Spring Boot 如何在属性文件中隐藏密码 [英] Spring Boot how to hide passwords in properties file

问题描述

Spring Boot 使用属性文件，至少默认情况下，密码是纯文本的.是否有可能以某种方式隐藏/解密这些?

解决方案

您可以使用 Jasypt 来加密属性，这样您就可以拥有这样的属性:

db.password=ENC(XcBjfjDDjxeyFBoaEPhG14wEzc6Ja+Xx+hNPrJyQT88=)

Jasypt 允许您使用不同的算法对您的属性进行加密，一旦您获得了放入 ENC(...) 中的加密属性.例如，您可以使用终端通过 Jasypt 以这种方式进行加密:

encrypted-pwd$ java -cp ~/.m2/repository/org/jasypt/jasypt/1.9.2/jasypt-1.9.2.jar org.jasypt.intf.cli.JasyptPBEStringEncryptionCLI input="contactspassword" 密码=supersecretz 算法=PBEWithMD5AndDES-  - 环境 -  -  -  -  -  -  -  - -运行时:Oracle Corporation Java HotSpot(TM) 64 位服务器 VM 24.45-b08----参数-------------------算法:PBEWithMD5AndDES输入:联系人密码密码:supersecretz-  - 输出 -  -  -  -  -  -  -  -  -  -  -XcBjfjDDjxeyFBoaEPhG14wEzc6Ja+Xx+hNPrJyQT88=

要使用 Spring Boot 轻松配置它，您可以使用它的启动器 jasypt-spring-boot-starter 和组 IDcom.github.ulisesbocchio

请记住，您需要使用用于加密属性的相同密码来启动您的应用程序.因此，您可以通过以下方式启动您的应用:

mvn -Djasypt.encryptor.password=supersecretz spring-boot:run

或者使用环境变量(感谢spring boot轻松绑定):

export JASYPT_ENCRYPTOR_PASSWORD=supersecretzmvn spring-boot:run

您可以查看以下链接了解更多详情:

https://www.ricston.com/blog/encrypting-properties-in-spring-boot-with-jasypt-spring-boot/

要在您的应用程序中使用您的加密属性，只需像往常一样使用它，使用您喜欢的任何一种方法(Spring Boot 连接魔法，无论如何该属性当然必须在类路径中):

使用@Value注解

@Value("${db.password}")私人字符串密码；

或者使用Environment

@Autowired私人环境环境；公共无效doSomething(环境env){System.out.println(env.getProperty("db.password"));}

更新:对于生产环境，避免在命令行中暴露密码，因为您可以使用ps查询进程，使用history等查询以前的命令等.你可以:

• 创建一个这样的脚本:touch setEnv.sh
• 编辑setEnv.sh 以导出JASYPT_ENCRYPTOR_PASSWORD 变量<块引用>

  #!/bin/bash

  导出 JASYPT_ENCRYPTOR_PASSWORD=supersecretz

• 使用 执行文件.setEnv.sh
• 使用 mvn spring-boot:run &
在后台运行应用程序
• 删除文件setEnv.sh
• 取消设置先前的环境变量:unset JASYPT_ENCRYPTOR_PASSWORD

Spring Boot uses the properties file, and at least by default, the passwords are in plain text. Is it possible to somehow hide/decrypt these?

解决方案

You can use Jasypt to encrypt properties, so you could have your property like this:

db.password=ENC(XcBjfjDDjxeyFBoaEPhG14wEzc6Ja+Xx+hNPrJyQT88=)

Jasypt allows you to encrypt your properties using different algorithms, once you get the encrypted property you put inside the ENC(...). For instance, you can encrypt this way through Jasypt using the terminal:

encrypted-pwd$ java -cp ~/.m2/repository/org/jasypt/jasypt/1.9.2/jasypt-1.9.2.jar  org.jasypt.intf.cli.JasyptPBEStringEncryptionCLI input="contactspassword" password=supersecretz algorithm=PBEWithMD5AndDES

----ENVIRONMENT-----------------

Runtime: Oracle Corporation Java HotSpot(TM) 64-Bit Server VM 24.45-b08



----ARGUMENTS-------------------

algorithm: PBEWithMD5AndDES
input: contactspassword
password: supersecretz



----OUTPUT----------------------

XcBjfjDDjxeyFBoaEPhG14wEzc6Ja+Xx+hNPrJyQT88=

To easily configure it with Spring Boot you can use its starter jasypt-spring-boot-starter with group ID com.github.ulisesbocchio

Keep in mind, that you will need to start your application using the same password you used to encrypt the properties. So, you can start your app this way:

mvn -Djasypt.encryptor.password=supersecretz spring-boot:run

Or using the environment variable (thanks to spring boot relaxed binding):

export JASYPT_ENCRYPTOR_PASSWORD=supersecretz
mvn spring-boot:run

You can check below link for more details:

https://www.ricston.com/blog/encrypting-properties-in-spring-boot-with-jasypt-spring-boot/

To use your encrypted properties in your app just use it as usual, use either method you like (Spring Boot wires the magic, anyway the property must be of course in the classpath):

Using @Value annotation

@Value("${db.password}")
private String password;

Or using Environment

@Autowired
private Environment environment;

public void doSomething(Environment env) {
    System.out.println(env.getProperty("db.password"));
}

Update: for production environment, to avoid exposing the password in the command line, since you can query the processes with ps, previous commands with history, etc etc. You could:

• Create a script like this: touch setEnv.sh
• Edit setEnv.sh to export the JASYPT_ENCRYPTOR_PASSWORD variable

  #!/bin/bash

  export JASYPT_ENCRYPTOR_PASSWORD=supersecretz

• Execute the file with . setEnv.sh
• Run the app in background with mvn spring-boot:run &
• Delete the file setEnv.sh
• Unset the previous environment variable with: unset JASYPT_ENCRYPTOR_PASSWORD

这篇关于Spring Boot 如何在属性文件中隐藏密码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！