How to Encrypt the application.properties File in Spring Boot using Jasypt

2/9/20243 min read

cherry blossom trees near river
cherry blossom trees near river

In Spring Boot applications, the application.properties file is commonly used to store configuration properties. However, it is important to secure sensitive information such as passwords, API keys, and database credentials that are stored in this file. One way to achieve this is by encrypting the application.properties file using Jasypt, a simple library for encrypting and decrypting data in Java.

Step 1: Add Jasypt Dependency

To get started, you need to add the Jasypt dependency to your Spring Boot project. Open your project's pom.xml file and add the following dependency: 


<dependency>
    <groupId>org.jasypt</groupId>
    <artifactId>jasypt-spring-boot-starter</artifactId>
    <version>3.0.3</version>
</dependency>

Step 2: Configure Jasypt

Next, you need to configure Jasypt to encrypt the properties in the application.properties file. Create a new Java class called "JasyptConfig" in your project's configuration package and add the following code: 


import org.jasypt.encryption.StringEncryptor;
import org.jasypt.encryption.pbe.StandardPBEStringEncryptor;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

@Configuration
public class JasyptConfig {

    @Bean("jasyptStringEncryptor")
    public StringEncryptor stringEncryptor() {
        StandardPBEStringEncryptor encryptor = new StandardPBEStringEncryptor();
        encryptor.setPassword("yourEncryptionPassword"); // Replace with your own encryption password
        return encryptor;
    }
}

In this code, we create a new bean named "jasyptStringEncryptor" that uses the StandardPBEStringEncryptor class from Jasypt. The encryption password is set using the setPassword() method. Make sure to replace "yourEncryptionPassword" with your own encryption password.

Step 3: Encrypt Properties

Now that Jasypt is configured, you can start encrypting the sensitive properties in the application.properties file. To encrypt a property, use the following format: 


ENC(encryptedValue)

For example, if you want to encrypt the password property, you would update the application.properties file as follows: 


db.password=ENC(encryptedPassword)

Replace "encryptedPassword" with the actual encrypted value of the password. You can use the Jasypt CLI or the Jasypt Encryptor API to encrypt the values. The Jasypt CLI can be downloaded from the Jasypt website and the API can be used programmatically.

Step 4: Decrypt Properties

To decrypt the encrypted properties at runtime, you need to create a new bean that uses the StringEncryptor bean we defined earlier. Add the following code to your project's configuration package: 


import org.jasypt.encryption.StringEncryptor;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

@Configuration
public class AppConfig {

    @Bean
    @ConfigurationProperties("db")
    public DataSource dataSource(@Qualifier("jasyptStringEncryptor") StringEncryptor encryptor) {
        // Create and configure your data source
    }
}

In this code, we create a new bean named "dataSource" and use the @ConfigurationProperties annotation to bind the properties prefixed with "db" from the application.properties file to the DataSource object. The @Qualifier annotation is used to specify the "jasyptStringEncryptor" bean as the StringEncryptor to decrypt the encrypted properties.

Step 5: Run the Application

With everything set up, you can now run your Spring Boot application. Jasypt will automatically decrypt the encrypted properties using the provided encryption password. You can access the decrypted values in your code as usual.

By encrypting the application.properties file using Jasypt, you can ensure that sensitive information is securely stored and transmitted in your Spring Boot applications. This adds an extra layer of protection to your application's configuration properties, reducing the risk of exposing sensitive data.

Note: It is important to keep the encryption password secure and not share it with anyone. Losing the encryption password will make it impossible to decrypt the encrypted properties.

Conclusion

In this tutorial, we have learned how to encrypt the application.properties file in a Spring Boot application using Jasypt. By following these steps, you can secure sensitive information stored in the configuration file, ensuring that it is protected from unauthorized access. Encrypting your application.properties file is a crucial step in enhancing the security of your Spring Boot applications.

Subscribe newsletter

Copywrite @ Java Coding Point

Contact Us | Privacy Policy | About Us