SpringBoot配置文件依赖脱敏如果暴露的话,整个数据库都会被泄露,那么如何隐藏这些配置呢?今天给大家介绍一个可以让你在不知不觉中加解密配置文件的方案。使用开源插件:jasypt-spring-boot。项目地址如下:https://github.com/ulisesbocchio/jasypt-spring-boot使用方法很简单。集成SpringBoot只需要添加一个starter即可。1.添加依赖com.github.ulisesbocchiojasypt-spring-boot-starter3.0.32.配置秘钥在配置文件中添加一个加密的秘钥(任意),如下:jasypt:encryptor:password:Y6M9fAJQdU7jNp5MW当然,将秘钥直接放在配置文件中是不安全的。我们可以在项目启动时配置秘钥,命令如下:java-jarxxx.jar-Djasypt.encryptor.password=Y6M9fAJQdU7jNp5MW3。生成加密数据的步骤是对配置明文进行加密。代码如下:@SpringBootTest@RunWith(SpringRunner.class)publicclassSpringbootJasyptApplicationTests{/***注入加密方法*/@AutowiredprivateStringEncryptorencryptor;/***手动生成密文,这里演示url,user,password*/@Testpublicvoidencrypt(){Stringurl=encryptor.encrypt("jdbc\\:mysql\\://127.0.0.1\\:3306/test?useUnicode\\=true&characterEncoding\\=UTF-8&zeroDateTimeBehavior\\=convertToNull&useSSL\\=false&allowMultiQueries\\=true&serverTimezone=Asia/Shanghai");ngname=encryptor.encrypt("root");Stringpassword=encryptor.encrypt("123456");System.out.println("databaseurl:"+url);System.out.println("databasename:"+name);System.out.println("databasepassword:"+password);Assert.assertTrue(url.length()>0);Assert.assertTrue(name.length()>0);Assert.assertTrue(password.length()>0);}}上述代码对数据源的url、user、password进行了明文加密,输出的结果如下:databaseurl:szkFDG56WcAOzG2utv0m2aoAvNFH5g3DXz0o6joZjT26Y5WNA+1Z+pQFpyhFBokqOp2jsFtB+P9b3gB601rfas3dSfvS8Bgo3MyP1nojJgVp6gCVi+B/XUs0keXPn+pbX/19HrlUN1LeEweHS/LCRZslhWJCsIXTwZo1PlpXRv3Vyhf2OEzzKLm3mIAYj51CrEaN3w5cMiCESlwvKUhpAJVz/uXQJ1spLUAMuXCKKrXM/6dSRnWyTtdFRost5cChEU9uRjw5M+8HU3BLemtcK0vM8iYDjEi5zDbZtwxD3hA=databasename:L8I2RqYPptEtQNL4x8VhRVakSUdlsTGzEND/3TOnVTYPWe0ZnWsW0/5JdUsw9ulmdatabasepassword:EJYCSbBL8Pmf2HubIH7dHhpfDZcLyJCEGMR9jAV3apJtvFtx9TVdhUPsAxjQ2pnJ4.将加密后的密文写入配置jasypt?默认使用ENC()包裹,此时的数据源配置如下:spring:datasource:#数据源基本配置username:ENC(L8I2RqYPptEtQNL4x8VhRVakSUdlsTGzEND/3TOnVTYPWe0ZnWsW0/5JdUsw9ulm)password:ENC(EJYCSbBL8Pmf2HubIH7dHhpfDZcLyJCEGMR9jAV3apJtvFtx9TVdhUPsAxjQ2pnJ)driver-class-name:com.mysql.jdbc.Driverurl:ENC(szkFDG56WcAOzG2utv0m2aoAvNFH5g3DXz0o6joZjT26Y5WNA+1Z+pQFpyhFBokqOp2jsFtB+P9b3gB601rfas3dSfvS8Bgo3MyP1nojJgVp6gCVi+B/XUs0keXPn+pbX/19HrlUN1LeEweHS/LCRZslhWJCsIXTwZo1PlpXRv3Vyhf2OEzzKLm3mIAYj51CrEaN3w5cMiCESlwvKUhpAJVz/uXQJ1spLUAMuXCKKrXM/6dSRnWyTtdFRost5cChEU9uRjw5M+8HU3BLemtcK0vM8iYDjEi5zDbZtwxD3hA=)type:com.alibaba.druid.pool.DruidDataSource上述配置是使用默认的prefix=ENC(、suffix=),Ofcourse,wecanchangeitaccordingtoourownrequirements,justchangeitintheconfigurationfile,asfollows:jasypt:encryptor:##Specifytheprefixandsuffixproperty:prefix:'PASS('suffix:')'ThentheconfigurationatthistimeisThepackagemustbedecryptedwithPASS(),asfollows:spring:datasource:#Basicdatasourceconfigurationusername:PASS(L8I2RqYPptEtQNL4x8VhRVakSUdlsTGzEND/3TOnVTYPWe0ZnWsW0/5JdUsw9ulm)password:PASS(EJYCSbBL8Pmf2HubIH7dHhpfDZcLyJCEGMR9jAV3apJtvFtx9TVdhUPsAxjQ2pnJ)driver-class-name:com.mysql.jdbc.Driverurl:PASS(szkFDG56WcAOzG2utv0m2aoAvNFH5g3DXz0o6joZjT26Y5WNA+1Z+pQFpyhFBokqOp2jsFtB+P9b3gB601rfas3dSfvS8Bgo3MyP1nojJgVp6gCVi+B/XUs0keXPn+pbX/19HrlUN1LeEweHS/LCRZslhWJCsIXTwZo1PlpXRv3Vyhf2OEzzKLm3mIAYj51CrEaN3w5cMiCESlwvKUhpAJVz/uXQJ1spLUAMuXCKKrXM/6dSRnWyTtdFRost5cChEU9uRjw5M+8HU3BLemtcK0vM8iYDjEi5zDbZtwxD3hA=)type:com.alibaba.druid.pool.DruidDataSource5。总结一下,jasypt有很多高级用法,比如自己配置加密算法。具体操作可以参考Github上的文档
