【SpringBoot】数据源加密处理

代码审计报告提出的一个问题：

明文暴露配置信息风险

 

解决方案可以使用jasypt实现

需要使用依赖：

        <dependency>
            <groupId>com.github.ulisesbocchio</groupId>
            <artifactId>jasypt-spring-boot-starter</artifactId>
            <version>2.1.0</version>
        </dependency>

 

加密实现案例：

import com.yonyou.cloud.repair.RepairApplication;
import org.jasypt.encryption.StringEncryptor;
import org.junit.Assert;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.test.context.junit4.SpringRunner;

@RunWith(SpringRunner.class)
@SpringBootTest(classes = RepairApplication.class )
public class DatabaseTest {

    @Autowired
    private StringEncryptor encryptor;

    @Test
    public void Test() {
        String url = encryptor.encrypt("10.180.6.116");
        String name = encryptor.encrypt("6379");
        String password = encryptor.encrypt("cyx_Pass1234");
        System.out.println("database url: " + url);
        System.out.println("database name: " + name);
        System.out.println("database password: " + password);
        Assert.assertTrue(url.length() > 0);
        Assert.assertTrue(name.length() > 0);
        Assert.assertTrue(password.length() > 0);
    }
}

 

结合application.yml配置信息的处理：

加密的密文需要加上ENC()修饰，在加载过程处理解密

  # 现UAT环境库
    url: ENC(3HhbZfqGCMCr+ux/0hUbmMGtnP1v03lj/nSIYpS1mwDN745DC2V/rM3IXeWKRTq0Z67V3l67tpuzaj+IoCAQkjms2HW2Df7bPAFBFC6Q8ixaucMo2JHoMz16jxvCHrlz7CUAwTH/oZpzoqzEbfJgu3bixM5DoaOmQGSeWk67hZVSYoKjx77Oif08fecAid/nobzBSvuzYhcMIylWkWyONg==)
    username: ENC(Q+bk/oOkE92lcvFJXXzk6RMV1homL+Ij)
    password: ENC(fzPoG+f1QEM1AfRGqAVCTpJ9bzYNbSAj0jpAX6DNqTk=)

 

密文加密的盐值配置【yml配置层级就是第一级】：

jasypt:
  encryptor:
    password: Y6M8fAJQdU7jNp5MW