yml 敏感加密,防偷窥 jasypt

/ DevOps / 80浏览

前言

1.引入maven

         <dependency>
            <groupId>com.github.ulisesbocchio</groupId>
            <artifactId>jasypt-spring-boot-starter</artifactId>
            <version>3.0.3</version>
        </dependency>

2.yml加入配置

jasypt:
  encryptor:
    #此处写自定义的pwd
    password: pwd

3.开始加密敏感数据

@RunWith(SpringRunner.class)
@SpringBootTest
@WebAppConfiguration
public class testTest {
    @Autowired
    StringEncryptor encryptor;

    @Test
    public void getPass() {
        String url = encryptor.encrypt("jdbc:mysql://127.0.0.1:3306/dogdb?characterEncoding=utf-8&useSSL=false&serverTimezone=GMT%2b8");
        String name = encryptor.encrypt("你的数据库名");
        String password = encryptor.encrypt("你的数据库密码");
        System.out.println(url);
        System.out.println(name);
        System.out.println(password);
    }
}
输出结果
jbmabcdefgDKQRPewabcefqZuxMatGoTghaMwwaQrPta=
lbmabcdefgDKQRPewabcefqZuxMatGoTghaMwwaQrPtb=
ibmabcdefgDKQRPewabcefqZuxMatGoTghaMwwaQrPtc=

4. 将上面生成的name和password替换配置

spring:
  #数据库相关配置
  datasource:
    driver-class-name: com.mysql.jdbc.Driver
    #这里加上后缀用来防止mysql乱码,serverTimezone=GMT%2b8设置时区
    url: ENC(jbmabcdefgDKQRPewabcefqZuxMatGoTghaMwwaQrPta=)
    username: ENC(lbmabcdefgDKQRPewabcefqZuxMatGoTghaMwwaQrPtb=)
    password: ENC(ibmabcdefgDKQRPewabcefqZuxMatGoTghaMwwaQrPtc=)

5.docker 配置(不使用docker的可以跳过此步骤)

> Dockerfile 后面加上这两条,里面写yml里面的pwd

ENTRYPOINT ["java","-Djasypt.encryptor.password=yml里面的pwd","-jar","app.jar"]
ENTRYPOINT ["java","-jar","app.jar","--jasypt.encryptor.password=yml里面的pwd"]