CODEWITHSUNDEEP
sslspring-bootencryptionspring-security
Nagaraju Chitimilla
Nagaraju Chitimilla

Reputation: 610

How to encrypt server.ssl.key-store-password value and use it in SpringBoot

I would like to know is there anyway we can encrypt the server.ssl.key-store-password value and store it in application.properties file instead of storing it in plain text.

i couldn't find any documentation on this. Any help on this is highly appreciated.

Thanks in advance.

Upvotes: 10

Views: 10031

Answers (2)

suraj vijayakumar
suraj vijayakumar

Reputation: 57

You can use "jasypt-spring-boot-starter" for your need. All you to need to do are the following steps.

  1. Download the "jasypt-spring-boot-starter" from maven central repo.

    com.github.ulisesbocchio jasypt-spring-boot-starter x.x.x

  2. In your Spring Boot start file where the "@SpringBootApplication" annotation is located, just include "@EnableEncryptableProperties". A point to note here is that once you place encryptable properties annotation on the main start file, all the property files of your application will be loaded and scanned by Jaspyt module for any property value that is marked starting with "ENC".

  3. In your "application.properties" file there are few more configurations that needed to be added like below (all these are defaults and you can change these according to your requirement):

jasypt.encryptor.password=<Some password for encryption>
jasypt.encryptor.algorithm=PBEWITHHMACSHA256ANDAES_128
jasypt.encryptor.key-obtention-iterations=1000
jasypt.encryptor.pool-size=1
jasypt.encryptor.salt-generator-classname=org.jasypt.salt.RandomSaltGenerator
jasypt.encryptor.iv-generator-classname=org.jasypt.iv.RandomIvGenerator
jasypt.encryptor.string-output-type=base64

Once you are done with the above steps, now you can place your encrypted property value under the ENC(). Jasypt will scan values which are enclosed in ENC() and will try to decrypt the value.

For e.g. spring.datasource.password=ENC(tHe0atcRsE+uOTxt2GmFYPXNHREch9R/12qD082gw7vv6bby5Rk)

Upvotes: 0

Guy Grin
Guy Grin

Reputation: 2034

Spring allows you to encrypt the properties file but the key for that encryption needs to be kept somewhere. This answer suggest keeping them in environment variables and points to a guide about how to encrypt them if you still want to.

Upvotes: 2

Related Questions