jooby: jasypt module

1. Jasypt

Decrypt configuration properties using http://www.jasypt.org

1.1. Usage

1) Add the dependency:

Maven

Gradle

<dependency>
  <groupId>io.jooby</groupId>
  <artifactId>jooby-jasypt</artifactId>
  <version>3.5.3</version>
</dependency>

implementation 'io.jooby:jooby-jasypt:3.5.3'

2) Setup properties:

application.conf

jasypt.password = password                              (1)

enc.property = "uTSqb9grs1+vUv3iN8lItC0kl65lMG+8"       (2)

3) Install

Java

Kotlin

import io.jooby.jasypt.JasyptModule;

{
  install(new JasyptModule());                          (3)

  String property = getConfig().getString("property");  (4)

  System.out.println(property);
}

import io.jooby.jasypt.JasyptModule

{
  install(JasyptModule())                               (3)

  val property = config.getString("property")           (4)

  println(property)
}

1	Configure jasypt password. Jasypt use this to encrypt/decrypt values
2	Prefix encrypted properties with `enc`
3	Install Jasypt
4	Get a decrypted property

Due Jasypt overrides configuration properties, must be installed at very beginning of the application. Once installed, you can access to decrypted properties.

By default, encrypted properties must be prefixed with enc, you can change this by setting your own/preferred prefix:

install(new JasyptModule().setPrefix("secret"));

Module also export an instance of PBEStringEncryptor:

Java

Kotlin

import io.jooby.jasypt.JasyptModule;

{
  install(new JasyptModule());

  PBEStringEncryptor encryptor = require(PBEStringEncryptor.class);
}

import io.jooby.jasypt.JasyptModule

{
  install(JasyptModule())

  val encryptor = require(PBEStringEncryptor::class)
}

1.1.1. Encrypting values

Jasypt offers a command line application for doing encryption.

Follow this guide to see how to use it.

1.1.2. Securing password

Password can be configured as application property. It is accessed using the jasypt.password property name. It is important to keep your password safe and private.

One simple way is to use a default password for development and override it with an environment variable. For example:

application.conf

jasypt.password = mypassword
jasypt.password = ${?JASYPT_PASSWORD}

Here Jasypt will use a default value of mypassword, unless an environment variable JASYPT_PASSWORD is set.

Another option is to keep the password in the file system. For that you need to provide your own password provider:

File password provider

{
  install(new JasyptModule(config -> {
    return new String(Files.path(Paths.get("mypassword"), UTF-8));
  }));
}

The password provider let you read password from multiple sources.

1.1.3. Options

Advanced configuration options are available from configuration file:

application.conf

jasypt.password = mypassword

jasypt.algorithm = PBEWithMD5AndDES
jasypt.keyObtentionIterations = 1000
jasypt.poolSize = 2
jasypt.ivGeneratorClassName = classname
jasypt.saltGeneratorClassName = org.jasypt.salt.RandomSaltGenerator
jasypt.providerName = SunJCE

A PooledPBEStringEncryptor encryptor is configured when poolSize is set.