资讯详情

SpringBoot敏感信息加密

1. 引入包

<dependency>         <groupId>com.github.ulisesbocchio</groupId>         <artifactId>jasypt-spring-boot-starter</artifactId>         <version>2.1.0</version> </dependency>

2. 配置加/解密码(加盐)salt)

# jasypt加密的密匙 jasypt:   encryptor:     password: Y6M9fAJQdU7jNp5MW

3. 在测试用例中生成加密的秘密钥匙

@RunWith(SpringRunner.class) @SpringBootTest public class DatabaseTest { 
              @Autowired     private StringEncryptor encryptor;      @Test     public void getPass() { 
                 String url = encryptor.encrypt("jdbc:mysql://localhost:3306/mydb?autoReconnect=true&serverTimezone=GMT+8&useUnicode=true&characterEncoding=utf-8");         String name = encryptor.encrypt("root");         String password = encryptor.encrypt("123456");         System.out.println("database url: "   url);         System.out.println("database name: " + name);
        System.out.println("database password: " + password);
        Assert.assertTrue(url.length() > 0);
        Assert.assertTrue(name.length() > 0);
        Assert.assertTrue(password.length() > 0);
    }
}

下面是输出加密字符串:

database url: 6Ut7iADnHS18cManoFJuNRQ5QEDfcho/F96SOhsHZdXlHYCa5PSrz6rk48I9eHB7qPp5AxDFBk9xi0I1hi6BJ0DSPYA9443gBAk5JDUxDufjUKsdh6knZJLNELmFJzYrDvCu4S0x22MYdZqJDLbyDUU2JcoezCvs156vmsPgU4A=
database name: fmai72yGYKGlP6vTtX77EQ==
database password: GPMG7FGV+EA9iGkC27u67A==

4. 将加密后的字符串替换原明文

applicatioin.yml
server:
  port: 8080
spring:
  
  datasource:
    driver-class-name: com.mysql.cj.jdbc.Driver
    
    url: ENC(h20YiPrvNnuuTGjlrE1RVpudMuIQAS6ZPSVo1SPiYVyLen7/TWI5rXVRkStA3MDcoVHQCmLa70wYU6Qo8wwtnsmaXa5jykD3MNhAp5SGJxHsTG5u7tflPdnNmOufyhdsYPxBGWAgibYs9R7yBfrvtwBTRbe096APd3bnG3++Yro=)
    username: ENC(sT6BztXbJEa71eg3pPGYMQ==)
    password: ENC(MpSZFJ9ftq+3+VUANZjr0Q==)
  jpa:
    hibernate:
      ddl-auto: update
    show-sql: true
  
  jackson:
   
    default-property-inclusion: non_null
    date-format: yyyy-MM-dd HH:mm:ss
    serialization:
      write-dates-as-timestamps: false
    time-zone: GMT+8

jasypt:
  encryptor:
    password: Y6M9fAJQdU7jNp5MW

注意: 上面的 ENC() 是固定写法,运行后会将加密值改为明文运行。

附言

部署时配置salt(盐)值 为了防止salt(盐)泄露,反解出密码.可以在项目部署的时候使用命令传入salt(盐)值:

java -jar xxx.jar -Djasypt.encryptor.password=Y6M9fAJQdU7jNp5MW

或者在服务器的环境变量里配置,进一步提高安全性. 打开/etc/profile文件

vim /etc/profile

在profile文件末尾插入salt(盐)变量

export JASYPT_PASSWORD = Y6M9fAJQdU7jNp5MW

编译,使配置文件生效

source /etc/profile

运行

java -jar -Djasypt.encryptor.password=${ 
        JASYPT_PASSWORD} xxx.jar

标签: 韩国继电器wyu

锐单商城拥有海量元器件数据手册IC替代型号,打造 电子元器件IC百科大全!

锐单商城 - 一站式电子元器件采购平台