Encrypt sensitive data in the configuration file

Java

Encrypt sensitive data in the configuration file

Common steps (introducing related dependencies)

<dependency>
    <groupId>com.github.ulisesbocchio</groupId>
    <artifactId>jasypt-spring-boot-starter</artifactId>
    <version>3.0.3</version>
</dependency>

database information

Modify the configuration file and add the key

YML configuration file before modification

server:
  port: 9091
jasypt:
  encryptor:
    # 指定加密密码
    password: wxzkjtvvgt@44lvvz
spring:
  datasource:
    url: jdbc:MysqL://127.0.0.1:3306/encryp?serverTimezone=UTC
    driver-class-name: com.MysqL.cj.jdbc.Driver
    password: root1234
    username: root
  application:
    name: test-encrypt
  redis:
    port: 6379
    host: 127.0.0.1
    password: iamamg

The first approach

@Test
    void testEncrypt() {

        final String redisHostEncrypt = stringEncryptor.encrypt("127.0.0.1");
        final String redisPasswordEncrypt = stringEncryptor.encrypt("iamamg");
        final String MysqLUrl = stringEncryptor.encrypt("jdbc:MysqL://127.0.0.1:3306/encryp?serverTimezone=UTC");
        final String MysqLUserName = stringEncryptor.encrypt("root");
        final String MysqLPassword = stringEncryptor.encrypt("root1234");

        System.out.println("==================================");

        // 用这些加密的信息替换掉配置文件里面相关的配置项
        
        System.out.println("redis主机加密:" + redisHostEncrypt);
        System.out.println("redis密码加密:" + redisPasswordEncrypt);
        System.out.println("MysqL用户名加密:" + MysqLUserName);
        System.out.println("MysqL密码加密:" + MysqLPassword);
        System.out.println("MysqLUrl加密:" + MysqLUrl);

        System.out.println("===================================");

        System.out.println("redis主机解密:" + stringEncryptor.decrypt(redisHostEncrypt));
        System.out.println("redis密码解密:" + stringEncryptor.decrypt(redisPasswordEncrypt));
        System.out.println("MysqL用户名解密:" + stringEncryptor.decrypt(MysqLUserName));
        System.out.println("MysqL密码解密:" + stringEncryptor.decrypt(MysqLPassword));
        System.out.println("MysqLUrl解密:" + stringEncryptor.decrypt(MysqLUrl));
    }



==================================
redis主机加密:V5FeblAg4MRY+TEkmBlSZzgK74CTIyPPnrkcpuibYFMxbEHtmPWduLxdHpgFn3Gw
redis密码加密:0aP2oNj2IrXA9bl6HygZQESEy82dWccigQ5Fic474y8f3pyDNxRIdA+C5SjHsKEY
MysqL用户名加密:cTPlLHJqZcchsnd0N9gZWGpFcfAFS0EwFwT0foYPXqxA9ngXfNtCUoR7rLvPfYRF
MysqL密码加密:/J2IBQyk8aydeBKL6E553ffxanVE660uuNOzUrNlVMEcrejy70Sen0MKkXc7szQ0
MysqLUrl加密:NvHXbj9LhVamadZSyXfB/Alsg+XuICiJUKTC/dl92lDEF0gcHoIi1Fd0HOxGOEBydgnyNdyK0cnDC0vyC0k+e5AR9Cr8VYDUMdALMr+85Ar4XrPZ0ZICYAsox84fSMdb
===================================
redis主机解密:127.0.0.1
redis密码解密:iamamg
MysqL用户名解密:root
MysqL密码解密:root1234
MysqLUrl解密:jdbc:MysqL://127.0.0.1:3306/encryp?serverTimezone=UTC

Modified YML configuration file

You may have observed that the data items to be encrypted are enclosed by enc ()

server:
  port: 9091
jasypt:
  encryptor:
    # 加密密码
    password: wxzkjtvvgt@44lvvz
spring:
  datasource:
    url: ENC(NvHXbj9LhVamadZSyXfB/Alsg+XuICiJUKTC/dl92lDEF0gcHoIi1Fd0HOxGOEBydgnyNdyK0cnDC0vyC0k+e5AR9Cr8VYDUMdALMr+85Ar4XrPZ0ZICYAsox84fSMdb)
    driver-class-name: com.MysqL.cj.jdbc.Driver
    password: ENC(/J2IBQyk8aydeBKL6E553ffxanVE660uuNOzUrNlVMEcrejy70Sen0MKkXc7szQ0)
    username: ENC(cTPlLHJqZcchsnd0N9gZWGpFcfAFS0EwFwT0foYPXqxA9ngXfNtCUoR7rLvPfYRF)
  application:
    name: test-encrypt
  redis:
    port: 6379
    host: ENC(V5FeblAg4MRY+TEkmBlSZzgK74CTIyPPnrkcpuibYFMxbEHtmPWduLxdHpgFn3Gw)
    password: ENC(0aP2oNj2IrXA9bl6HygZQESEy82dWccigQ5Fic474y8f3pyDNxRIdA+C5SjHsKEY)

Is the test feasible

	/**
     * 测试获取数据库中的数据总量
     */
    @Test
    void testSelectInMysqL() {

        String sql = "SELECT COUNT(1) FROM T0001_TEST";
        final Integer num = jdbcTemplate.queryForObject(sql,Integer.class);
        System.out.println(num);
    }

    /**
     * 测试获取redis中指定key
     */
    @Test
    void testSelectInRedis() {
        final String name = redistemplate.opsForValue().get("name");
        System.out.println(name);
    }

However, let's think about it. Is it unreasonable that there are still keys in our current YML configuration file? As long as the file is read, the key will still be known, so another method is provided here

The second approach

The final test is whether it is feasible

At this time, simulate the real three-tier development

[the external chain image transfer fails. The source station may have an anti-theft chain mechanism. It is recommended to save the image and upload it directly (img-xi4lgeht-1618718221907) (D: \ typera \ images \ three-tier development. PNG)]

//controller代码
    
/**
 * @Author: Amg
 * @Date: Created in 17:45 2021/04/17
 * @Description: TODO
 */
@RestController
public class TestController {

    @Autowired
    TestServiceImpl service;

    @GetMapping("/count")
    public String getCount() {

        final Integer count = service.getCount();
        if (StringUtils.isEmpty(count)) {
            return "连接数据库出问题了";
        } else {
            return "连接数据库成功!当前数据量为:" + count;
        }

    }
}

//service代码
/**
 * @Author: Amg
 * @Date: Created in 17:46 2021/04/17
 * @Description: TODO
 */
@Service
public class TestServiceImpl {

    @Autowired
    private JdbcTemplate jdbcTemplate;

    public Integer getCount() {
        try {
            String sql = "SELECT COUNT(1) FROM T0001_TEST";
            return jdbcTemplate.queryForObject(sql,Integer.class);
        } catch (DataAccessException e) {
            e.printStackTrace();
            return null;
        }
    }
}

Don't ask questions!

The content of this article comes from the network collection of netizens. It is used as a learning reference. The copyright belongs to the original author.
THE END
分享
二维码
< <上一篇
下一篇>>