Spring encrypt and decrypt API key in properties file

Question

Original Question

I have a properties file located in Tomcat and a properties file for testing located in src/test/resources.

At the moment I have the following setup. My properties files are loaded in my XML files config.xml

<?xml version="1.0" encoding="UTF-8"?>
<!-- Repository and Service layers -->
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p"
    xmlns:cache="http://www.springframework.org/schema/cache"
    xmlns:context="http://www.springframework.org/schema/context" xmlns:tx="http://www.springframework.org/schema/tx"
    xsi:schemaLocation="
    http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
    http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
    http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd
    http://www.springframework.org/schema/cache http://www.springframework.org/schema/cache/spring-cache.xsd">

    <!-- ========================= RESOURCE DEFINITIONS ========================= -->

    <context:component-scan base-package="be.omniatravel.service" />
    <context:property-placeholder 
        location="file:${catalina.base}/conf/omniatravel.properties"
        ignore-unresolvable="true" />
        

    <tx:annotation-driven />

</beans>

test-config.xml

<?xml version="1.0" encoding="UTF-8"?>
<!-- Repository and Service layers -->
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p"
    xmlns:cache="http://www.springframework.org/schema/cache"
    xmlns:context="http://www.springframework.org/schema/context" xmlns:tx="http://www.springframework.org/schema/tx"
    xsi:schemaLocation="
    http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
    http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
    http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd
    http://www.springframework.org/schema/cache http://www.springframework.org/schema/cache/spring-cache.xsd">

    <!-- ========================= RESOURCE DEFINITIONS ========================= -->

    <context:component-scan base-package="be.omniatravel.service" />
    <context:property-placeholder 
        location="classpath:omniatravel_test.properties"
        ignore-unresolvable="true" />
        

    <tx:annotation-driven />

</beans>

And I am able to access these values by doing placing this in my Java files

public class SunnycarsClient extends WebServiceGatewaySupport {

    @Value("${sunnycars.serviceUri}")
    private String uri; // provided by the webservice
    
    @Value("${sunnycars.operatingKey}")
    private String key; // provide by the webservice
    
    @Value("${sunnycars.passphrase}")
    private String passphrase; // provided by the webservice

}

At the moment the operatingKey and passphrase are stored in these properties as plane text. I want to store them as an encrypted value to minimize the risk and still be able to access in the way I do now.

Update 1

So what i did now is replace the content of config.xml to

<?xml version="1.0" encoding="UTF-8"?>
<!-- Repository and Service layers -->
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p"
    xmlns:cache="http://www.springframework.org/schema/cache"
    xmlns:context="http://www.springframework.org/schema/context" xmlns:tx="http://www.springframework.org/schema/tx"
    xsi:schemaLocation="
    http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
    http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
    http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd
    http://www.springframework.org/schema/cache http://www.springframework.org/schema/cache/spring-cache.xsd">

    <!-- ========================= RESOURCE DEFINITIONS ========================= -->

    <context:component-scan base-package="be.omniatravel.service" />

    <!-- bean definitions -->

    <bean
        class="org.jasypt.spring.properties.EncryptablePropertyPlaceholderConfigurer">
        <constructor-arg>
            <bean class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor">
                <property name="config">
                    <bean class="org.jasypt.encryption.pbe.config.EnvironmentStringPBEConfig">
                        <property name="algorithm" value="PBEWithMD5AndDES" />
                        <property name="passwordEnvName" value="APP_ENCRYPTION_PASSWORD" />
                    </bean>
                </property>
            </bean>
        </constructor-arg>
        <property name="locations">
            <list>
                <value>file:${catalina.base}/conf/omniatravel.properties</value>
            </list>
        </property>
    </bean>

    <bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource"
        destroy-method="close">
        <property name="sunnycarsMarshallerUri">
            <value>${sunnycars.marshallerUri}</value>
        </property>
        <property name="sunnycarsServiceUri">
            <value>${sunnycars.serviceUri}</value>
        </property>
        <property name="sunnycarsContextPath">
            <value>${sunnycars.contextPath}</value>
        </property>
        <property name="sunnycarsOperatingKey">
            <value>${sunnycars.operatingKey}</value>
        </property>
        <property name="sunnycarsPassphrase">
            <value>${sunnycars.passphrase}</value>
        </property>
    </bean>

    <tx:annotation-driven />

</beans>

But it's still not clear to me how I should access these from my Java code.

Also in the propeties files I should replace sunnycars.operatingKey = THE_KEY with sunnycars.operatingKey = enc(ENCRYPTED_KEY), but how do you get the ENCRYPTED_KEY value?

Answer 1

First you have to download jasypt1.9* toolkit from http://www.jasypt.org/

and Try to run encrypt.dat file with following command in cmd like

encrypt.date input=[YOUR PROPERTY FILE VALUE] password=[encryption key value] it will generate output of encrypted value which you need to replace at properties file with

=ENC(output encrypted value)

 .. 

        <bean class="org.jasypt.encryption.pbe.config.EnvironmentStringPBEConfig">
                  <property name="algorithm" value="PBEWithMD5AndDES" />
                  <property name="password" value="APP_ENCRYPTION_PASSWORD" />
       </bean> ..

you can also hardcode password at class file and assign to bean as well

<bean class="org.jasypt.encryption.pbe.config.EnvironmentStringPBEConfig">
                  <property name="algorithm" value="PBEWithMD5AndDES" />
                  <property name="password" value="#Key.keyValue}" />
       </bean> 

where Key.keyValue is Static method of Key class.

Answer 2

Take a look on Jasypt. It supports encrypted properties (http://www.jasypt.org/spring31.html).