Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

jasypt password visible when passed as argument or System property #17

Closed
japako opened this issue Dec 18, 2015 · 2 comments
Closed

jasypt password visible when passed as argument or System property #17

japako opened this issue Dec 18, 2015 · 2 comments

Comments

@japako
Copy link

japako commented Dec 18, 2015

When an application is started in a way that is demonstrated below

java -jar target/jasypt-spring-boot-demo-0.0.1-SNAPSHOT.jar --jasypt.encryptor.password=password

java -Djasypt.encryptor.password=password -jar target/jasypt-spring-boot-demo-0.0.1-SNAPSHOT.jar

a linux user can see it by listing currently running processes. I belive that it could be solved with command:
export MY_PASSW=password

however currently required variable is 'jasypt.encryptor.password' that is not valid name for environment settings. Could that be replace with name like:
jasypt_encryptor_password
@ulisesbocchio
Copy link
Owner

yeah, sorry, I wish Spring Boot property sources would be smart enough to automatically replace _ with . for ENV variables since . is not permitted in ENV variables.
You can solve this quickly by creating application.properties or application.yml and adding:

jasypt.encryptor.password=${JASYPT_ENCRYPTOR_PASSWORD:}

or in YAML

jasypt:
    encryptor:
        password: {${JASYPT_ENCRYPTOR_PASSWORD:}

basically what this does is to define the jasypt.encryptor.password property that points to a different property JASYPT_ENCRYPTOR_PASSWORD that you can inject any way you want (environment or system property). This technique can also be used to translate property name/values for any other library you need.

@japako
Copy link
Author

japako commented Dec 18, 2015

HI,

That will work then. Looks like a good solution.

On 18 December 2015 at 02:03, Ulises Bocchio notifications@github.com
wrote:

yeah, sorry, I wish Spring Boot property sources would be smart enough to
automatically replace _ with . for ENV variables since . is not permitted
in ENV variables.
You can solve this quickly by creating application.properties or
application.yml and adding:

jasypt.encryptor.password=${JASYPT_ENCRYPTOR_PASSWORD:}

or in YAML

jasypt:
encryptor:
password: {${JASYPT_ENCRYPTOR_PASSWORD:}

basically what this does is to define the jasypt.encryptor.password
property that points to a different property JASYPT_ENCRYPTOR_PASSWORD
that you can inject any way you want (environment or system property). This
technique can also be used to translate property name/values for any other
library you need.


Reply to this email directly or view it on GitHub
#17 (comment)
.

Regards,
Bartosz Jablonski

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ulisesbocchio @japako