Jasypt with spring framework

Question

I'm trying to set up jasypt to have passwords in .properties files encrypted. I don't need to encrypt anything on runtime, only decrypt.

My passwords are already encripted in the .properties file like this: some.pass=ENC(aFX0/gUNUbk1TMX0qddowrq23Htqr5Kh8mTwqmx1KA/n3tE=)

After researching I found that I could achieve this with some steps:

-Adding the Jasypt dependency on pom.xml

<dependency>
  <groupId>org.jasypt</groupId>
  <artifactId>jasypt</artifactId>
  <version>1.9.3</version>
</dependency>

Then there are two approaches (I think):

1 Use and environment variable (with the decription key) that is set on startup: -Djasypt.encryptor.password=decryptionKey

2 Use beans:

<bean id="environmentVariablesConfiguration"
      class="org.jasypt.encryption.pbe.config.EnvironmentStringPBEConfig">
    <property name="algorithm" value="PBEWithMD5AndDES" />
    <property name="passwordEnvName" value="decryptionKey" />
</bean>

<bean id="propertyConfigurer"
      class="org.jasypt.spring31.properties.EncryptablePropertyPlaceholderConfigurer">
    <constructor-arg ref="configurationEncryptor" />
    <property name="locations">
        <list>
            <value>/WEB-INF/classes/application.properties</value>
        </list>
    </property>
</bean>

My question is how do I actually decrypt my passwords with either one of these approaches. Can I simply use @Value("${some.pass}") String decryptedPassword; ?

I'm quite confused because most of the content that I searching is related to spring boot which is not my case.

Thanks in advance for any help

Answer 1

The solution was addind the pom dependency in pom.xml, then add to the VMoptions in Intellij an environment variable -DAPP_ENCRYPTION_PASSWORD=mykey.

Then I added the following beans:

<bean id="environmentVariablesConfiguration" class="org.jasypt.encryption.pbe.config.EnvironmentStringPBEConfig">
    <property name="algorithm" value="PBEWITHMD5ANDDES" />
    <property name="passwordSysPropertyName" value="APP_ENCRYPTION_PASSWORD" />
</bean>

<bean id="configurationEncryptor" class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor">
    <property name="config" ref="environmentVariablesConfiguration" />
</bean>

and then another bean for each environment, for example, for development:

<beans profile="development">
    <bean class="org.jasypt.spring4.properties.EncryptablePropertyPlaceholderConfigurer">
        <constructor-arg ref="configurationEncryptor" />
        <property name="locations">
            <list>
                <value>/WEB-INF/config/config.properties</value>
                <value>/WEB-INF/config/config.development.properties</value>
            </list>
        </property>
    </bean>
    <bean id="somethingService" class="doesnt.matter.common.someth.services.api.v1.Something"
          p:serverUrl="http://something"
          p:rest-ref="restOperations"
          p:encryptLoginRequest="true"
          p:encryptTokenRequest="true"
          p:urlEncoding="ISO-8859-1"
    />
</beans>

where inside the property name="locations" tag I listed every file where encrypted passwords could be found.

Then, in those files I put the encrypted passwords, using this online tool https://www.devglan.com/online-tools/jasypt-online-encryption-decryption. for example, in my config.properties file I have a password like:

some.password=ENC(balrcbxgktzeskjvn==)

Finally, in the file where I use the password, I used the @Value annotation like this:

@Value("${some.password}")
private String hiddenPass;