bluesky-boot-cryto is a library that provides functionality for encrypting values of properties in spring boot based projects.
It allows users to add their own implemented TextEncryptor and use it, and it can manage multiple TextEncryptors for use by preserving the encryption processing of previously used TextEncryptors
.
The encrypted value is stored in a form like {textEncryptorId}encryptedvalue
and a prefix value determines which textEncryptor to use to decrypt it.
The encryption method of DelegatingPasswordEncoder used by spring-security is implemented as DelegatingTextEncryptor.
Prerequisites
Adding the maven dependencies will set up the provided DecryptEnvironmentPostProcessor
.
<dependencies>
<dependency>
<groupId>io.github.luversof</groupId>
<artifactId>bluesky-boot-crypto</artifactId>
<version>3.1.0</version>
</dependency>
</dependencies>
If you don't set anything else, the two encryptors provided in the default sample will be used.
private static Map<String, TextEncryptor> getDefaultTextEncryptorMap() {
var textEncryptorMap = new HashMap<String, TextEncryptor>();
textEncryptorMap.put("text", Encryptors.text("pass", "8560b4f4b3"));
textEncryptorMap.put("delux", Encryptors.delux("pass", "8560b4f4b3"));
return textEncryptorMap;
}
If you have an TextEncryptor
that you want to use, you can add it to the TextEncryptorFactories
before starting your application.
You can add multiple TextEncrpytors, and if you only add one, that TextEncrptor
will be the default textEncryptor; if you add multiple, you can specify one of them as the default TextEncryptor
.
@SpringBootApplication
public class Application {
public static void main(String[] args) throws Throwable {
TextEncryptorFactories.createDelegatingTextEncryptor("encryptorId", encryptor);
SpringApplication.run(Application.class, args);
}
}
You can do this by adding the value encrypted with textEncryptor to properties.
Encrypt it with the textEncryptor you created above.
var delegatingTextEncryptor = TextEncryptorFactories.getDelegatingTextEncryptor();
var encryptedStr = delegatingTextEncryptor.encrypt("someValue");
The value encrypted with delegatingTextEncryptor looks like this: {encryptorId}encrypted value
.
For example, if you run the test below:
@Test
void encryptTest() {
var text = "test text!!!";
var encryptor = TextEncryptorFactories.createDelegatingTextEncryptor();
var encryptText = encryptor.encrypt(text);
log.debug("encryptText : {}", encryptText);
var decryptText = encryptor.decrypt(encryptText);
log.debug("decryptText : {}, {}", text.equals(decryptText), decryptText);
}
You can see the results below.
encryptText : {text}98300b76125b1badd91745b15ef542c385a0df80837410b3c854df34a93ff351
decryptText : true, test text!!!
You can use these encrypted values in properties.
someValue={text}98300b76125b1badd91745b15ef542c385a0df80837410b3c854df34a93ff351
The encrypted value of each property remains intact, and the decrypted value is stored as a separate property and is called and used first.
If you used actuator, you can see the handling of encrypted values in /actuator/env
.
version | prerequisites |
---|---|
3.1.0 | Java 17, Spring Boot 3.1.0 |