Spring Boot with Jasypt 1:1

Jasypt library offers encryption and decryption for text strings, passwords, and other private data. In order to protect sensitive data kept in configuration and property files, it can be utilised with Spring Boot.
Think of scenarios where you set actual API key for third-party libraries in the AWS parameter store

This blog will show how you can set up Jasypt with Spring Boot and use encrypted properties.

Step1: Setup Spring Project using https://start.spring.io

• Open your web browser and navigate to the Spring Initializr website at https://start.spring.io/.

Fill in the following details:
– Project: Maven Project
– Language: Java
– Spring Boot: 3.0.6
– Group: com.learning.springbootwithjasypt
– Artifact: springboot-with-jasypt
– Packaging: Jar
– Java: 17
– Description: Demo project for Spring Boot with Jasypt

• Click on Add dependencies and add the following dependencies:
  – Spring Web
• Click on Generate and download the generated zip file.
• You can import your produced project into your preferred IDE and develop your application once you have it.
• After all configuration, the setup should look like this.

Step2: Add necessary dependency in pom.xml

• Unzip the project and open it in your favourite IDE.
• Add the following dependency under dependencies
Note: This is needed for performing encryption and decryption of properties. You can find latest version here

<dependency>
   <groupId>com.github.ulisesbocchio</groupId>
   <artifactId>jasypt-spring-boot-starter</artifactId>
   <version>3.0.5</version>
</dependency>

• Add plugin dependency to generate the encrypted password under plugins
Note: This depndency is needed to generate encrypted password through command line

<plugin>
    <groupId>com.github.ulisesbocchio</groupId>
    <artifactId>jasypt-maven-plugin</artifactId>
    <version>3.0.5</version>
</plugin>

Step3: Generate encrypted properties

• Got to the application.properties file under the resources folder and add a property

database.password=ENC()

• Inside ENS we have to put the encrypted content. Suppose the password was password 😇
• Go to the command prompt and type the following command
  Note: Djasypt.encryptor.password is the secret key we are using to encrypt and decrypt the properties. -Djasypt.plugin.value is the actual content we want to encrypt.

mvn jasypt:encrypt-value -Djasypt.encryptor.password=jasypt_password -Djasypt.plugin.value=password

• Now whatever value it’s giving just put the content inside the ENC().

database.password=ENC(8j8xGbU2Tx33VigC390w17onLCM9QEqWjKqUnpSZ6SyG2Sydz6Vz/oP70lJiLmD9)

• Now when you start the application, it needs to know which secret key we used for encryption so that it can decrypt. So don't forget to add the following VM option while running the application.

-Djasypt.encryptor.password=jasypt_password

Step4: Add a controller to access the property

• Create a controller with the following content

Step5: Access the encrypted value

• Start your application by running the main SpringBootApplication class.
• Access the value using GET API http://localhost:8080/demo
• You will get the decrypted value.

The whole project can be found at this GitHub link https://github.com/codesprintpro/springbootwithjasypt.

I hope this blog will help in using encrypted values for all the important passwords, and API keys which we use locally or mainly in the cloud environment.

If you enjoyed reading this, don’t forget the applause. 👏
Thank you.