Comments (4)
I’m confused, change on any secret… encryption key or encrypted secret will require you to change the values in the property files…
from jasypt-spring-boot.
@ulisesbocchio Let me rephrase my problem.
We are using Jasypt to keep the data encrypted in the DB (Hibernate). So we set a password let's say 123, and we have 10 records in the DB with encrypted value through Jasypt. Now, I want to change the password from 123 to 234, but the existing records in the DB were encrypted with the password 123, correct? So my question was, is there any possibility for password rotation without touching already encrypted values in the DB, or do we need to write a job or so which will do the rest? e.g. get the encrypted data form the DB using an old password, encrypt with a new password, and put back. Hope I was clear now, thanks!
from jasypt-spring-boot.
Ah, the answer is yes, but not for free :)
You'd have to implement depending on the level of sophistication needed either a:
Or all of the above....
the fastest way is probably defining custom composite StringEncryptor
, this string encryptor would be bootstrapped from multiple keyed
string encryptors. For instance:
jasypt:
encryptor:
encryptors:
- key: old
default: true
privateKeyFormat: PEM
privateKeyLocation: classpath:private_key_old.pem
- key: new
privateKeyFormat: PEM
privateKeyLocation: classpath:private_key_new.pem
You'd figure out the code, but the trick here would be to also "enhance" the encrypt
and decrypt
methods:
private static class KeyedMessage {
public static parse(String value) {
// split incoming msg expecting a char separator like @ or whatever, for instance: `old@uaosdifuosidfu`
return new KeyedMessage(key, message);
}
public String toString() {
return this.key + "@" + this.message;
}
}
private StringEncryptor getDelegate(String key) {
// find own encryptors by key, or if key === null, use default one.
}
@Override
public String encrypt(String message) {
KeyedMessage msg = KeyedMessage.parse(message);
String encrypted = this.getDelegate(msg.getKey()).encrypt(msg.getMessage());
return new KeyedMessage(msg.getKey(), encrypted).toString();
}
@Override
public String decrypt(String encryptedMessage) {
KeyedMessage msg = KeyedMessage.parse(message);
return this.getDelegate(msg).decrypt(msg.getMessage());
}
then essentially you can add/remove encryptors to your list via config, and change the encrypted values in the DB at your own pace, so long as you don't remove the encryptor config before you remove the last encrypted password with that encryptor.
from jasypt-spring-boot.
Thanks @ulisesbocchio , I will check the solution and repost it here.
from jasypt-spring-boot.
Related Issues (20)
- Cause Spring Boot's configuration replacement to fail HOT 3
- I use a Gradle Project. Is this plugin just for maven project?
- I use a Gradle Project. Is this plugin just for maven project? HOT 1
- Spring RabbitMQ credentials can't be encrypted
- Create custom encryptor bean with an error HOT 4
- jasypt-spring-boot 3.0.5 doesn't work with spring boot 2.3.12.RELEASE HOT 1
- Multiple property decryption
- proxy-property-sources=true causes ClassCastException
- [BUG] in springboot 2.0.3,the "spring.config.name" properties lose efficacy
- JASYPT fails to bind properties 'spring.datasource.password' while using with ENC() HOT 1
- Is there an unresolvable circular reference HOT 3
- 3.x.x 以后可以自定义加密器吗,配置jasypt.encryptor.bean的方式
- GraalVM native app startup with errors. HOT 1
- Windows and Linux compatibility issues HOT 3
- AES256GCM, Base64 decod of key file failed...
- StackOverflowError with SpringBoot 3.1.5 and jasypt-spring-boot-starter 3.0.5 with ${cors.origins.allowed:#{http://localhost:4200}} HOT 2
- jasypt not decrypting already encrypted property (i.e in application.properties file) in xml based configuration spring boot project HOT 3
- Usage of StandardEncryptableEnvironment with additional active profile(s) and custom prefix and suffix breaks decryption
- String Encryptor custom Bean not found with name 'jasyptStringEncryptor' after upgrading to AWS CLOUD Spring3(implementation platform("io.awspring.cloud:spring-cloud-aws-dependencies:3.0.4)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from jasypt-spring-boot.