Spring Boot 006: Encrypt/Decrypt Application Properties via Jasypt
Previous article: Spring Boot 005: Swagger 3.0 Implementation
Hello. In this article, I’ll be implementing encryption and decryption of application properties via Jasypt. It’s one of the simplest security practices that you can apply to a Spring Boot application. So let’s.
Jasypt(Java Simplified Encryption) is a Java library that allows the developer to add basic encryption capabilities to projects with minimum effort, and without the need of having deep knowledge of how cryptography works.
0. Prerequisites
To encrypt a value via Jasypt, we’ll be using some CLI (Command Line Interface) tools that have been supplied by Jasypt. You can simply download these from the project’s Github repository.
1. Encryption
The file we’ve downloaded provides a couple of executable scripts under the “/bin/” folder depending on the platform.
- MacOS, Linux -> *.sh
- Windows -> *.bat
Depending on your platform either open up a new terminal or Command Prompt window and cd to the “bin” folder.
cd /Users/burak/Documents/DEV/tools/jasypt-1.9.3/bin
pwd
ls -ltr
*To be able to execute .sh files run the command below:
chmod -R +x .To encrypt a value via Jasypt, we’ll be executing “encrypt.sh” (or “encrypt.bat”) by passing the following parameters:
- input: Value to be encrypted.
- password: Password to be used in encryption and decryption process’.
The project I’m using for this article series have the following properties:
spring.boot.admin.client.password=notSoSecurePasswordSo let’s encrypt these by the following command:
bin ./encrypt.sh password=order66 input=notSoSecurePassword
# output -> T+f4+hGSjLgq9vAJp7bSmaWJQcOnz8MB9rBnM0EdMpk=
That’s all. As you can see encryption is really that simple with Jasypt.
Algorithm
By default, Jasypt uses the “PBEWithMD5AndDES” algorithm. However, this one may not be suitable for your project or can’t meet your project’s needs.
Let’s list the algorithms supported by Jasypt on the environment.
# *.sh
./listAlgorithms.sh# *.bat
listAlgorithms.bat
To use another algorithm you’ll need to pass the following parameter:
- algorithm: Specifies the algorithm that’ll be used in the encryption and decryption process’.
I’ll be using the “PBEWITHMD5ANDTRIPLEDES” algorithm for this article.
./encrypt.sh algorithm=PBEWITHMD5ANDTRIPLEDES password=order66 input=notSoSecurePassword
# output -> lyob1RLQ6wCmvZwuzF9QLq5QmcSdPJmx1UsClqKiQLs=
Let’s wrap up the encryption section.
Property to be encrypted: spring.boot.admin.client.password
Property value to be encrypted: notSoSecurePasswordJasypt algorithm: PBEWITHMD5ANDTRIPLEDES
Jasypt password: order66Encrpyted value: lyob1RLQ6wCmvZwuzF9QLq5QmcSdPJmx1UsClqKiQLs=
Let’s move onto the next part: Applying all these.
2. Spring Boot implementation
We’ll be adding the following dependency to our pom.xml file.
<dependency>
<groupId>com.github.ulisesbocchio</groupId>
<artifactId>jasypt-spring-boot-starter</artifactId>
<version>2.0.0</version>
</dependency>We’ll be updating the “application.properties” file with the encrypted value. To do so, simply replace the current value with ENC({encryptedValue}).
spring.boot.admin.client.password=ENC(lyob1RLQ6wCmvZwuzF9QLq5QmcSdPJmx1UsClqKiQLs=)When you run the application Jasypt detects that there is a property with the ENC() prefix. So it’ll try to decrypt the value.
If you run the application you’ll see the following error message:
***************************
APPLICATION FAILED TO START
***************************Description:Failed to bind properties under 'spring.boot.admin.client.password' to java.lang.String:Reason: Required Encryption configuration property missing: jasypt.encryptor.passwordAction:Update your application's configuration
Since we didn’t provide the password for Jasypt decryption, the application failed to start.
To pass these parameters edit your Run/Debug Configuration as following:
-Djasypt.encryptor.algorithm=PBEWITHMD5ANDTRIPLEDES
-Djasypt.encryptor.password=order66
That’s it. You’re now able to run the application with an encrypted property.
3. Conclusion
As the name implies Jaspyt made encryption simple. Jasypt has a lot more features that you can check out on the library’s official website.
