jasypt: encryptor: password: Y6M9fAJQdU7jNp5MW

3. 在测试用例中生成加密的秘密钥匙 @RunWith(SpringRunner.class) @SpringBootTest public class DatabaseTest {

   @Autowired private StringEncryptor encryptor;

   @Test public void getPass() { String url = encryptor.encrypt(“jdbc:mysql://localhost:3306/mydb?autoReconnect=true&serverTimezone=GMT+8&useUnicode=true&characterEncoding=utf-8”); String name = encryptor.encrypt(“root”); String password = encryptor.encrypt(“123456”); System.out.println("database url: " url); System.out.println("database name: " name); System.out.println("database password: " password); Assert.assertTrue(url.length() > 0); Assert.assertTrue(name.length() > 0); Assert.assertTrue(password.length() > 0); } } 以下是输出加密字符串： database url: 6Ut7iADnHS18cManoFJuNRQ5QEDfcho/F96SOhsHZdXlHYCa5PSrz6rk48I9eHB7qPp5AxDFBk9xi0I1hi6BJ0DSPYA9443gBAk5JDUxDufjUKsdh6knZJLNELmFJzYrDvCu4S0x22MYdZqJDLbyDUU2JcoezCvs156vmsPgU4A= database name: fmai72yGYKGlP6vTtX77EQ== database password: GPMG7FGV EA9iGkC27u67A==

4. 用原明文替换加密字符串 applicatioin.yml server: port: 8080 spring:

datasource: driver-class-name: com.mysql.cj.jdbc.Driver

url: ENC(h20YiPrvNnuuTGjlrE1RVpudMuIQAS6ZPSVo1SPiYVyLen7/TWI5rXVRkStA3MDcoVHQCmLa70wYU6Qo8wwtnsmaXa5jykD3MNhAp5SGJxHsTG5u7tflPdnNmOufyhdsYPxBGWAgibYs9R7yBfrvtwBTRbe096APd3bnG3  Yro=) username: ENC(sT6BztXbJEa71eg3pPGYMQ==) password: ENC(MpSZFJ9ftq 3 VUANZjr0Q==) 

jpa: hibernate: ddl-auto: update show-sql: true

jackson:

default-property-inclusion: non_null date-format: yyyy-MM-dd HH:mm:ss serialization:   write-dates-as-timestamps: false time-zone: GMT 8 

jasypt: encryptor: password: Y6M9fAJQdU7jNp5MW 注意: 上面的 ENC() 是固定写法. 附言 部署时配置salt(盐)值 为了防止salt(盐)泄漏，反解密码.可在项目部署时使用命令传入salt(盐)值: java -jar xxx.jar -Djasypt.encryptor.password=Y6M9fAJQdU7jNp5MW 或在服务器的环境变量中进一步提高安全性. 打开/etc/profile文件 vim /etc/profile 在profile插入文件末尾salt(盐)变量 export JASYPT_PASSWORD = Y6M9fAJQdU7jNp5MW 编译，使配置文件生效 source /etc/profile 运行 java -jar -Djasypt.encryptor.password=${JASYPT_PASSWORD} xxx.jar