KapreSoft
Thank you for unblocking ads; your support allows us to continue delivering free, high-quality content that truly matters to you.

Encrypting Properties File Values with Jasypt

 
 

Overview

Property files are text resources in your standard web application that contains key-value information. There may come a time when information should not be stored in plain sight. This article will demonstrate how to encrypt properties file values using Jasypt encryption module. Jasypt is freely available and comes with Spring Framework integration.

Prerequisites

What is Jasypt?

Jasypt (Java Simplified Encryption) is a Java library that provides easy encryption and decryption of data. It can be used to encrypt sensitive information such as passwords, credit card numbers, and other confidential data in Java applications.

Why is Jasypt a Valuable Tool?

  1. Easy to use: Jasypt provides an easy-to-use API for encrypting and decrypting data, which makes it simple for developers to integrate encryption functionality into their Java applications.

  2. Security: Jasypt uses strong encryption algorithms, such as AES, to ensure that data is securely encrypted and decrypted.

  3. Flexibility: Jasypt can be used to encrypt data in a variety of formats, such as properties files, XML files, and databases. It also offers different encryption modes and configurations to fit specific use cases.

  4. Integration: Jasypt integrates easily with popular Java frameworks such as Spring, Hibernate, and Struts.

  5. Overall, Jasypt is a valuable tool for any Java developer who needs to encrypt sensitive data in their applications.

Is Jasypt Secure to Use?

Yes, Jasypt is generally considered a secure tool for encrypting and decrypting data in Java applications. It uses strong encryption algorithms, such as AES, and supports a variety of encryption modes and configurations to fit specific use cases. Additionally, Jasypt offers protection against common attacks, such as dictionary attacks and brute force attacks, by using salt and key strengthening.

That being said, like any encryption tool, the security of Jasypt depends on how it is used and configured. It’s important to follow best practices for encryption, such as using strong encryption keys and managing them securely, to ensure the confidentiality and integrity of sensitive data. It’s also recommended to keep Jasypt and its dependencies up-to-date with the latest security patches and updates.

Does Jasypt Follow Standard Security Practices?

Yes, Jasypt follows standard security practices for encryption and hashing. It uses well-known and widely accepted cryptographic algorithms and protocols, such as AES, Blowfish, and RSA, to provide strong encryption and decryption capabilities. Jasypt also follows best practices for key management, such as using secure random number generators to generate encryption keys and storing them securely.

In addition, Jasypt provides various features to enhance the security of sensitive information, such as password-based encryption, salted hashing, and key strengthening. These features make it more difficult for attackers to decrypt or crack sensitive information even if they obtain the encrypted data.

Overall, Jasypt is considered a secure and reliable encryption library that follows standard security practices. However, like any security software, it is important to use it properly and keep it up-to-date to ensure the best possible security.

Jasypt vs. AWS Secrets Manager

Jasypt is a Java library that provides encryption and decryption functionality for sensitive data in Java applications. It is a developer tool that can be used to secure sensitive information such as passwords, API keys, and other confidential data stored in properties files, databases, or other data sources.

AWS Secrets Manager, on the other hand, is a managed service provided by Amazon Web Services (AWS) that enables developers to store, manage, and retrieve secrets such as database credentials, API keys, and other sensitive information in a secure and scalable way. It is a cloud-based service that allows developers to manage secrets centrally and retrieve them programmatically from their applications.

While Jasypt is a developer tool that provides encryption functionality for sensitive data, AWS Secrets Manager is a cloud service that provides a secure and scalable way to store and manage secrets. Developers can use both tools in combination to secure their Java applications.

Properties File

A standard java web-based application may consist numerous properties file. An example of those files would be:

As an example for a file like mail.properties it would contain key-value pairs used by the application to configure a web-application at different stages of the running web application.

Plain Text Values In Properties Files

The following code snippet below is a typical example of a property configuration for an SMTP service. Note that the username and password entries are provided in clear text.

Code Snippet 1. Property file values

1
2
3
4
5
local.mail.smtps.host=smtp.gmail.com
local.mail.smtps.port=465
local.mail.smtps.debug=true
local.mail.smtps.username=morpheus@gmail.com
local.mail.smtps.password=Take the blue pill

As you can see sensitive information like the username and password is stored in plain text. To make it even worst, we check this in to a source repository like github. Wouldn’t it be nice if we could encrypt username and password values?

Encrypted Values in Properties File

With Jasypt you can enter encrypted values by enclosing them with ENC(‘value’). The values are decrypted in-memory (i.e. during load-time) using a Jasypt-based extension of Spring Framework’s org.springframework.context.support.PropertySourcesPlaceholderConfigurer.

Code Snippet 2. Jasypt TextEncryptor solution for encrypting property file values.

1
2
3
4
5
6
mail.smtps.username=ENC(iXm7KjIoubkQVmbJdTJxGJPPIHkZ6H9fq7ZJsfsGpIk=)
mail.smtps.password=ENC(zcV8BmkkZchyHzEmNyM70seLHUFwFz4va8w5wpvYXYE=)

mail.smtps.host=smtp.gmail.com
mail.smtps.port=465
mail.smtps.debug=true

Source: mail.properties

Encrypting the property value using Jasypt

Standard Property Placeholder Configuration

The following configuration is a spring framework’s standard property placeholder configuration.

Code Snippet 3. Standard Property Placeholder Configuration

<context:property-placeholder location="classpath*:*.properties"/>

Jasypt Text Encryptor Configuration

The code snippet shown below enables the jasypt BasicTextEncryptor implementation with an override to the standard spring property placeholder configuration.

Code Snippet 4. Jasypt TextEncryptor Configuration

1
2
3
4
5
6
<bean id="textEncryptor" class="org.jasypt.util.text.BasicTextEncryptor"
    p:password="go-big-or-go-home"/>

<bean id="propertyPlaceholder" class="org.jasypt.spring31.properties.EncryptablePropertySourcesPlaceholderConfigurer"
    p:locations="classpath*:*.properties" 
    c:textEncryptor-ref="textEncryptor"/>

You may want to vary your configuration for each environment. For instance dev would be just the default Spring PropertySourcesPlaceholderConfigurer and stage, prod would use Jasypt’s EncryptablePropertySourcesPlaceholderConfigurer. One would use Spring Framework Profile Feature (or equivalent) to vary configurations between deployment but this type of discussion is beyond the scope of this blog.

Code Snippet 5. Mail Sender Bean Configuration

1
2
3
4
5
<bean id="mailSender" class="org.springframework.mail.javamail.JavaMailSenderImpl"
    p:protocol="smtps"p:host="${mail.smtps.host}"
    p:port="${mail.smtps.port}"
    p:username="${mail.smtps.username}"
    p:password="${mail.smtps.password}"/>

Code Snippet 6. Spring Annotation-based Configuration

1
2
3
4
5
6
7
8
9
10
@Controller
public class MailController {

    @Value("${mail.smtps.username}")
    private String email;
    
    @Value("${mail.smtps.password}")
    private String password;

}

Source: app-ctx.xml

Generating Salted Encrypted Values

I created an example of how you would produce an encrypted value using a JUnit test class. The JUnit test shown on the code snippet below is an example code for generating the encrypted value. Update the secret password as needed but make sure not to check-in the real one.

Note that each time you run the test it will produce a different encrypted text value because the encryption is salted. SEE TextEncryptorTest.java

Code Snippet 7. Unit example for generating an encrypted value

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
package com.lagnada.xmx1024.integration;

import org.jasypt.util.text.BasicTextEncryptor;
import org.junit.Before;
import org.junit.Test;

import static org.fest.assertions.Assertions.assertThat;

/**
 * Test Utility for generating encrypted passwords for {@link org.jasypt.spring31.properties.EncryptablePropertySourcesPlaceholderConfigurer}
 */
public class TextEncryptorTest {

    BasicTextEncryptor encryptor;

    @Before
    public void setUp() throws Exception {
        encryptor = new BasicTextEncryptor();
        encryptor.setPassword("go-big-or-go-home");
    }

    @Test
    public void generateEncryptedText() {
        String plainText = "Take the blue pill";
        String encrypted = encryptor.encrypt(plainText);
        System.out.printf("encrypted: %s%n", encrypted);
        assertThat(encrypted).isNotNull();
        assertThat(encrypted).isNotEqualTo(plainText);
    }
}

After running the JUnit code on Code Snippet 7, use the encrypted text value and enclose it with ENC() in any of your sourced properties file.

Code Snippet 8. Encrypted property value example

mail.smtps.password=ENC(eVrfrMcWl9J7fiC+9q4w8bNR+MSeTT5yfh1JL0/mUtk=)

Source Code

The entire source code can be pulled at github xmx1024. Please feel free to fork it.

In Conclusion

In this article, we discussed how to encrypt property file values using Jasypt encryption module, which is a Java library that provides easy encryption and decryption of data. Jasypt is a valuable tool for any Java developer who needs to encrypt sensitive data in their applications.

We also compared Jasypt with AWS Secrets Manager, which is a managed service provided by Amazon Web Services that enables developers to store, manage, and retrieve secrets in a secure and scalable way. While Jasypt is a developer tool that provides encryption functionality for sensitive data, AWS Secrets Manager is a cloud service that provides a secure and scalable way to store and manage secrets.

Finally, we looked at how to encrypt property values using Jasypt and how to configure the Jasypt TextEncryptor with an override to the standard Spring property placeholder configuration. By encrypting property values using Jasypt, we can protect sensitive information such as passwords, API keys, and other confidential data stored in properties files, databases, or other data sources.


Spring • Intro to WebTestClient
In the ever-evolving landscape of web application development, the Spring Framework stands out as a robust, versatile platform. Among its myriad tools and features, WebTestClient emerges as a pivotal component, especially in the realm of testing. This introductory article will navigate through the basics of WebTestClient, unraveling its role in enhancing the testing capabilities of Spring-based web applications.
Spring • Intro To Null Safety
The Spring Framework brings a pivotal enhancement to Java’s capabilities with its introduction of null safety annotations. This article aims to unravel how these annotations bridge the gap created by Java’s limited ability to express null safety through its type system.
Spring • Intro To Bean Post Processors
The Spring Framework, a cornerstone for developing modern Java applications, is renowned for its comprehensive capabilities in managing and enhancing Java beans. A pivotal component in this toolkit is the BeanPostProcessors. These elements are instrumental in tailoring the bean creation and lifecycle management process, offering developers granular control over bean behavior. This article delves deep into the realm of BeanPostProcessors, unraveling their functional dynamics, significance, and methodologies for effective utilization.
Spring • Intro to Java-based Configuration
In this article, we delve into the transformative world of Java-based configuration in Spring Framework. We begin by exploring the evolution from traditional XML configurations to the more dynamic Java-based approach, highlighting the advantages and flexibility it brings to modern software development. This introduction sets the stage for a comprehensive understanding of Java-based configuration in Spring, offering insights into why it has become a preferred method for developers worldwide.
Autowiring With Factory Beans in Spring
The Spring Framework, a cornerstone in the world of Java application development, has revolutionized the way developers manage dependencies. At the heart of this transformation is the concept of Autowiring, a powerful feature that automates the process of connecting objects together. Autowiring in Spring eliminates the need for manual wiring in XML configuration files, instead relying on the framework’s ability to intuitively ‘guess’ and inject dependencies where needed. This intuitive approach not only simplifies the code but also enhances its modularity and readability, making Spring-based applications more maintainable and scalable.
Spring • Web Mvc Functional Endpoints
In the dynamic landscape of web development, the Spring Framework has emerged as a cornerstone for building robust and scalable web applications. At the heart of this framework lies Spring Web MVC, a powerful module known for its flexibility and ease of use. This article aims to shed light on a particularly intriguing aspect of Spring Web MVC: WebMvc.fn, an approach that represents a more functional style of defining web endpoints.
Spring • Revolutionize the Power of Strongly Typed @Qualifiers.
The Spring Framework, renowned for its comprehensive infrastructure support for developing robust Java applications, empowers developers with various tools and annotations to streamline the process. One such powerful annotation is @Qualifier, which refines the autowiring process in Spring applications. This article delves into the basic usage of @Qualifier in conjunction with Spring’s autowiring feature and then explores a more advanced technique: creating a strongly-typed qualifier through custom annotation. It focuses on how these methods enhance precision in dependency injection, using Spring Boot as the demonstration platform.
Spring • Intro to @SessionScope
In the world of Spring Framework, understanding session scope is crucial for efficient web application development. This article serves as an introduction to the concept of session scope in Spring and sheds light on its significance in managing user sessions within web applications. We’ll delve into the fundamentals and explore why it plays a pivotal role in creating responsive and user-centric web experiences.
Spring • Intro To Prototype Scope
In this article, we’ll dive into one of the less explored yet highly valuable concepts in the Spring Framework - the Prototype scope. While many developers are familiar with the more common scopes like @Singleton and @Request, understanding the nuances of Prototype can give you more control over the lifecycle of your Spring beans. We’ll explore what Prototype scope is, when and why you should use it, and how it differs from other scopes.
Spring • Intro to @ApplicationScope
The Spring Framework is a foundational element in the realm of enterprise application development, known for its powerful and flexible structures that enable developers to build robust applications. Central to effectively utilizing the Spring Framework is a thorough understanding of its various scopes, with a special emphasis on @ApplicationScope. This scope is crucial for optimizing bean management and ensuring efficient application performance.
Getting Started with Spring Framework
The Spring Framework stands as a cornerstone in the world of Java application development, representing a paradigm shift in how developers approach Java Enterprise Edition (Java EE). With its robust programming and configuration model, Spring has streamlined the complexities traditionally associated with Java EE. This article aims to illuminate the core aspects of the Spring Framework, shedding light on its pivotal role in enhancing and simplifying Java EE development. Through an exploration of its features and capabilities, we unveil how Spring not only elevates the development process but also reshapes the landscape of enterprise Java applications.
Transform Your Data: Advanced List Conversion Techniques in Spring
The ConversionService of the Spring Framework plays a crucial role in simplifying data conversion tasks, particularly for converting lists from one type to another. This article zeroes in on understanding and leveraging the Spring Conversion Service specifically for list conversions, an essential skill for effective and accurate coding in Spring applications.
Mastering Spring's Scopes: A Beginner's Guide to Request Scope and Beyond
Spring Framework, a powerful tool in the Java ecosystem, offers a variety of scopes for bean management, critical for efficient application development. Among these, Request Scope is particularly important for web applications. This article dives deep into the nuances of Request Scope, especially for beginners, unraveling its concept and comparing it with the Prototype Scope.
Decoding AOP: A Comprehensive Comparison of Spring AOP and AspectJ
In this comprehensive comparison, we dive into the intricate world of Aspect-Oriented Programming (AOP) with a focus on two prominent players: Spring AOP and AspectJ. Understanding the distinction between these two technologies is crucial for software developers and architects looking to implement AOP in their applications.
Spring • Overcoming AOP Internal Call Limitation
Aspect-Oriented Programming (AOP) in Spring offers a powerful way to encapsulate cross-cutting concerns, like logging, security, or transaction management, separate from the main business logic. However, it’s not without its limitations, one of which becomes evident in the context of internal method calls.
Spring • Custom Annotations & AnnotationUtils
Spring, a powerhouse in the Java ecosystem, is renowned for simplifying the development process of stand-alone, production-grade Spring-based applications. At its core, Spring leverages annotations, a form of metadata that provides data about a program but isn’t part of the program itself. These annotations are pivotal in reducing boilerplate code, making your codebase cleaner and more maintainable.
Spring • Custom Annotations & AspectJ In Action
In this article, we delve into the dynamic world of Spring Framework, focusing on the power of custom annotations combined with AspectJ. We’ll explore how these technologies work together to enhance the capabilities of Spring applications. For those already versed in Spring and the art of crafting custom annotations in Java, this piece offers a deeper understanding of integrating AspectJ for more robust and efficient software design.
Mastering Testing with @MockBean in Spring Boot
In the realm of Java application development, the @MockBean annotation in Spring Boot is pivotal for effective testing. Part of the org.springframework.boot.test.mock.mockito package, it facilitates the creation and injection of Mockito mock instances into the application context. Whether applied at the class level or on fields within configuration or test classes, @MockBean simplifies the process of replacing or adding beans in the Spring context.
Spring Boot MockMVC Best Practices
Spring MockMVC stands as a pivotal component in the Spring framework, offering developers a robust testing framework for web applications. In this article, we delve into the nuanced aspects of MockMVC testing, addressing key questions such as whether MockMVC is a unit or integration test tool, its best practices in Spring Boot, and how it compares and contrasts with Mockito.
Spring Boot • Logging with Logback
When it comes to developing robust applications using the Spring framework, one of the key aspects that developers need to focus on is logging. Logging in Spring Boot is a crucial component that allows you to keep track of the behavior and state of your application.
Spring • DevOps Best Practices with Spring Profiles
The integration of Spring with DevOps practices is integral to modern application development. This guide will provide a deep dive into managing Spring profiles efficiently within machine images like Docker, including essential security-specific configurations for production Spring profiles and the handling of AWS resources and secret keys.
Spring Boot • Environment Specific Profiles
When building a Spring Boot application, it’s essential to have different configurations for various environments like development (dev), testing (test), integration, and production (prod). This flexibility ensures that the application runs optimally in each environment.
Spring WebFlux/Reactive • Frequently Asked Questions
In the evolving landscape of web development, reactive programming has emerged as a game-changer, offering solutions to modern high-concurrency, low-latency demands. At the forefront of this shift in the Java ecosystem is Spring WebFlux, an innovative framework that champions the reactive paradigm.
Spring Validation • Configuring Global Datetime Format
In the world of Java development, ensuring proper data validation and formatting is crucial. One key aspect of this is configuring a global date and time format. In this article, we will delve into how to achieve this using the Spring Framework, specifically focusing on Java Bean Validation.
Spring Reactive • Best Practice for Combining Calls with WebClient
Modern applications require a high level of responsiveness and resilience, and the reactive programming paradigm fits the bill. In the Spring ecosystem, WebClient is a non-blocking, reactive web client used to make asynchronous calls.
Spring Java Bean Validation
The Spring Framework, renowned for its versatility and efficiency, plays a pivotal role in offering comprehensive support for the Java Bean Validation API. Let’s embark on an exploration into the world of Bean Validation with Spring.
Spring 5 • Getting Started With Validation
Validation is an essential aspect of any Spring Boot application. Employing rigorous validation logic ensures that your application remains secure and efficient. This article discusses various ways to integrate Bean Validation into your Spring Boot application within the Java ecosystem. We’ll also explore how to avoid common pitfalls and improve your validation processes.
Spring 6 • What's New & Migration Guide
The Spring Framework’s legacy in the Java ecosystem is undeniable. Recognized for its powerful architecture, versatility, and constant growth, Spring remains at the forefront of Java development. The release of Spring Framework 6.x heralds a new era, with enhanced features and revisions that cater to the modern developer’s needs.
Spring UriComponentsBuilder Best Practices
The Spring Framework offers an array of robust tools for web developers, and one such utility is the UriComponentsBuilder. This tool provides an elegant and fluent API for building and manipulating URIs. This article offers a deep dive into various methods and applications of UriComponentsBuilder, backed by practical examples.
Spring Field Formatting
Spring Field Formatting is a pivotal component of the Spring Framework, allowing seamless data conversion and rendering across various contexts, particularly in client environments. This guide provides an in-depth look into the mechanics, interfaces, and practical implementations of Spring Field Formatting, elucidating its significance in modern web and desktop applications.
Spring Validator • Resolving Error Codes
Data validation is paramount for web applications, ensuring user input aligns with application expectations. Within the Spring ecosystem, validation and error message translation are critical components, enhancing user experience.
Spring Validator Interface
Spring offers a robust framework for application developers, with one of its standout features being data validation. Validation is essential for ensuring the accuracy, reliability, and security of user input. In this guide, we’ll delve deep into Spring’s Validator interface, understand its significance in the context of web applications, and explore how to implement it effectively.
Spring Type Conversion
Spring provides a robust type conversion system through its core.convert package, offering a versatile mechanism for converting data types within your applications. This system leverages an SPI (Service Provider Interface) for implementing type conversion logic and a user-friendly API for executing these conversions during runtime.
Spring Framework Expression Language
Spring, the ever-evolving and popular framework for Java development, offers a myriad of functionalities. Among these, the Spring Expression Language (SpEL) stands out as a notable feature for its capability to manipulate and query object graphs dynamically. In this comprehensive guide, we unravel the intricacies of SpEL, shedding light on its operators, syntax, and application.
Spring Framework Annotations
Spring Framework has solidified its place in the realm of Java-based enterprise applications. Its annotations simplify the coding process, enabling developers to focus on the business logic. This article delves into the core annotations in the Spring Framework, shedding light on their purposes and usage. Through this comprehensive guide, we aim to provide clarity and depth on these annotations.
Spring Controller vs RestController
The Spring MVC framework stands out as one of the most robust and versatile frameworks in the realm of Java web development. At the heart of its dynamism are two key annotations: @Controller and @RestController. These annotations not only define the structure but also dictate the behavior of web applications. This exploration aims to provide a deeper understanding of these annotations, their respective functionalities, and when to optimally use them.
Spring Boot Conditional Annotations
The world of Java programming, notably within the Spring Framework, constantly evolves, offering developers powerful tools and techniques to streamline application building. One such tool that stands out is the @Conditional annotation. This robust tool in Spring Boot is an absolute game-changer, offering a range of built-in annotations that allow developers to control configurations based on multiple criteria.
Spring Bean Manipulation and the BeanWrapper
In the realm of Java-based applications, the Spring Framework is renowned for providing powerful tools to manipulate and manage bean objects. Central to this process is the BeanWrapper. This article delves into the essence of Bean Manipulation, shedding light on the BeanWrapper, and the various tools provided by the Spring Framework and java.beans package.
Managing AWS CloudFront Using Spring Shell
This article explores an efficient approach to deploying static pages in CloudFront while leveraging the content delivery capabilities of AWS S3 and the convenience of Spring Shell Command-Line Interface (CLI) using the AWS SDK for Java.
Spring Framework Events
Spring Framework provides a powerful event handling mechanism that allows components within an application context to communicate and respond to events. This mechanism is based on the Observer design pattern and is implemented using the ApplicationEvent class and the ApplicationListener interface.
Spring Bean Scopes
Understanding and Utilizing Bean Scopes in the Spring Framework In this article, we will delve into the concept of bean scopes in Spring Framework. Understanding and effectively utilizing bean scopes is essential for controlling the lifecycle and behavior of your beans, allowing you to enhance the flexibility and power of your Spring applications.
Spring 6 Error Handling Best Practices
Error handling and exception design are integral components of developing Spring RESTful APIs, ensuring the application’s reliability, stability, and user experience. These practices enable developers to effectively address unexpected scenarios, such as invalid requests, database errors, or service failures, by providing graceful error responses.
Spring Boot, Jackson, and Lombok Best Practices
This article discusses the recommended practices for using Jackson and Lombok in conjunction with Spring Boot, a popular framework for building enterprise-level Java applications.
Spring Boot • Serialize Immutable Objects
This article illustrates how to serialize and write tests for immutable objects using Jackson and Lombok in Spring Boot.
Spring Boot Profiles & AWS Lambda: Deployment Guide
In this article, we will explore how to leverage the Spring Boot Profiles feature in an AWS Lambda Compute environment to configure and activate specific settings for each environment, such as development, testing, integration, and production.
AWS Lambda with Spring Boot: A Comprehensive Guide
This article explores the benefits of using Spring Boot with AWS Lambda, a powerful serverless compute service that enables developers to run code without worrying about server management. By integrating with the AWS cloud, AWS Lambda can respond to a variety of AWS events, such as S3, Messaging Gateways, API Gateway, and other generic AWS Resource events, providing an efficient and scalable solution for your application needs.
Secure SMTP with Spring JavaMailSender
This article discusses the use of Java Mail in the context of migrating email services to Google Apps For Your Domain. The author shares their experience with using the free service and encountered a problem with using the secure SMTP protocol to send emails programmatically through their old email account with the Spring JavaMailSender.