Process Spring Boot externalized property values

Question

I have the task of obfuscating passwords in our configuration files. While I don\'t think this is the right approach, managers disagree...

So the project I am workin

Answer 1

Inspired by @gogstad. Here is my major action in the spring boot project to encrypted my username and password and decrypted them in the project to work with tomcat:

1. In pom.xml file

    
        com.github.ulisesbocchio
        jasypt-spring-boot
        1.12
    
    …
    
        
            
                src/main/java
                
                **/*.properties
                **/*.xml
                
                ${project.build.directory}/classes
            
            
                src/main/resources
                
                    **/*.properties
                
                ${project.build.directory}/classes
        
    
    …
    

2. In App.java (Note:to deploy the decryted springboot on tomcat, you should add the @ServletComponentScan annotation and extends the SpringBootServletInitializer)

    @SpringBootApplication
    @ServletComponentScan
    @EnableEncryptableProperties
    @PropertySource(name="EncryptedProperties", value = "classpath:config/encrypted.properties")
    public class App extends SpringBootServletInitializer {
    public static void main(String[] args) throws Exception {
        SpringApplication.run(App.class, args);
        }

    }

3. Encrypted your username and password and fill the application.properties file with the result：

    java -cp ~/.m2/repository/org/jasypt/jasypt/1.9.2/jasypt-1.9.2.jar  org.jasypt.intf.cli.JasyptPBEStringEncryptionCLI input="mypassword" password=mykey algorithm=PBEWithMD5AndDES

output is like the demo below:

    java -cp ~/.m2/repository/org/jasypt/jasypt/1.9.2/jasypt-1.9.2.jar  org.jasypt.intf.cli.JasyptPBEStringEncryptionCLI input="mypassword" password=mykey algorithm=PBEWithMD5AndDES

    ----ENVIRONMENT-----------------

    Runtime: Oracle Corporation Java HotSpot(TM) 64-Bit Server VM 25.45-b02



    ----ARGUMENTS-------------------

    algorithm: PBEWithMD5AndDES
    input: mypassword
    password: mykey



    ----OUTPUT----------------------

    5XNwZF4qoCKTO8M8KUjRprQbivTkmI8H

4. under the directory src/main/resources/config add two properties file：

    a. application.properties
        spring.datasource.driver-class-name=com.mysql.jdbc.Driver
        spring.datasource.url=jdbc:mysql://xxx
        spring.datasource.username=ENC(xxx)
        spring.datasource.password=ENC(xxx)
        mybatis.mapper-locations=classpath:*/mapper/*.xml
        mybatis.type-aliases-package=com.xx.xxx.model
        logging.level.com.xx.xxx: DEBUG

    b. encrypted.properties
        jasypt.encryptor.password=mykey