SpringBoot整合jasypt實現(xiàn)敏感信息的加密詳解

第SpringBoot整合jasypt實現(xiàn)敏感信息的加密詳解目錄一、簡介二、導入依賴三、加密字段工具類四、application.yaml配置五、啟動類測試

一、簡介

在后端開發(fā)中有很多敏感信息，比如數(shù)據(jù)庫用戶名密碼，第三方Apikey，云服務商的secretKey等、如果不希望用明文在application.yml配置的，可以使用jasypt加密這些字段。

還有很重要的一點，如果你自己開源一些東西，將代碼上傳一些代碼托管平臺，肯定需要隱藏敏感信息，用jasypt加密可以簡化每次上傳下拉代碼修改敏感信息。

官方文檔，官方文檔使用方法描述得很清楚適用于各種情況，下面我簡單記錄一下加密MySQL用戶名密碼方法

二、導入依賴

dependencies

!--jasypt敏感數(shù)據(jù)加密，如：數(shù)據(jù)庫密碼，阿里云短信服務等--

dependency

groupIdcom.github.ulisesbocchio/groupId

artifactIdjasypt-spring-boot-starter/artifactId

version3.0.4/version

/dependency

!--mysql--

dependency

groupIdmysql/groupId

artifactIdmysql-connector-java/artifactId

version8.0.30/version

scoperuntime/scope

/dependency

!--mybatis-plus--

dependency

groupIdcom.baomidou/groupId

artifactIdmybatis-plus-boot-starter/artifactId

version3.5.2/version

/dependency

!--springboot啟動包--

dependency

groupIdorg.springframework.boot/groupId

artifactIdspring-boot-starter/artifactId

/dependency

/dependencies

三、加密字段工具類

加密mysql用戶名密碼，將用戶名密碼傳入fields數(shù)組，保存打印結(jié)果下面配置在application.yaml文件

publicclassJasyptUtil{

privatestaticPooledPBEStringEncryptorencryptor;

static{

encryptor=newPooledPBEStringEncryptor();

SimpleStringPBEConfigconfig=newSimpleStringPBEConfig();

config.setPassword("Thisisasecretkey");//秘鑰

config.setAlgorithm("PBEWithMD5AndDES");

//config.setAlgorithm("PBEWITHHMACSHA512ANDAES_256");

config.setKeyObtentionIterations("1000");

config.setPoolSize("1");

config.setProviderName("SunJCE");

config.setSaltGeneratorClassName("org.jasypt.salt.RandomSaltGenerator");

config.setIvGeneratorClassName("org.jasypt.iv.RandomIvGenerator");

config.setStringOutputType("base64");

encryptor.setConfig(config);

publicstaticvoidmain(String[]args){

//需要加密的字段

String[]fields={"root","123456"};

for(Stringfield:fields){

System.out.println(field+"----"+encryptorField(field));

publicstaticStringencryptorField(Stringfield){

returnencryptor.encrypt(field);

publicstaticStringdecryptField(Stringfield){

returnencryptor.decrypt(field);

}

可以看到加密過后的字符串如下

四、application.yaml配置

數(shù)據(jù)源用戶名密碼使用上面生成加密字段

spring:

datasource:

username:ENC(J5GOvO1FBgtiwEytIjU/4WdzHUgbJq/W)

password:ENC(SqCHgntWcYnthvtWGA3+GAycDle/qCBx)

driver-class-name:com.mysql.cj.jdbc.Driver

url:jdbc:mysql://localhost:3306/oauthserverTimezone=UTCuseUnicode=truecharacterEncoding=utf8

#jasypt敏感數(shù)據(jù)加密配置

#詳細用法可參考/ulisesbocchio/jasypt-spring-boot

jasypt:

encryptor:

password:123456#秘鑰，除了該項，下面都是默認值,該項建議設置JVM啟動參數(shù)，如：-Djasypt.encryptor.password=123456

algorithm:PBEWithMD5AndDES#加密算法

key-obtention-iterations:1000#迭代次數(shù)，值越大越復雜，相對越安全

pool-size:1

provider-name:SunJCE

salt-generator-classname:org.jasypt.salt.RandomSaltGenerator

iv-generator-classname:org.jasypt.iv.RandomIvGenerator

string-output-type:base64

proxy-property-sources:false

property:

prefix:ENC(#默認前綴

suffix:)#默認后綴

五、啟動類測試

查詢MySQL的user表打印用戶名和密碼

packagecom.ye;

importorg.springframework.boot.SpringApplication;

importorg.springframework.boot.autoconfigure.SpringBootApplication;

importorg.springframework.context.ConfigurableApplicationContext;

importjavax.sql.DataSource;

importjava.sql.Connection;

importjava.sql.PreparedStatement;

importjava.sql.ResultSet;

importjava.sql.SQLException;

@SpringBootApplication

publicclassTest2Application{

publicstaticvoidmain(String[]args)throwsSQLException{

ConfigurableApplicationContextcontext=SpringApplication.run(Test2Application.class,args);

DataSourcedataSource=(DataSource)context.getBean("dataSource");

Connectionconnection=dataSource.getConnection();

try{

PreparedStatementps=connection.prepareStatement("select*fromuser;");

ResultSetrs=ps.executeQuery();

System.out.println("----------user表數(shù)據(jù)-----------

while(rs.next()){

StringuserName=rs.getString("user_name");

Stringpassword=rs.getString("password");

System.out.printf("userName:%s,password:%s%n",userName,password);

}catch(SQLException