Jaspyt加密敏感信息 和 变量Key修改

前言:在敲spring的传播行为时用到数据库连接,password属于敏感信息应该加密处理,结合工作中的敏感信息处理,一种是明文通过平台管理,类似注册中心,使用时直接${}获取;一种是通过jasypt加密,提供了明文加密的url,加密后配置到项目中即可。第二种方式因为要用到算法、盐等,因为公司有统一的盐值,所以就需要覆盖 jasypt.encryptor.password的值,这里主要演示下这个问题

简单搭建jasypt

jasypt依赖

        <dependency>
            <groupId>com.github.ulisesbocchio</groupId>
            <artifactId>jasypt-spring-boot-starter</artifactId>
        </dependency>

application.yaml配置

jasypt:
  encryptor:
    password: my-salt
## 这里这是演示下盐值,所以其他算法之类使用的默认

测试

@SpringBootTest
@Slf4j
public class EncTest {

    @Autowired
    private StringEncryptor encryptor;

    private String message = "1234";
    private  String encryptedMessage = "1mqGQpoh38WkQLrrPS0WnJPRI6zSVt2/VbKKRTTSLiVXgDvDRYknmHrZzdoy2Bz1";

    @Test
    public void encMessage(){
        String encrypted = encryptor.encrypt(message);
        log.info("加密后的message是:{}",encrypted );
    }

    @Test
    public void decMessage(){
        String decrypted = encryptor.decrypt(encryptedMessage);
        log.info("解密后的message是:{}",decrypted );
        Assertions.assertEquals(message,decrypted);
    }
}

测试没问题后,开始考虑替换jasypt.encryptor.password,使用统一的key

更改环境变量

编写自己的替换代码

@Order(Ordered.HIGHEST_PRECEDENCE-1)
public class MyEnvironment implements EnvironmentPostProcessor {

    String jasyptKey = "jasypt.encryptor.password";
    String saltKey = "global.salt.key";

    @Override
    public void postProcessEnvironment(ConfigurableEnvironment environment, SpringApplication application) {
        environment.setRequiredProperties(saltKey);
        environment.validateRequiredProperties();

        if(!environment.containsProperty(jasyptKey)){
            Map<String, Object> source = new HashMap<>(16);
            source.put(jasyptKey,environment.getProperty(saltKey));
            environment.getPropertySources().addFirst(new MapPropertySource("self-definition",source));
        }
    }
}

spring.factories注册

# Environment Post Processors
org.springframework.boot.env.EnvironmentPostProcessor=\
com.daniel.config.MyEnvironment

换Key测试

这里不配置jasypt.encryptor.password,通过配置global.salt.key测试没问题。

单独打包,测试

这里还是以propagation那个项目作为测试的。

依赖


<dependency>
    <groupId>com.daniel</groupId>
    <artifactId>spring-jasypt</artifactId>
    <version>0.0.1-SNAPSHOT</version>
</dependency>
<dependency>
    <groupId>com.baomidou</groupId>
    <artifactId>mybatis-plus-boot-starter</artifactId>
</dependency>
<dependency>
    <groupId>com.baomidou</groupId>
    <artifactId>mybatis-plus</artifactId>
</dependency>

<dependency>
    <groupId>mysql</groupId>
    <artifactId>mysql-connector-java</artifactId>
</dependency>

application.yaml

spring:
  datasource:
    driver-class-name: com.mysql.cj.jdbc.Driver
    url: jdbc:mysql://localhost:3306/daniel_test?serverTimeZone=GMT+8&useSSL=false&characterEncoding=utf-8
    username: root
    password: ENC(1mqGQpoh38WkQLrrPS0WnJPRI6zSVt2/VbKKRTTSLiVXgDvDRYknmHrZzdoy2Bz1)
global:
  salt:
    key: *****

测试@Test

@SpringBootTest
@Slf4j
class PropagationServiceTest {

    @Autowired
    PropagationService propagationService;

    @Test
    public void testConnection(){
        List<Propagation> propagations = propagationService.selectList();
        Assert.notEmpty(propagations,"未查询到内容");
        log.info("propagation中的数据:{}", propagations);
    }

}

控制台内容

propagation中的数据:[Propagation(id=1, type=required, comment=requiredA)

OK,到这里,加密和如何更改key就完成了。

posted @ 2023-04-25 15:19  源灬点  阅读(98)  评论(0编辑  收藏  举报