I need to Encrypt the Database password that is there in our bootstrap.yml file and for this we decided to go with -
jasypt
I am using jasypt 1.18 version with spring boot 1.5.13 release.
The latest version of jasypt-spring-boot:2.1.1 does not support spring boot 1.5.13 release and hence i am going with the older version.
My requirement is to have the secret key in a file which is copied to the image during Image creation and the path to it is set in bootstrap.yml
Asymmetric encryption is not possible as again this is present in the latest jar.
Please suggest a way on how to achieve this ?
===============================================================
There were 3 different approaches provided by jaspyt to ecrypt the password. I tried the First two approaches and I was able to Encrypt/Decrypt succesfully but the problem is the secret key has to be passed as an enviroment or system property.
The third approach was using Custom JASYPT Encryptor. I thought this solution was what i was looking for where I can have the password kept in an external file and to pass the path from bootstrap.yml.
pom.xml
<dependency>
<groupId>com.github.ulisesbocchio</groupId>
<artifactId>jasypt-spring-boot-starter</artifactId>
<version>1.18</version>
</dependency>
Configuration class
@Bean(name = "encryptorBean")
public StringEncryptor stringEncryptor() {
PooledPBEStringEncryptor encryptor = new PooledPBEStringEncryptor();
SimpleStringPBEConfig config = new SimpleStringPBEConfig();
\\ will add code here to get the password from the file
config.setPassword("Read from a file");
config.setAlgorithm("PBEWithMD5AndDES");
config.setKeyObtentionIterations("1000");
config.setPoolSize("1");
config.setProviderName("SunJCE");
config.setSaltGeneratorClassName("org.jasypt.salt.RandomSaltGenerator");
config.setStringOutputType("base64");
encryptor.setConfig(config);
return encryptor;
}
bootstrap.yml
jasypt:
encryptor:
bean: encryptorBean
With this code i am getting the following exception -
Caused by: java.lang.IllegalStateException: Required Encryption configuration property missing: jasypt.encryptor.password
at com.ulisesbocchio.jasyptspringboot.encryptor.DefaultLazyEncryptor.getRequiredProperty(DefaultLazyEncryptor.java:70) ~[jasypt-spring-boot-1.18.jar:na]
at com.ulisesbocchio.jasyptspringboot.encryptor.DefaultLazyEncryptor.createDefault(DefaultLazyEncryptor.java:45) ~[jasypt-spring-boot-1.18.jar:na]
at com.ulisesbocchio.jasyptspringboot.encryptor.DefaultLazyEncryptor.lambda$new$2(DefaultLazyEncryptor.java:34) ~[jasypt-spring-boot-1.18.jar:na]
at java.util.Optional.orElseGet(Unknown Source) ~[na:1.8.0_191]
at com.ulisesbocchio.jasyptspringboot.encryptor.DefaultLazyEncryptor.lambda$new$3(DefaultLazyEncryptor.java:32) ~[jasypt-spring-boot-1.18.jar:na]
at com.ulisesbocchio.jasyptspringboot.util.Singleton.lambda$new$1(Singleton.java:20) ~[jasypt-spring-boot-1.18.jar:na]
at com.ulisesbocchio.jasyptspringboot.util.Singleton.get(Singleton.java:31) ~[jasypt-spring-boot-1.18.jar:na]
at com.ulisesbocchio.jasyptspringboot.encryptor.DefaultLazyEncryptor.decrypt(DefaultLazyEncryptor.java:82) ~[jasypt-spring-boot-1.18.jar:na]
at com.ulisesbocchio.jasyptspringboot.resolver.DefaultPropertyResolver.resolvePropertyValue(DefaultPropertyResolver.java:35) ~[jasypt-spring-boot-1.18.jar:na]
at com.ulisesbocchio.jasyptspringboot.resolver.DefaultLazyPropertyResolver.resolvePropertyValue(DefaultLazyPropertyResolver.java:41) ~[jasypt-spring-boot-1.18.jar:na]
at com.ulisesbocchio.jasyptspringboot.EncryptablePropertySource.getProperty(EncryptablePropertySource.java:16) ~[jasypt-spring-boot-1.18.jar:na]
at com.ulisesbocchio.jasyptspringboot.wrapper.EncryptableMapPropertySourceWrapper.getProperty(EncryptableMapPropertySourceWrapper.java:29) ~[jasypt-spring-boot-1.18.jar:na]
at org.springframework.boot.bind.PropertySourcesPropertyValues.getEnumerableProperty(PropertySourcesPropertyValues.java:166) ~[spring-boot-1.5.13.RELEASE.jar:1.5.13.RELEASE]
at org.springframework.boot.bind.PropertySourcesPropertyValues.processEnumerablePropertySource(PropertySourcesPropertyValues.java:149) ~[spring-boot-1.5.13.RELEASE.jar:1.5.13.RELEASE]
at org.springframework.boot.bind.PropertySourcesPropertyValues.processPropertySource(PropertySourcesPropertyValues.java:128) ~[spring-boot-1.5.13.RELEASE.jar:1.5.13.RELEASE]
at org.springframework.boot.bind.PropertySourcesPropertyValues.<init>(PropertySourcesPropertyValues.java:118) ~[spring-boot-1.5.13.RELEASE.jar:1.5.13.RELEASE]
at org.springframework.boot.bind.PropertiesConfigurationFactory.getPropertySourcesPropertyValues(PropertiesConfigurationFactory.java:331) ~[spring-boot-1.5.13.RELEASE.jar:1.5.13.RELEASE]
at org.springframework.boot.bind.PropertiesConfigurationFactory.doBindPropertiesToTarget(PropertiesConfigurationFactory.java:285) ~[spring-boot-1.5.13.RELEASE.jar:1.5.13.RELEASE]
at org.springframework.boot.bind.PropertiesConfigurationFactory.bindPropertiesToTarget(PropertiesConfigurationFactory.java:250) ~[spring-boot-1.5.13.RELEASE.jar:1.5.13.RELEASE]
at org.springframework.boot.context.properties.ConfigurationPropertiesBindingPostProcessor.postProcessBeforeInitialization(ConfigurationPropertiesBindingPostProcessor.java:331) ~[spring-boot-1.5.13.RELEASE.jar:1.5.13.RELEASE]
... 58 common frames omitted
Why is it asking for a jasypt.encryptor.password when i am actually using the custom encryptor approach where i have defiend the bean "encryptorBean" in the bootstrap.yml
==========================================================
I also went through Github where a similar issue was raised where they have told to use below dependency but with this approach I am not even able to load the jasypt.
<dependency>
<groupId>com.github.ulisesbocchio</groupId>
<artifactId>jasypt-spring-boot</artifactId>
<version>1.18</version>
</dependency>
https://github.com/ulisesbocchio/jasypt-spring-boot/issues/79
