java – How I can encrypt/decrypt Spring boot server properties

java – How I can encrypt/decrypt Spring boot server properties

If youre looking for spring boot related answer I suggest taking a look at spring-cloud-config project.

This project allows managing configurations externally (in filesystem or in git, for example), and among other things has a support for encrypting property values both via symmetric private secret and via public/private key pair

A protected Property, in this case, looks like this:

db.password={cipher}AZXCASDAZXC341234ZXCASDFedr453

Where the AZXCASDAZXC341234ZXCASDFedr453 is actually an encrypted value of some password.
In order to encrypt it, you should call the encrypt method one time, assuming the spring-cloud-config server is running on port 8888 of your machine.

 $ curl localhost:8888/encrypt -d mysecretdbpassword >>AZXCASDAZXC341234ZXCASDFedr453

Here the value of password mysecretdbopassword gets encrypted.

The key has to be specified in configurations of the spring-cloud-config microservice itself.

 encrypt.key=ABC123ABC123ABC123

Another option that this service has is an integration with Hashicorp vault, so it also can be a good candidate for keeping the secrets.

Update: There is a similar/better answer to a duplicate question here, as pointed out by Adam in his comment.


We did something similar by incorporating the Jasypt tool. Its nicely baked into the Spring eco-system. Basically you encrypt the values with an encryption key (a string) and put the encrypted value in your properties file surrounded by ENC(...). Then you put the encryption key in a specified environment variable on the server where your code is running. You can then map the encrypted values directly into variables with @Value(...).

Another option is not to store the password in your source at all, and instead secure those on the server in environment variables and access them directly at runtime. I think any way you slice it you end up relying on the fact that the server is secure, so its important that you are confident that your server wont be compromised.

java – How I can encrypt/decrypt Spring boot server properties

Leave a Reply

Your email address will not be published. Required fields are marked *