How to encrypt passwords in a Spring Boot project using Jasypt
Last Updated :
04 Jan, 2024
In this article, we will learn how to encrypt data in Spring Boot application config files like application.properties or application.yml. Inside those files, we can encrypt username, password, etc.
You often come across developing projects where you have to connect to databases like MongoDB, etc, and store the authentic password of the DB connection in the config file of the spring boot project (application.yml or application.properties). Even passwords or tokens required for Authorization to make other API calls are also stored in the same way. You can actually refrain from adding the actual password in the config file and use jasypt-spring-boot a Java library.
What is Jasypt?
Jasypt (Java Simplified Encryption), provides encryption support for property sources in Spring Boot Applications. It will help you to add basic encryption features to your projects with very fewer effort and without writing any code with the help of a few additions in your project here and there. Springboot is a very powerful framework that will help you add encryption capability without implementing any cryptography method. Jasypt is highly configurable.
Steps To Add Encryption Using Jasypt
- Step 1: Add Maven dependency of Jasypt
- Step 2: Add @EnableEncryptableProperties annotation in Spring Boot Application main configuration
- Step 3: Select the secret key for encryption and decryption
- Step 4: Generate encrypted key
- Step 5: Add encrypted key in the config file
- Step 6: Secret key needs to be decrypted at runtime
- Step 7: Run the app.
Step 1: Add maven dependency of Jasypt
In the pom.xml file, add maven dependency which can be found easily in maven repository.
You can use the below dependency for reference:
<dependency>
<groupId>com.github.ulisesbocchio</groupId>
<artifactId>jasypt-spring-boot-starter</artifactId>
<version>2.0.0</version>
</dependency>
For Maven plugin dependency you can use below dependency:
<plugins>
<plugin>
<groupId>github.ulisesbocchio</groupId>
<artifactId>jasypt-maven-plugin</artifactId>
</plugin>
</plugins>
Step 2: Add annotation in the Spring Boot Application main Configuration class
@EnableEncryptableProperties annotation needs to be added to make the application understand the encryptable properties across the entire Spring Environment.
@EnableEncryptableProperties
public class MyProject{
//write the code here
}
Step 3: Select secret key for encryption and decryption
The secret key is used to encrypt the password and later can be used to decrypt the encrypted value to get the actual password. You can choose any value as the secret key.
Step 4: Generate Encrypted Key
The encrypted key can be generated through either of the following 2 methods:
Use the Jasypt Online Tool : This link can be used to generate an encrypted key by passing the chosen secret key.
You can actually use the tool to encrypt and check the encrypted key by decrypting it.
- The password to encrypt: abcd1234
- Select type of encryption: Two-way encryption (PBEWithMD5AndDES by default is used)
- Secret Key: hello (It can be any value)
- Encrypted String: kNuS1WAezYE7cph7zXVTiPSQSdHTx7Kv
Use the jasypt Jar: Download the jasypt jar file from the maven repository and run it through the following command:
java -cp //jasypt-1.9.3/lib/jasypt-1.9.3.jar org.jasypt.intf.cli.JasyptPBEStringEncryptionCLI input=”xyz123″
password=secretkey algorithm=PBEWithMD5AndDES
Following is the significance of command-line parameters passed to run the jar:
- input: abcd1234 (Actual password to be encrypted)
- password: hello (the secret key chosen by you)
- algorithm: PBEWithMD5AndDES (default algorithm used)
- OUTPUT: scEjemHosjc/hjA8saT7Y6uC65bs0swg (Encrypted value of input)
Note: Though the encrypted value i.e. Encrypted String & OUTPUT in 3.1 and 3.2 respectively are different, as the secret key is the same, the decryption will result in the same value (abcd1234) in both the cases.
Step 5: Add encrypted key in config file (application.yml or application.properties)
Now instead of adding the actual password i.e. “abcd1234” as per the above e.g., you need to add the encrypted value generated by either of the above methods. But how will the jasypt dependency understand that the particular property of the config file needs to be decrypted? Hence to make Jasypt aware of your encrypted values, it uses a convention which you need to add in the following format:
Note: ENC(encrypted key): ENC(scEjemHosjc/hjA8saT7Y6uC65bs0swg)
In the above image, the encryption of the database password is done. You can use it in any scenario where you have to hide the actual password.
Step 6: Secret key need to be decrypt at runtime
Make the Jasypt aware of the secret key which you have used to form the encrypted value. Hence following are the different methods to pass the secret key:
Pass it as a property in the config file. Run the project as usual and the decryption would happen.
Step 7: Run the application
Now run the application using the following commands:
$ mvn-Djasypt.encryptor.password=secretkey spring-boot:run
Export Jasypt Encryptor Password:
JASYPT_ENCRYPTOR_PASSWORD=hello
Similar Reads
Easiest Way to Create REST API using Spring Boot
Spring Boot is a powerful framework that makes it easy to create RESTful APIs. Creating a REST API using Spring Boot is one of the fastest and simplest ways to develop scalable and production-ready web services. Spring Boot simplifies REST API development by providing built-in features such as autom
11 min read
Java Spring Boot Microservices Sample Project
Microservices are more popular nowadays. They can be written in any language. In this article, let us see Spring Boot Microservices. in this article let us see a base project "currency-exchange-sample-service" which has a business logic and which can be invoked in another project "currency-conversio
9 min read
Difference between Spring MVC and Spring Boot
1. Spring MVC : Spring is widely used for creating scalable applications. For web applications Spring provides Spring MVC framework which is a widely used module of spring which is used to create scalable web applications. Spring MVC framework enables the separation of modules namely Model View, Con
3 min read
Spring Boot - Spring JDBC vs Spring Data JDBC
Understanding the difference between Spring JDBC and Spring Data JDBC is important for choosing the right approach to interact with relational databases in Spring Boot applications. Both frameworks serve the same purpose but differ significantly in terms of abstraction, ease of use, and developer pr
5 min read
Best Practices For Structuring Spring Boot Application
Spring Boot is built on top of the conventional spring framework. So, it provides all the features of spring and is yet easier to use than spring. In this article, we are going to see how one should start and structure his Spring Boot application. Prerequisites: Good knowledge of Java.Basic knowledg
3 min read
Spring Boot - Start/Stop a Kafka Listener Dynamically
In a Spring Boot application, Kafka Listeners start automatically once the application launches and they listen for messages from Kafka topics. But there are many scenarios where we might need to dynamically start or stop a Kafka listener based on certain conditions. This can be achieved using Kafka
7 min read
How To Dockerize A Spring Boot Application With Maven ?
Docker is an open-source containerization tool that is used for building, running, and managing applications in an isolated environment. It facilitates the developers to bundles its software, libraries, and configuration files. The Docker facilitates with isolating the one container from another. In
12 min read
Dynamic Dropdown From Database using Spring Boot
The concept of dynamic dropdown (or dependent dropdown) is exciting and challenging to code. Dynamic dropdown means that the values in one dropdown list are dependent on the value selected in the previous dropdown list. A simple example would be three dropdown boxes displaying names of the district,
11 min read
Spring - RestTemplate
Due to high traffic and quick access to services, REST APIs are getting more popular. REST is not a protocol or a way of standard, rather it is a set of architectural constraints. It is also called RESTful API or web API. When a client request is made, it just transfers a representation of the state
7 min read
Spring Boot - Scheduling
Spring Boot provides the ability to schedule tasks for execution at a given time period with the help of @Scheduled annotation. This article provides a step by step guideline on how we can schedule tasks to run in a spring boot application Implementation:It is depicted below stepwise as follows:Â St
4 min read