November 23, 2018

How to encrypt values in application properties in spring boot application (using Jasypt)

Jasypt (Java Simplified Encryption) Spring Boot provides utilities for encrypting property sources in Boot applications. In this article, we’ll discuss how we can add jasypt-spring-boot‘s support and use it. For more information on using Jasypt as a framework for encryption, take a look at our Introduction to Jasypt here.

Why Jasypt?
Whenever we need to store sensitive information in the configuration file – that means we’re essentially making that information vulnerable; this includes any kind of sensitive information, such as credentials, but certainly a lot more than that.
By using Jasypt, we can provide encryption for the property file attributes and our application will do the job of decrypting it and retrieving the original value.
Unfortunately we can't use user personal values plain text in application.properties file.
Jasypt (Java Simplified Encryption) is a java library which allows the developer to add basic encryption capabilities to his/her projects with minimum effort, and without the need of having deep knowledge on how cryptography works.

First, add the related dependency to the project. I am using maven so I will add the maven dependency to my pom.xml
https://mvnrepository.com/artifact/com.github.ulisesbocchio/jasypt-spring-boot-starter

    com.github.ulisesbocchio
    jasypt-spring-boot-starter
    2.0.0

In the application.properties (or yaml), we will write our encrypted properties between parenthesis and put ENC keyword before it. Like;
MyProperty=ENC(23ClLWiedLx8v6XT6Wk+Bg==)

How to generate those encrpyted values? We will use Jasypt for that! Go to http://www.jasypt.org/ and download the latest version. When you are done, go into jasypt\bin and use the encrypt.sh or encrypt.bat to encrypt your variables. There are several algorithms to pick but I will leave it as default and only give my property value and secret to encrpyt it.

We only need to add @EnableConfigurationProperties annotation to our application and jasypt will automaticly detect encrypted values and decrypt them before they are being used. The CommandLineRunner I have added below is just to test the decryption mechanism.

@EnableEncryptableProperties
@SpringBootApplication
public class JasyptExampleApplication {

  public static void main(String[] args) {
    SpringApplication.run(JasyptExampleApplication.class, args);
  }
 
  @Component
  public class MyRunner implements CommandLineRunner {
   
    @Value("${myProperty}")
    private String myProperty;

    @Override
    public void run(String... args) throws Exception {
      System.out.println("My property is = " + myProperty);
    }
   
  }
}

But if you run your code like this, you will get the below error:
Error creating bean with name 'demo.JasyptExampleApplication$MyRunner': Injection of autowired dependencies failed; nested exception is java.lang.IllegalStateException: Required Encryption configuration property missing: jasypt.encryptor.password
This is because Jasypt needs to know the secret(password) to decrypt the property. We can tell this to our program several ways:
1- We can give it as a command line argument when running the application;
–jasypt.encryptor.password=MY_SECRET
2- We can set it as an environment variable, this is also useful when you are running your application on Tomcat. You can give it to Tomcat’s setenv.sh file;
export CATALINA_OPTS=”-Djasypt.encryptor.password=MY_SECRET”
You can also unset the environment variable after running the application, so there will be no doorway left behind, at least in a human-readable sense.
3- You can give it in application.properties but this might be the dumbest way as it has no difference with giving the property as plain text.
If you know a better way, write a comment below!


2018-04-25 14:03:26.948 INFO 10028 --- [ main] demo.JasyptExampleApplication : Started JasyptExampleApplication in 1.264 seconds (JVM running for 2.06)
My property is MBcoder


As you can see it picked up the PBEWithMD5AndDES algorithm as default value and with the given password, MY_SECRET, it successfully decrypted myProperty
I hope this article was useful, see you another time!

Reference:
https://www.baeldung.com/spring-boot-jasypt
http://mbcoder.com/spring-boot-how-to-encrypt-properties-in-application-properties/

No comments:

Post a Comment

I'm certainly not an expert, but I'll try my hardest to explain what I do know and research what I don't know.

My Favorite Site's List

#update below script more than 500 posts