1. Jasypt
Decrypt configuration properties using http://www.jasypt.org
1.1. Usage
1) Add the dependency:
<dependency>
<groupId>io.jooby</groupId>
<artifactId>jooby-jasypt</artifactId>
<version>3.5.5</version>
</dependency>
2) Setup properties:
jasypt.password = password (1)
enc.property = "uTSqb9grs1+vUv3iN8lItC0kl65lMG+8" (2)
3) Install
import io.jooby.jasypt.JasyptModule;
{
install(new JasyptModule()); (3)
String property = getConfig().getString("property"); (4)
System.out.println(property);
}
1 | Configure jasypt password. Jasypt use this to encrypt/decrypt values |
2 | Prefix encrypted properties with enc |
3 | Install Jasypt |
4 | Get a decrypted property |
Due Jasypt overrides configuration properties, must be installed at very beginning of the application. Once installed, you can access to decrypted properties.
By default, encrypted properties must be prefixed with enc
, you can change this by setting
your own/preferred prefix:
install(new JasyptModule().setPrefix("secret"));
Module also export an instance of PBEStringEncryptor
:
import io.jooby.jasypt.JasyptModule;
{
install(new JasyptModule());
PBEStringEncryptor encryptor = require(PBEStringEncryptor.class);
}
1.1.1. Encrypting values
Jasypt offers a command line application for doing encryption.
Follow this guide to see how to use it.
1.1.2. Securing password
Password can be configured as application property. It is accessed using the jasypt.password
property name. It is important to keep your password safe and private.
One simple way is to use a default password for development and override it with an environment variable. For example:
jasypt.password = mypassword
jasypt.password = ${?JASYPT_PASSWORD}
Here Jasypt will use a default value of mypassword
, unless an environment variable JASYPT_PASSWORD
is set.
Another option is to keep the password in the file system. For that you need to provide your own password provider:
{
install(new JasyptModule(config -> {
return new String(Files.path(Paths.get("mypassword"), UTF-8));
}));
}
The password provider let you read password from multiple sources.
1.1.3. Options
Advanced configuration options are available from configuration file:
jasypt.password = mypassword
jasypt.algorithm = PBEWithMD5AndDES
jasypt.keyObtentionIterations = 1000
jasypt.poolSize = 2
jasypt.ivGeneratorClassName = classname
jasypt.saltGeneratorClassName = org.jasypt.salt.RandomSaltGenerator
jasypt.providerName = SunJCE
A PooledPBEStringEncryptor
encryptor is configured when poolSize
is set.