jasypt-maven-plugin not taking jasypt bean/yml properties into account

[springfan]

jasypt-maven-plugin 3.0.2 jasypt-spring-boot-starter 3.0.2

The README gives several examples on how to configure jasypt-spring-boot with YAML properties.

But it seems that is not the case for commands like mvn jasypt:encrypt -Djasypt.encryptor.password=$MASTER_PASSWORD -Djasypt.encryptor.key-obtention-iterations=50000 -Djasypt.plugin.path="file:c:\Users\xxx\Desktop\Code\my-project\war\src\main\resources\application.yml"

Instead default values are loaded: [?[1;34mINFO?[m] String Encryptor custom Bean not found with name 'jasyptStringEncryptor'. Initializing Default String Encryptor

Edit: Same happens when my bean is declared:

    @Bean("jasyptStringEncryptor")
    public StringEncryptor stringEncryptor() {
        PooledPBEStringEncryptor encryptor = new PooledPBEStringEncryptor();
        SimpleStringPBEConfig config = new SimpleStringPBEConfig();
        String masterPassword = environment.getProperty("MASTER_PASSWORD");
        config.setPassword(masterPassword);
        config.setAlgorithm("PBEWITHHMACSHA512ANDAES_256");
        config.setKeyObtentionIterations("50000");
        encryptor.setConfig(config);
        return encryptor;
    }

Any ideas?

[rupert-madden-abbott]

The line "Initializing Default String Encryptor" means only that the default bean implementation is being used, as provided by the Spring auto-configuration. It means you haven't provided a bean in your configuration which overrides the default.

The default implementation takes properties from the standard locations (including system properties in your example) and uses them. Therefore, you should not interpret this line to imply that your configuration is being ignored (quite the opposite).

Underneath this log line, you will see more lines that specify which properties have not been found, and thus what default values have been used. For example, if you had not set the key-obtention-iterations, then you would see this line:

Encryptor config not found for property jasypt.encryptor.key-obtention-iterations, using default value: 100

In your example, you are setting this property so you should not see this line.

If you provide your own bean, then all of these properties are ignored since the intention is for you to be setting them yourself. However, Maven plugins have a separate classpath from your application code. Therefore, if you have declared this bean in your application, it will be invisible to the plugin and won't apply.

If you want to use a custom bean with the Maven plugin then you will have to add it into a separate Maven package, and then add that as a dependency when you declare the plugin in the pom. This is most useful if you have several projects that all use the same custom encryption configuration e.g. a team in a company managing several projects.

[ulisesbocchio]

@springfan you're missing: -Dspring.config.location="file:src/main/resources/application.yml"

[rupert-madden-abbott]

Above PR will fix this by no longer making it necessary to specify spring.config.location. Properties specifies in YAML (and other spring boot config found at src/main/resources) should be included by default now.