Red Hat Summit Red Hat SummitSuporteConsoleDesenvolvedoresComeçar um testeContato

Este conteúdo não está disponível no idioma selecionado.

Chapter 4. How to use encrypted property placeholders in Spring Boot

When securing a container it is not recommended to use the plain text passwords in configuration files. One way to avoid using plain text passwords is to use encrypted property placeholders whenever possible.

4.1. About the master password for encrypting values
Copiar o link

To use Jasypt to encrypt a value, a master password is required. It is up to you or an administrator to choose the master password. Jasypt provides several ways to set the master password. Jasypt can be integrated into the Spring configuration framework so that property values are decrypted as the configuration file is loaded. One way is to specify the master password in plain text in a Spring boot configuration.

Spring uses the PropertyPlaceholder framework to replace tokens with values from a properties file, and Jasypt’s approach replaces the PropertyPlaceholderConfigurer class with one that recognizes encrypted strings and decrypts them.

Example

<bean id="propertyPlaceholderConfigurer"
      class="org.jasypt.spring.properties.EncryptablePropertyPlaceholderConfigurer">
  <constructor-arg ref="configurationEncryptor" />
  <property name="location" value="/WEB-INF/application.properties" />
</bean>

<bean id="configurationEncryptor" class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor">
  <property name="config" ref="environmentVariablesConfiguration" />
</bean>

<bean id="environmentVariablesConfiguration"
      class="org.jasypt.encryption.pbe.config.EnvironmentStringPBEConfig">
  <property name="algorithm" value="PBEWithMD5AndDES" />
  <property name="password" value="myPassword" />
</bean>
Copy to Clipboard Toggle word wrap

Instead of specifying the master password in plain text, you can use an environment variable to set your master password. In the Spring Boot configuration file, specify this environment variable as the value of the passwordEnvName property. For example, if you set the MASTER_PW environment variable to your master password, then you would have this entry in your Spring Boot configuration file: 

<property name="passwordEnvName" value="MASTER_PW">
Copy to Clipboard Toggle word wrap

4.2. Using Encrypted Property Placeholders in Spring Boot
Copiar o link

By using Jasypt, you can provide encryption for the property sources and the application can decrypt the encrypted properties and retrieve the original values. Following procedure explains how to encrypt and decrypt the property sources in Spring Boot.

Procedure

  1. Add jasypt dependency to your project’s pom.xml file. 

    <dependency>
    <groupId>com.github.ulisesbocchio</groupId>
    <artifactId>jasypt-spring-boot-starter</artifactId>
    <version>3.0.3</version>
</dependency>
    Copy to Clipboard Toggle word wrap

  2. Add Maven repository to your project’s pom.xml. 

    <repository>
<id>jasypt-basic</id>
<name>Jasypt Repository</name>
<url>https://repo1.maven.org/maven2/</url>
</repository>
    Copy to Clipboard Toggle word wrap

  3. Add the Jasypt Maven plugin to your project as well as it allows you to use the Maven commands for encryption and decryption. 

    <plugin>
   <groupId>com.github.ulisesbocchio</groupId>
   <artifactId>jasypt-maven-plugin</artifactId>
   <version>3.0.3</version>
 </plugin>
    Copy to Clipboard Toggle word wrap

  4. Add the plugin repository to pom.xml. 

    <pluginRepository>
   <id>jasypt-basic</id>
   <name>Jasypt Repository</name>
   <url>https://repo1.maven.org/maven2/</url>
</pluginRepository>
    Copy to Clipboard Toggle word wrap

  5. To encrypt the username and password listed in the application.properties file, wrap these values inside DEC() as shown below. 

    spring.datasource.username=DEC(root)
spring.datasource.password=DEC(Password@1)
    Copy to Clipboard Toggle word wrap

  6. Run the following command to encrypt the username and password. 

    mvn jasypt:encrypt -Djasypt.encryptor.password=mypassword
    Copy to Clipboard Toggle word wrap

    This replaces the DEC() placeholders in the application.properties file with the encrypted value, for example, 

    spring.datasource.username=ENC(3UtB1NhSZdVXN9xQBwkT0Gn+UxR832XP+tOOfFTlNL57FiMM7BWPRTeychVtLLhB)
spring.datasource.password=ENC(4ErqElyCHjjFnqPOCZNAaTdRC7u7yJSy16UsHtVkwPIr+3zLyabNmQwwpFo7F7LU)
    Copy to Clipboard Toggle word wrap

  7. To decrypt the credentials in the Spring application configuration file, run following command. 

    mvn jasypt:decrypt -Djasypt.encryptor.password=mypassword
    Copy to Clipboard Toggle word wrap

    This prints out the content of the application.properties file as it was before the encryption. However, this does not update the configuration file.

Voltar ao topo
Red Hat logoGithubredditYoutubeTwitter

Aprender

Experimente, compre e venda

Comunidades

Sobre a documentação da Red Hat

Ajudamos os usuários da Red Hat a inovar e atingir seus objetivos com nossos produtos e serviços com conteúdo em que podem confiar. Explore nossas atualizações recentes.

Tornando o open source mais inclusivo

A Red Hat está comprometida em substituir a linguagem problemática em nosso código, documentação e propriedades da web. Para mais detalhes veja o Blog da Red Hat.

Sobre a Red Hat

Fornecemos soluções robustas que facilitam o trabalho das empresas em plataformas e ambientes, desde o data center principal até a borda da rede.

Theme

© 2025 Red Hat