Jasypt 이용한 application.yml 암호화

build.gradle

// https://mvnrepository.com/artifact/com.github.ulisesbocchio/jasypt-spring-boot-starter
implementation group: 'com.github.ulisesbocchio', name: 'jasypt-spring-boot-starter', version: '3.0.4'

 

Local

Edit Configurations...

Modify options

Add VM options

// 추가
-Djasypt.encryptor.password=Secret Key

 

JasyptConfig

import org.jasypt.encryption.StringEncryptor;
import org.jasypt.encryption.pbe.PooledPBEStringEncryptor;
import org.jasypt.encryption.pbe.config.SimpleStringPBEConfig;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

@Configuration
public class JasyptConfig {

  @Value("${jasypt.encryptor.password}")
  private String encryptKey;

  @Bean("jasyptStringEncryptor")
  public StringEncryptor stringEncryptor() {
    PooledPBEStringEncryptor encryptor = new PooledPBEStringEncryptor();
    SimpleStringPBEConfig config = new SimpleStringPBEConfig();
    config.setPassword(encryptKey);
    config.setAlgorithm("PBEWithMD5AndDES");
    config.setKeyObtentionIterations("1000");
    config.setPoolSize("1");
    config.setProviderName("SunJCE");
    config.setSaltGeneratorClassName("org.jasypt.salt.RandomSaltGenerator");
    config.setIvGeneratorClassName("org.jasypt.iv.NoIvGenerator");
    config.setStringOutputType("base64");
    encryptor.setConfig(config);
    return encryptor;
  }
}

 

https://www.devglan.com/online-tools/jasypt-online-encryption-decryption

암호화/복호화

application.yml

// 암호화
spring:
  ...
  datasource:
    url: ENC(u9wfMcZRqZlcFqSuTJ79BcTtpghot/55tzJsDX70NvaW5wxDMISuvtg0tHYx/VIa)
    driver-class-name: org.mariadb.jdbc.Driver
    username: ENC(nQcMhi8KdOcOLE6rCpqMHA==)
    password: ENC(0P3dIScBQqWsBDxQFu7tbw==)
  ...

 

Server
docker-compose.yml

version: '3'
services:
  ...
  environment:
    JASYPT_ENCRYPTOR_PASSWORD: Secret Key
  ...

// 저장 후
docker-compose up -d