每当需要在应用程序属性文件中隐藏密码等字段时,直截了当的答案是使用jasypt或其他加密方式对这些细节进行加密。
如果您将加密的密码和jasypt细节保存在同一文件中,那么这有什么意义呢?或者将它们保存在不同的文件中...
还有其他更聪明的方法吗?
不建议将加密密钥保存在application.properties
中,因为你不希望它被提交到代码仓库中。你需要在运行应用程序时向应用程序提供密钥,可以输入或将其存储在服务器上的某个位置。请参考此处示例。
Create a tiny utility class (preferably outside your spring boot app) to encrypt your passwords; it's easy to use Jasypt's BasicTextEncryptor class ex:
BasicTextEncryptor pwdEncrypt = new BasicTextEncryptor();
pwdEncrypt.setPassword(your_secret_sauce)//whatever you use here will be needed in the properties file (more on that later)
String encoded = pwdEncrypt.encrypt(password_you_want_to_encrpyt);
The String encoded is PBE-encoded by default; grab that
In your properties file, make the following entries:
jasypt.encryptor.password=your_secret_sauce //used in your utility
password_entry_you_want_to_encrypt=ENC(encoded) //encoded grabbed from your utility class
I'll assume that you're annotating your main class with @SpringBootApplication. Add the following annotations as well:
@EnableEncryptableProperties
@PropertySource(name="EncryptedProperties", value = "classpath:application.properties")
使用jasypt
加密application.properties
文件中的属性。
它使用PBEWithMD5AndDES
进行加密。
参见:
https://github.com/ulisesbocchio/jasypt-spring-boot