Configuration File Encryption Scheme
The configuration file often contains sensitive information, such as account and passwords. In this case, the sensitive information needs to be encrypted to ensure security.
This section describes how to use jasypt-spring-boot-starter to encrypt data. The account names and passwords involved in RBAC authentication are used as examples.
- Add the dependency corresponding to the encryption component to the POM file.
<dependency> <groupId>com.github.ulisesbocchio</groupId> <artifactId>jasypt-spring-boot-starter</artifactId> <version>2.1.2</version> </dependency>
- Configure the password.
- You can directly configure the password in the configuration file (for example, application.properties). However, this method is not recommended because it is insecure.
jasypt.encryptor.password=******
Set ****** to the password used for encryption.
- Set the password in the JVM startup parameter.
-D jasypt.encryptor.password=******
Set ****** to the password used for encryption.
- You can directly configure the password in the configuration file (for example, application.properties). However, this method is not recommended because it is insecure.
- Implement the encryption method.
// Set this parameter to the password of the jasypt.encryptor.password configuration item. public static String salt = "GXXX6" (user-defined); // Encryption method. public static String demoEncrypt(String value) { BasicTextEncryptor textEncryptor = new BasicTextEncryptor(); textEncryptor.setPassword(salt); return textEncryptor.encrypt(value); } // Test whether the decryption is normal. public static String demoDecrypt(String value) { BasicTextEncryptor textEncryptor = new BasicTextEncryptor(); textEncryptor.setPassword(salt); return textEncryptor.decrypt(value); } public static void main(String[] args) { String username = demoEncrypt("root"); System.out.println(username); System.out.println(username); }The default encryption method of jasypt is used. You can also customize extended encryption and decryption methods. For details, see the official jasypt document.
- Use the encrypted configuration item.
You can use either of the following methods:
- Write the configuration file
spring: cloud: servicecomb: credentials: account: name: ENC (ciphertext of the account name) password: ENC (ciphertext of the password)Ciphertexts of the account name and password are obtained in 3.
This encryption mode requires the ENC() flag to identify whether encryption is enabled. ENC() is the special mark of the encryption mode. If ENC() does not exist, the plaintext is used.
- Enter environment variables
spring_cloud_servicecomb_credentials_account_name = ENC (ciphertext of the account name) spring_cloud_servicecomb_credentials_account_password = ENC (ciphertext of the password)
Ciphertexts of the account name and password are obtained in 3.
- Write the configuration file
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
