Transparently decrypt property values to be used in spring environment using jasypt library.
runtime('eu.hinsch:spring-properties-decrypter:0.1.9')
<dependency>
<groupId>eu.hinsch</groupId>
<artifactId>spring-properties-decrypter</artifactId>
<version>0.1.9</version>
</dependency>
Set decryption key via environment or system property
propertyDecryption.password=SECRETPASSWORD
Define any spring environment property anywhere it can be defined (application*.properties/yaml, system, environment, command line...) and insert encrypted value like this:
myProperty={encrypted}ENCRYPTEDVALUERAWDATA
To use a prefix other than '{encrypted}' define via
propertyDecryption.prefix=MY-PREFIX
By default uses PBEWithMD5AndDES (to allow running in default JRE). Note that this encryption is (at least with lots of dedicated resources) breakable. Stronger encryption is currently not working due to a bug in the underlying library.
To configure alternative algorithm:
propertyDecryption.algorithm=ALGORITHMNAME
Download the jasypt distribution from http://www.jasypt.org/download.html Run from the bin folder
encrypt [verbose=true] algorithm=PBEWithMD5AndDES saltGeneratorClassName=org.jasypt.salt.ZeroSaltGenerator password=... input=...
For more details http://www.jasypt.org/cli.html