jmirc
commented
10 years ago We could add it in the future if nobody will work on a PR
Closed jstradej closed 10 years ago
jmirc
commented
10 years ago We could add it in the future if nobody will work on a PR
jdubois
commented
10 years ago I see your point, but wouldn't the password need to be also in the application, so it can decrypt the properties? I don't really see how this could work in practice.
jstradej
commented
10 years ago I have my solution, but which are not perfect :(
In pom.xml add:
<dependency>
<groupId>org.jasypt</groupId>
<artifactId>jasypt</artifactId>
<version>1.9.2</version>
</dependency>@Configuration
public class JasyptConfiguration {
private final Logger log = LoggerFactory.getLogger(JasyptConfiguration.class);
public static final String ENCRYPTION_ALGORITHM = "encryption_algorithm";
public static final String ENCRYPTION_PASSWORD = "encryption_password";
@Bean
public StandardPBEStringEncryptor getStandardPBEStringEncryptor() {
StandardPBEStringEncryptor encryptor = new StandardPBEStringEncryptor();
String algorithm = System.getProperty(ENCRYPTION_ALGORITHM);
String encryptionPassword = System.getProperty(ENCRYPTION_PASSWORD);
if(StringUtils.isBlank(algorithm) && StringUtils.isBlank(encryptionPassword)) {
log.info("Jasypt disabled. Missing ENV variables " + ENCRYPTION_ALGORITHM + " and " + ENCRYPTION_PASSWORD + ".");
return null;
}
encryptor.setAlgorithm(algorithm);
encryptor.setPassword(encryptionPassword);
return encryptor;
}
}public class JasyptRelaxedPropertyResolver extends RelaxedPropertyResolver {
private final Logger log = LoggerFactory.getLogger(JasyptRelaxedPropertyResolver.class);
private StandardPBEStringEncryptor standardPBEStringEncryptor;
public JasyptRelaxedPropertyResolver(PropertyResolver resolver) {
super(resolver);
}
public JasyptRelaxedPropertyResolver(PropertyResolver resolver, String prefix) {
super(resolver, prefix);
}
public JasyptRelaxedPropertyResolver(PropertyResolver resolver, String prefix, StandardPBEStringEncryptor standardPBEStringEncryptor) {
super(resolver, prefix);
this.standardPBEStringEncryptor = standardPBEStringEncryptor;
}
@Override
public <T> T getProperty(String key, Class<T> targetType, T defaultValue) {
T value = super.getProperty(key, targetType, defaultValue);
if(targetType.equals(String.class)) {
String property = (String)value;
if (StringUtils.isNotBlank(property) && property.startsWith("ENC(") && standardPBEStringEncryptor != null) {
String s = StringUtils.substring(property, 4, -1);
try {
value = (T) standardPBEStringEncryptor.decrypt(s);
} catch (Exception e) {
log.error("Can't decrypt property {} fro key {} returning default value {}. Error: {}.", s, key, defaultValue, e.getMessage(), e);
value = defaultValue;
}
}
}
return value;
}
}@Configuration
public class MailConfiguration implements EnvironmentAware {
...
private RelaxedPropertyResolver propertyResolver;
@Inject
private StandardPBEStringEncryptor standardPBEStringEncryptor;
@Override
public void setEnvironment(Environment environment) {
this.propertyResolver = new JasyptRelaxedPropertyResolver(environment, ENV_SPRING_MAIL, standardPBEStringEncryptor);
}
...and add VM options:
-Dencryption_algorithm=PBEWithMD5AndDES -Dencryption_password=jasyptThere's still a bit of work to do, but this looks like a really good solution to me.
jdubois
commented
10 years ago Any update on this issue? I'm reluctant to add a new library.
abshkd
commented
7 years ago I'd like to reopen this. In Spring Cloud config server I can easily encrypt the config at rest. However simply specifying encrypt.key in bootstrap doesnt work in jhipster. using version 4.2.
Unless I missed something.
gmarziou
commented
7 years ago @abshkd commenting a 3 years old closed issue does not really help. Please open a new issue with details.
Is there any way to encrypt properties in the configuration file?
application-prod.yml:
In old project with Spring 3.1 and XML configuration I use Jasypt library.