7AIysILRC)
spring.datasource.username=ENC(WG7hK9Q3gi0CfSB560hSBQ==)
spring.datasource.password=ENC(EjmLk30zKbJbaxR0LJEXc2rjE7UwagRp)
Fourth, start the service
When starting the service, you need to specify the decryption key jasypt.encryptor.password
Command line startup mode:
java -Djasypt.encryptor.password=此处填写秘钥 -jar xxx.jar
If it is IDE startup, such as eclipse, you need to configure startup parameters as follows