Shulou(Shulou.com)06/02 Report--

Today, I will talk to you about the example analysis of Spring Boot configuration content encryption to achieve sensitive information protection. Many people may not know much about it. In order to make you understand better, the editor summarized the following content for you. I hope you can get something according to this article.

Why encrypt it?

Perhaps many beginners are not sensitive to the encryption of configuration information, because they are mainly exposed to local development and do not think too much about many security issues. In reality, our configuration file actually contains a large number of security-related sensitive information, such as: database account password, some service keys and so on. Once this information is leaked, it is quite dangerous for the important data assets of the enterprise. Therefore, it is a must for every mature development team to encrypt the sensitive information in these configuration files.

Step 1: create a basic Spring Boot project

Step 2: design a parameter and unit test to output this configuration information

Prepare the encrypted configuration:

Datasource.password=didispace.com

The unit test used to output configuration information:

Slf4j@SpringBootTestpublic class PropertiesTest {@ Value ("${datasource.password:}") private String password; @ Testpublic void test () {log.info ("datasource.password: {}", password);}}

When you execute this unit test, you output:

2021-08-13 22 com.didispace.chapter15.PropertiesTest 28V 45.506 INFO 70405-[main] com.didispace.chapter15.PropertiesTest: datasource.password: didispace.com

Encryption hasn't started here yet, so let's introduce encryption operation!

Step 3: introduce Spring Boot Starter provided by jasypt into pom.xml

Com.github.ulisesbocchio jasypt-spring-boot-starter 3.0.3

Add to the plug-in configuration:

Com.github.ulisesbocchio jasypt-maven-plugin 3.0.3

Step 4: add the password to be used for encryption in the configuration file

Jasypt.encryptor.password=didispace

At the same time, modify the content to be encrypted and wrap it with DEC (), such as:

Datasource.password=DEC (didispace.com)

Step 5: use the jasypt-maven-plugin plug-in to batch encrypt the contents of the DEC () package.

Execute the following command in the terminal:

Mvn jasypt:encrypt-Djasypt.encryptor.password=didispace

Note: here the-Djasypt.encryptor.password parameter must be the same as in the configuration file, otherwise the decryption will fail later.

After execution, re-examine the configuration file, and you can see that it automatically becomes

Datasource.password=

ENC (/ AL9nJENCYCh9Pfzdf2xLPsqOZ6HwNgQ3AnMybFAMeOM5GphZlOK6PxzozwtCm+Q)

Jasypt.encryptor.password=didispace

ENC (), like DEC (), is the identity provided by jasypt, which is used to identify the encrypted content and the content to be encrypted in parentheses, respectively.

If the current configuration file is already full of ENC () content, we can decrypt the configuration file and view the original information with the following command:

Mvn jasypt:decrypt-Djasypt.encryptor.password=didispace

This action does not modify the configuration file, but only outputs the decryption result in the console, such as:

Datasource.password=DEC (didispace.com)

Jasypt.encryptor.password=didispace

Step 6: at this point, the sensitive information in our configuration file has been modified by ENC (), and then run the unit test, and if nothing happens, you can still get the same result as before:

2021-08-13 22 com.didispace.chapter15.PropertiesTest 50 INFO 00.463 76150-[main] com.didispace.chapter15.PropertiesTest: datasource.password: didispace.com

At this point, the configuration file is already encrypted and sensitive information is protected.

After reading the above, do you have any further understanding of the example analysis of Spring Boot configuring content encryption to protect sensitive information? If you want to know more knowledge or related content, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.