Spring Boot Configuration with Jasypt

Jasypt (Java Simplified Encryption) provides a simple way to encrypt and decrypt properties in Spring Boot applications. This is especially useful for securing sensitive information such as passwords and API keys in configuration files. This tutorial will guide you through the process of setting up Jasypt in a Spring Boot application.

Prerequisites

• JDK 17 or later
• Maven or Gradle
• IDE (IntelliJ IDEA, Eclipse, etc.)

Step 1: Set Up a Spring Boot Project

1.1 Create a New Spring Boot Project

Use Spring Initializr to create a new project with the following dependencies:

• Spring Web
• Spring Boot Actuator

Download and unzip the project, then open it in your IDE.

1.2 Add Jasypt Dependency

Add the Jasypt Spring Boot starter dependency to your pom.xml (for Maven) or build.gradle (for Gradle).

For Maven:

<dependency>
    <groupId>com.github.ulisesbocchio</groupId>
    <artifactId>jasypt-spring-boot-starter</artifactId>
    <version>3.0.4</version>
</dependency>

For Gradle:

implementation 'com.github.ulisesbocchio:jasypt-spring-boot-starter:3.0.4'

Step 2: Encrypt Sensitive Information

2.1 Generate Encrypted Values

Use the Jasypt CLI tools or an online Jasypt encryption tool to encrypt your sensitive information. For example, to encrypt a password using the jasypt CLI, run:

encrypt input="mySecretPassword" password="encryptionKey"

This command encrypts the password mySecretPassword using the encryption key encryptionKey. The output will be an encrypted string.

2.2 Add Encrypted Properties to application.properties

Add the encrypted properties to your application.properties file.

# src/main/resources/application.properties

spring.datasource.url=jdbc:mysql://localhost:3306/mydb
spring.datasource.username=myuser
spring.datasource.password=ENC(jasyptEncryptedPassword)
jasypt.encryptor.password=encryptionKey

Explanation:

• ENC(jasyptEncryptedPassword): Wraps the encrypted password with ENC() to indicate that it should be decrypted by Jasypt.
• jasypt.encryptor.password: Sets the encryption key for Jasypt to use.

Step 3: Configure Jasypt in Spring Boot

3.1 Create a Configuration Class (Optional)

You can create a configuration class to customize Jasypt's behavior. This is optional as Jasypt provides sensible defaults.

package com.example.demo.config;

import org.jasypt.encryption.StringEncryptor;
import org.jasypt.spring31.properties.EncryptablePropertySourcesPlaceholderConfigurer;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.env.ConfigurableEnvironment;

@Configuration
public class JasyptConfig {

    @Bean
    public static EncryptablePropertySourcesPlaceholderConfigurer propertySourcesPlaceholderConfigurer(
            ConfigurableEnvironment environment, StringEncryptor encryptor) {
        return new EncryptablePropertySourcesPlaceholderConfigurer(environment, encryptor);
    }
}

Explanation:

• EncryptablePropertySourcesPlaceholderConfigurer: Allows properties to be decrypted before being used by Spring Boot.

Step 4: Using Encrypted Properties

4.1 Create a Service to Use the Encrypted Properties

Create a simple service that uses the encrypted properties.

package com.example.demo.service;

import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Service;

@Service
public class MyService {

    @Value("${spring.datasource.username}")
    private String dbUsername;

    @Value("${spring.datasource.password}")
    private String dbPassword;

    public void printDatabaseCredentials() {
        System.out.println("Database Username: " + dbUsername);
        System.out.println("Database Password: " + dbPassword);
    }
}

Explanation:

• @Value: Injects the decrypted property values.

4.2 Create a REST Controller to Test the Service

Create a REST controller to test the service.

package com.example.demo.controller;

import com.example.demo.service.MyService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
public class MyController {

    @Autowired
    private MyService myService;

    @GetMapping("/credentials")
    public String getCredentials() {
        myService.printDatabaseCredentials();
        return "Check the console for database credentials.";
    }
}

Explanation:

• @RestController: Marks the class as a REST controller.
• @GetMapping("/credentials"): Maps HTTP GET requests to the getCredentials method.

Step 5: Running and Testing the Application

5.1 Run the Application

Run the Spring Boot application using your IDE or the command line:

./mvnw spring-boot:run

5.2 Test the Endpoint

Open your browser or use a tool like Postman to test the endpoint.

• URL: http://localhost:8080/credentials
• Method: GET

Check the console output to see the decrypted database credentials.

Conclusion

In this tutorial, you have learned how to integrate Jasypt with a Spring Boot application to secure sensitive information in your configuration files. We covered:

• Setting up a Spring Boot project with Jasypt.
• Encrypting sensitive information.
• Configuring Jasypt in Spring Boot.
• Using encrypted properties in a service.
• Testing the application.

By following these steps, you can enhance the security of your Spring Boot applications by encrypting sensitive configuration properties.