-
maven依赖
- 不同的spring boot版本引入的jasypt版本不同
spring boot 版本号1依赖spring boot 版本号2依赖 com.github.ulisesbocchio jasypt-spring-boot-starter2.0.0 com.github.ulisesbocchio jasypt-spring-boot-starter3.0.3
- 在配置中心增加相关配置
jasypt.encryptor.password=henghe #加密密钥
或者
为了防止salt(盐)泄露,反解出密码.可以在项目部署的时候使用命令传入salt(盐)值:
java -jar xxx.jar -Djasypt.encryptor.password=henghe
- 将application.yml或配置中心中重要的配置改为加密格式
password: ENC(tnJpIM6iACWO/wRI//7XsbBqy/Mpx6MG1hXe4S7U4cNWmGhajnUSeXmBmQiniKEU)
- springboot程序在启动会自动检测appliction.yml或者配置中心中有ENC(xx)的配置并做解密
-
加解密的测试类
import org.jasypt.encryption.pbe.PooledPBEStringEncryptor;
import org.jasypt.encryption.pbe.StandardPBEByteEncryptor;
import org.jasypt.encryption.pbe.config.SimpleStringPBEConfig;
public class JasyptUtils {
public static String encryptPwd(String password, String value) {
PooledPBEStringEncryptor encryptOr = new PooledPBEStringEncryptor();
encryptOr.setConfig(cryptOr(password));
String result = encryptOr.encrypt(value);
return result;
}
public static String decyptPwd(String password, String value) {
PooledPBEStringEncryptor encryptOr = new PooledPBEStringEncryptor();
encryptOr.setConfig(cryptOr(password));
String result = encryptOr.decrypt(value);
return result;
}
public static SimpleStringPBEConfig cryptOr(String password) {
SimpleStringPBEConfig config = new SimpleStringPBEConfig();
config.setPassword(password);
config.setAlgorithm(StandardPBEByteEncryptor.DEFAULT_ALGORITHM);
config.setKeyObtentionIterations("1000");
config.setPoolSize("1");
config.setProviderName(null);
config.setSaltGeneratorClassName("org.jasypt.salt.RandomSaltGenerator");
config.setStringOutputType("base64");
return config;
}
public static void main(String[] args) {
// 加密
System.out.println(encryptPwd("EbfYkitulv73I2p0mXI50JMXoaxZTKJ7", "root@1234"));
// 解密
// mysql@1234
// System.out.println(decyptPwd("EbfYkitulv73I2p0mXI50JMXoaxZTKJ7", "bgWQ4OfVCUJ1ExsqNhGV+KKBgpx8alv+"));
// root@1234
// System.out.println(decyptPwd("EbfYkitulv73I2p0mXI50JMXoaxZTKJ7", "tdHzge8YvviOJaiV/+P6uQ9wgB44D1aH"));
}
}
