password: ${DB_PASSWORD:ENC@[bxXEba+WWXFUqdxUkobtVw==]} nowt working

ulisesbocchio / jasypt-spring-boot

Jasypt integration for Spring boot

MIT License

2.91k stars 522 forks source link

password: ${DB_PASSWORD:ENC@[bxXEba+WWXFUqdxUkobtVw==]} nowt working #75

Closed sonersivri closed 6 years ago

sonersivri commented 6 years ago

password: ${DB_PASSWORD:ENC(bxXEba+WWXFUqdxUkobtVw==)} property default environment variable not working

sonersivri commented 6 years ago

com.ulisesbocchio.jasyptspringboot.detector.DefaultPropertyDetector.isEncrypted(String)

return (trimmedValue.startsWith(prefix) && trimmedValue.endsWith(suffix)); regex control not startsWith solves problem

ulisesbocchio commented 6 years ago

yeah, there is a sort of bug in Spring property resolvers that for some reason, when it looks for properties with default values, it does not resolve the default part of the property through the same mechanism of resolving a property and instead just resolves the default property value. The workaround you found is valid, otherwise another workaround is depicted in jasypt-spring-boot-demo-simple where this would work also:

defaultPassword=ENC(bxXEba+WWXFUqdxUkobtVw==)
password=${DB_PASSWORD:${defaultPassword}}

mwiede commented 5 years ago

the solution has one problem: if you have different master passwords for the defaultPassword and the encrypted password passed in as DB_PASSWORD, then the decryption will fail, because both values are tried being resolved.