ulisesbocchio/jasypt-spring-boot

Jasypt integration for String boot

Ulises Bocchio

@ulisesbocchio

Version 1.2 of jasypt-spring-boot is in Maven Central!

David

@sonoerin

I have a question about the jasypt spring boot and application-{profile}.properties, is this the proper forum for that?

David

@sonoerin

I am looking for how to use jasypt spring boot with profiles but don't see any examples of this on Github

Ulises Bocchio

@ulisesbocchio

It should work out the box

Just add the starter jar and any properties could be encryptable, regardless of the profile

David

@sonoerin

I have my datasource values in application-local.properties such as
spring.datasource.username=myUserName
spring.datasource.password=ENC(07sDUWgiFTyiir5/yvHB9w3UhBPSc7Smfum2RMmxdyA+866jGxkDqQ==)
But when I startup I get a message that a password cannot be found for username "myUserName". I encrypted the password with the /jasypt/bin/encrypt.sh and have imported the started library. On startup I see messages such as:
Encryptor config not found for property jasypt.encryptor.algorithm, using default value: PBEWithMD5AndDES
c.u.j.c.StringEncryptorConfiguration : Encryptor config not found for property jasypt.encryptor.keyObtentionIterations, using default value: 1000
main] c.u.j.c.StringEncryptorConfiguration : Encryptor config not found for property jasypt.encryptor.poolSize, using default value: 1
c.u.j.c.StringEncryptorConfiguration : Encryptor config not found for property jasypt.encryptor.providerName, using default value: SunJCE
c.u.j.c.StringEncryptorConfiguration : Encryptor config not found for property jasypt.encryptor.saltGeneratorClassname, using default value: org.jasypt.salt.RandomSaltGenerator
c.u.j.c.StringEncryptorConfiguration : Encryptor config not found for property jasypt.encryptor.stringOutputType, using default value: base64
So it would appear its loading up, but either not finding that particular property, or unable to use it

Ulises Bocchio

@ulisesbocchio

do you have git repo where this happens??

I can check it out for you

Armin Naderi

@naderi_armin_twitter

Hello! Is this project meant to replace the spring-3.1 integration mentioned here? http://www.jasypt.org/spring31.html

Mike Liu

@mikexliu

hi, is it possible to do something like ${ENV_VARIABLE:ENC(...)} ?

Ulises Bocchio

@ulisesbocchio

@naderi_armin_twitter this project is unrelated to the official Jasypt project but in a way, yes, it replaces the old integration to use Spring Boot

@mikexliu yes, I believe that’s possible, did you try it?

Mike Liu

@mikexliu

@ulisesbocchio I had to basically make it resolvePlaceholders then call getProperty .. i don't think that's the right approach..

Ulises Bocchio

@ulisesbocchio

@mikexliu you have to use EncryptableEnvironment:

new SpringApplicationBuilder()
                .environment(new EncryptableEnvironment(new StandardEnvironment()))
                .sources(SimpleDemoApplication.class)
                .run(args);

@mikexliu that way it’ll work. Placeholders ${NAME:default} are resolved at the Environment level

@mikexliu basically all you need is to add that, no other Annotations like @EnableEncryptableProperties, @EncryptablePropertySource and no starter jar. That should be enough.

Mike Liu

@mikexliu

@ulisesbocchio oh i didn't know about that, i'll try it later today. thanks!

Mike Liu

@mikexliu

@ulisesbocchio
hey, sorry for kinda late reply. I tried to use EncryptableEnvironment, and it seemed like the original case worked, but now there's another problem:

user: user
password: ${PASSWORD:ENC(asdf)}

endpoint: https://${user}:${password}@localhost:30000

Trying to resolve turns into:

user: user
password: ENC(asdf)

endpoint: https://user:ENC(asdf)@localhost:30000

This makes sense since resolve happens before decrypt. But seems like this is a bug because the EncryptableEnvironment, when it follows the ${...} resolution, it should also be trying to decrypt if it can. Thoughts?

Ulises Bocchio

@ulisesbocchio

@mikexliu got it, let me look into it

Ulises Bocchio

@ulisesbocchio

@mikexliu from what I can see Spring is not relying on external property resolver (that will use encryptable property sources) when it finds a nested placeholder. That's causing your issue.

https://github.com/spring-projects/spring-framework/blob/master/spring-core/src/main/java/org/springframework/util/PropertyPlaceholderHelper.java?line=162#L162

that line should probably be: propVal = placeholderResolver.resolvePlaceholder(propVal);

but I understand why it's done the way it is right now, to reuse potential already resolved placeholders

Ulises Bocchio

@ulisesbocchio

but that doesn't allow property source decoration on nested placeholders

Ulises Bocchio

@ulisesbocchio

for now you should probably stick to:

user: user
defaultPassword: ENC(asdf)
password: ${PASSWORD:${defaultPassword}}

endpoint: https://${user}:${password}@localhost:30000

which adds one more level of indirection but the works because defaultPassword is a top level property

But just like David Wheeler said... All problems in computer science can be solved by another level of indirection

Mike Liu

@mikexliu

Thanks @ulisesbocchio I will try that later!

Armin Naderi

@naderi_armin_twitter

Great project @ulisesbocchio, thank you for making it. I was wondering if it is possible to use this project for Gradle .properties files as well? The problem is that the properties need to be decrypted during Gradle's runtime. Thanks for reading.

NadhemNiNo

@NadhemNiNo

Hey @ulisesbocchio and great job for the project. I'm just having a problem when working with jasypt-spring-boot in my project; @EnableEncryptableProperties is not recognized even the dependency in the pom file exists. Thanks in advance for your reply

Ulises Bocchio

@ulisesbocchio

@NadhemNiNo weird, did you try one of the sample projects?

@naderi_armin_twitter it should be the same with gradle, props should be decrypted at runtime in the app. What are you trying to do with gradle properties?

Armin Naderi

@naderi_armin_twitter

@ulisesbocchio I am extracting passwords for binary repositories to separate property files. The problem is that Gradle does not run at the application's runtime, but rather within its own JVM during the building of the application. I need to run jasypt within Gradle's JVM.

Ulises Bocchio

@ulisesbocchio

@naderi_armin_twitter is it possible that you upload a sample project to github for me to take a look? I can't picture what you're saying. The library is meant to be used with password decryption at runtime, so unless you're trying to decrypt a property as part of your build process, I'm not sure what else could it be. In any case, regardless of where it runs, passing property -Djasypt.encryptor.password=password should be enough in any JVM. Keep in mind though that spring boot has to run.

NadhemNiNo

@NadhemNiNo

@ulisesbocchio All works perfectly now. i had some issues with my maven plugin. I have succeeded now to integrate jasypt in my project ans it works as expected. thanks again

Ryan Dawson

@ryandawsonuk

I'm guessing people stuck with java7 just have to settle for the spring jasypt integration?

Ulises Bocchio

@ulisesbocchio

There's a java 7 version @ryandawsonuk

Ryan Dawson

@ryandawsonuk

that would be great - where do I get the java 7 version?

oh I think I found it - https://mvnrepository.com/artifact/com.github.ulisesbocchio/jasypt-spring-boot-starter/1.4-java7

Ryan Dawson

@ryandawsonuk

this makes me very happy, thanks

Ryan Dawson

@ryandawsonuk

I'm hitting this bug in jasypt 1.9.2 - https://sourceforge.net/p/jasypt/bugs/32/

actually doesn't look like they've released 1.9.3 yet

Ulises Bocchio

@ulisesbocchio_twitter

hmm...

yeah, last version was 1.9.2

I don't think they'll be releasing a new version any time soon

Where communities thrive

People

Repo info

Activity