配置文件加解密
前景
在使用 Springboot 时,通常很多信息都是在 application.yml 中直接明文配置的,比如数据库链接信息,redis 链接信息等等。但是这样是不安全的。
所以需要对敏感数据进行加密,这样防止密码泄露
Jasypt 这个库为我们解决了这个问题,实现了 springboot 配置的自定加密加密
引入依赖
txt
<!--jasypt配置文件加解密-->
<dependency>
<groupId>com.github.ulisesbocchio</groupId>
<artifactId>jasypt-spring-boot-starter</artifactId>
</dependency>
配置 application 信息
txt
jasypt:
encryptor:
#加密使用的密钥
password: ky2022Aa12!!!@@@
# 加密算法
algorithm: PBEWithMD5AndDES
#生成salt的类名
salt-generator-classname: org.jasypt.salt.RandomSaltGenerator
#生成iv的类名
iv-generator-classname: org.jasypt.iv.RandomIvGenerator
加密解密测试
java
/**
* jasypt.encryptor.password 对应 配置中心 application-dev.yml 中的密码
*/
@Test
public void testEnvironmentProperties() {
System.out.println("-------------------------------------cbb-admin加解密-------------------------------------");
System.setProperty("jasypt.encryptor.password", "ky2022Aa12!!!@@@");
System.setProperty("jasypt.encryptor.algorithm", "PBEWithMD5AndDES");
System.setProperty("salt-generator-classname", "org.jasypt.salt.RandomSaltGenerator");
System.setProperty("iv-generator-classname", "org.jasypt.iv.RandomIvGenerator");
StringEncryptor stringEncryptor = new DefaultLazyEncryptor(new StandardEnvironment());
// 加密方法
System.out.println("========>application.yml环境<========");
System.out.println(
"spring.datasource.druid.stat-view-servlet.login-password: " + stringEncryptor.encrypt("xxx2020Aa!"));
System.out.println("knife4j.basic.password: " + stringEncryptor.encrypt("xxx2020Aa!"));
System.out.println("========>application-dev.yml环境<========");
System.out.println("spring.datasource.password: " + stringEncryptor.encrypt("xxx1973912xxx"));
System.out.println("spring.redis.password: " + stringEncryptor.encrypt("1973xx912"));
System.out.println("oss.secret-key: " + stringEncryptor.encrypt("xxx1973912"));
System.out.println("========>application-prod.yml环境<========");
System.out.println("spring.datasource.password: " + stringEncryptor.encrypt("xxx#2022"));
System.out.println("spring.redis.password: " + stringEncryptor.encrypt("xxx@redis@2022"));
System.out.println("oss.secret-key: " + stringEncryptor.encrypt("xxx@xxx@123456"));
System.out.println("========>application-test.yml环境<========");
System.out.println("spring.datasource.password: " + stringEncryptor.encrypt("xxxx1973912"));
System.out.println("spring.redis.password: " + stringEncryptor.encrypt("1973xx912"));
System.out.println("oss.secret-key: " + stringEncryptor.encrypt("admixxxn1973912"));
System.out.println("-------------------------------------cbb-admin加解密 结束-------------------------------------");
// 解密方法
// System.out.println(stringEncryptor.decrypt(""));
}
替换信息
txt
spring:
datasource:
driver-class-name: com.mysql.cj.jdbc.Driver
url: jdbc:mysql://127.0.0.1:3306/mp
username: root
# 使用ENC()包裹,标识为加密之后的,否则无法解密,会报错
password: ENC(T7Jdv7wLO2UMvuEgrQqyAVoJ3KXQAmgF2A3SpvVzxIE=)