Springboot中使用jasypt加密数据库账号和密码
一、jasypt单元测试
1.pom.xml
<!--jasypt start-->
<dependency>
<groupId>com.github.ulisesbocchio</groupId>
<artifactId>jasypt-spring-boot-starter</artifactId>
<version>2.1.1</version>
</dependency>
<!--jasypt end-->
2.代码测试
import org.jasypt.util.text.BasicTextEncryptor;
public class MainTest {
public static void main(String[] args) {
BasicTextEncryptor encryptor = new BasicTextEncryptor();
encryptor.setPassword("123456");
//encrypt
String encryptStr = encryptor.encrypt("jdbc:mysql://127.0.0.1:3306/test");
System.out.println(encryptStr);
//decrypt
String decryptStr = encryptor.decrypt(encryptStr);
System.out.println(decryptStr);
}
}
二、springboot工程改造
1.application.yml
增加以下配置
jasypt:
encryptor:
password: 123456
2.修改数据库的信息为加密后的
通过上面的单元测试进行代码的加密准备加密码后的内容,然后修改application.yml
ENC(加密后的内容)
spring:
datasource:
type: com.alibaba.druid.pool.DruidDataSource
driver-class-name: com.mysql.cj.jdbc.Driver
url: ENC(liv2fQoIdJgHsyEr8fUJa/xpZIjdU/zh8K5xynfSZUEztmCs/XHF6SWyehz9m/AwUt0FvporVpJ0J4QMPT7eXe+NhrOBvvFVmi92Hm3qgQvgHDLd6idA5KPZxMWCrFh5JKkYitrjez6cKbLIX7eHgh7Q0VHyWKlXNZsC5B7mAUz3TpuqhtSH1VEXaCoRvjRP)
username: ENC(ZemuWcMblKQ/Rqvv2u1WHA==)
password: ENC(aav8i+fJpPkdu1vN3zZepA==)
3.重启springboot
修改完配置后,直接重启springboot就可生效。
如果觉得不安全,不想直接在application.yml配置jasypt.encryptor.password
可通过启动命令行指定password(也不怎么安全,能通过进程命令看得到),
java -jar -Djasypt.encryptor.password=123456 xxxxxx.jar
或通过控制台输入(最安全,需要人工介入)
public static void main(String[] args) {
Scanner in = new Scanner(System.in);
System.out.println("input password:");
String password = "";
if(in.hasNextLine()){
password = in.nextLine();
}
in.close();
System.setProperty("jasypt.encryptor.password",password);
SpringApplication.run(DemoApplicationStart.class, args);
}