An Unforgettable Growth Journey
Introduction to Jasypt
Jasypt is a java library that allows a developer to add basic encryption functionality to his/her project with minimal effort and does not require a deep understanding of how encryption works
High-security, standards-based encryption technology for one-way and two-way encryption. Encrypt passwords, text, numbers, binary files...
Suitable for integration into Spring-based applications, open API, for any JCE provider...
Add the following dependencies:
<dependency>
<groupId>com.github.ulisesbocchio</groupId>
<artifactId>jasypt-spring-boot-starter</artifactId>
<version>2.1.1</version>
</dependency>
Jasypt benefits
To protect the security of our system, even if the code is leaked, the absolute security of the data source can be guaranteed.
Application Scenario
Encrypt all account passwords in the configuration file, and encrypt the things you want to encrypt.
How to use
The account or password is encrypted and decrypted by the key, and the ciphertext is decrypted when the project starts.
Actual use
Encryption and decryption tools
import org.jasypt.util.text.BasicTextEncryptor;
/********************************************************************************
** @author : ZYJ
** @date :2023/04/26
** @description :Jasypt加密解密
*********************************************************************************/
public class Jasypt {
public static void main(String[] args) {
BasicTextEncryptor basicTextEncryptor = new BasicTextEncryptor();
//加密的密钥
basicTextEncryptor.setPassword("Jasypt");
//密码进行加密
String encrypt = basicTextEncryptor.encrypt("密码:123456");
//密码进行解密
String decrypt = basicTextEncryptor.decrypt(encrypt);
//结果输出
System.out.println("加密后的结果:"+encrypt);
System.out.println("加密后的结果:"+decrypt);
}
}
Modify the configuration file, encrypt the database account password, include the ciphertext with ENC(), put it in brackets, and use the meaning of ENC() to decrypt and load at startup.
Configure the key in the configuration file application.yml , and use the specified key to decrypt
jasypt:
encryptor:
password: Jasypt
However, this method is not advisable. The code leakage account password is no different from the plain text. You can configure the key in the environment variable and load it directly as a system environment variable! !
The key is specified through the environment variable, modify the configuration file, replace the key with the environment variable name, in the form of ${environment variable name}, and find the variable value through the environment variable name at startup, which is our key! ! !
jasypt:
encryptor:
#环境变量变量名称
password: ${JASYPT_PASSWORD}
Windows environment variable way to specify
Note: After configuring the environment variables in windows, you need to close IDEA and reopen it to let it load the environment variables.
Linux environment variable way to specify
Edit the environment variable file
vim /etc/profile
Add at the bottom
export JASYPT_PASSWORD=Jasypt
Save and exit to refresh environment variables
source /etc/profile
Conclusion: Complete encryption and decryption for MySQL, Redis and other account passwords and addresses in the code to better protect our system.