Spring encrypt and decrypt API key in properties file

Question

Spring encrypt and decrypt API key in properties file

Original question

I have a properties file located in Tomcat and a properties file for testing located in src / test / resources.

I currently have the following setting. My properties files are loaded into my XML config.xml files

<?xml version="1.0" encoding="UTF-8"?>
<!-- Repository and Service layers -->
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p"
    xmlns:cache="http://www.springframework.org/schema/cache"
    xmlns:context="http://www.springframework.org/schema/context" xmlns:tx="http://www.springframework.org/schema/tx"
    xsi:schemaLocation="
    http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
    http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
    http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd
    http://www.springframework.org/schema/cache http://www.springframework.org/schema/cache/spring-cache.xsd">

    <!-- ========================= RESOURCE DEFINITIONS ========================= -->

    <context:component-scan base-package="be.omniatravel.service" />
    <context:property-placeholder 
        location="file:${catalina.base}/conf/omniatravel.properties"
        ignore-unresolvable="true" />


    <tx:annotation-driven />

</beans>

test config.xml

<?xml version="1.0" encoding="UTF-8"?>
<!-- Repository and Service layers -->
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p"
    xmlns:cache="http://www.springframework.org/schema/cache"
    xmlns:context="http://www.springframework.org/schema/context" xmlns:tx="http://www.springframework.org/schema/tx"
    xsi:schemaLocation="
    http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
    http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
    http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd
    http://www.springframework.org/schema/cache http://www.springframework.org/schema/cache/spring-cache.xsd">

    <!-- ========================= RESOURCE DEFINITIONS ========================= -->

    <context:component-scan base-package="be.omniatravel.service" />
    <context:property-placeholder 
        location="classpath:omniatravel_test.properties"
        ignore-unresolvable="true" />


    <tx:annotation-driven />

</beans>

And I can access these values by doing this in my Java files

public class SunnycarsClient extends WebServiceGatewaySupport {

    @Value("${sunnycars.serviceUri}")
    private String uri; // provided by the webservice

    @Value("${sunnycars.operatingKey}")
    private String key; // provide by the webservice

    @Value("${sunnycars.passphrase}")
    private String passphrase; // provided by the webservice

}

Currently, the operating key and passphrase are stored in these properties as flat text. I want to keep them as an encrypted value in order to minimize the risk and still have access to how I do it now.

Update 1

So now I have replaced the contents of config.xml with

<?xml version="1.0" encoding="UTF-8"?>
<!-- Repository and Service layers -->
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p"
    xmlns:cache="http://www.springframework.org/schema/cache"
    xmlns:context="http://www.springframework.org/schema/context" xmlns:tx="http://www.springframework.org/schema/tx"
    xsi:schemaLocation="
    http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
    http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
    http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd
    http://www.springframework.org/schema/cache http://www.springframework.org/schema/cache/spring-cache.xsd">

    <!-- ========================= RESOURCE DEFINITIONS ========================= -->

    <context:component-scan base-package="be.omniatravel.service" />

    <!-- bean definitions -->

    <bean
        class="org.jasypt.spring.properties.EncryptablePropertyPlaceholderConfigurer">
        <constructor-arg>
            <bean class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor">
                <property name="config">
                    <bean class="org.jasypt.encryption.pbe.config.EnvironmentStringPBEConfig">
                        <property name="algorithm" value="PBEWithMD5AndDES" />
                        <property name="passwordEnvName" value="APP_ENCRYPTION_PASSWORD" />
                    </bean>
                </property>
            </bean>
        </constructor-arg>
        <property name="locations">
            <list>
                <value>file:${catalina.base}/conf/omniatravel.properties</value>
            </list>
        </property>
    </bean>

    <bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource"
        destroy-method="close">
        <property name="sunnycarsMarshallerUri">
            <value>${sunnycars.marshallerUri}</value>
        </property>
        <property name="sunnycarsServiceUri">
            <value>${sunnycars.serviceUri}</value>
        </property>
        <property name="sunnycarsContextPath">
            <value>${sunnycars.contextPath}</value>
        </property>
        <property name="sunnycarsOperatingKey">
            <value>${sunnycars.operatingKey}</value>
        </property>
        <property name="sunnycarsPassphrase">
            <value>${sunnycars.passphrase}</value>
        </property>
    </bean>

    <tx:annotation-driven />

</beans>

But it’s still not clear to me how I should access them from my Java code.

propeties sunnycars.operatingKey = THE_KEY sunnycars.operatingKey = enc (ENCRYPTED_KEY), ENCRYPTED_KEY?

+4

java spring xml encryption properties-file

Glenn Van Schil 01 . '15 7:22

2

. (http://www.jasypt.org/spring31.html).

0

Sandra Parsick 01 . '15 7:55

M S Parmar · Accepted Answer · 2015-10-01T10:12:29+0000

jasypt1.9 * toolkit http://www.jasypt.org/

encrypt.dat cmd,

encrypt.date input = [ ] password = [ ] ,

= ENC ( )

 .. 

        <bean class="org.jasypt.encryption.pbe.config.EnvironmentStringPBEConfig">
                  <property name="algorithm" value="PBEWithMD5AndDES" />
                  <property name="password" value="APP_ENCRYPTION_PASSWORD" />
       </bean> ..

bean

<bean class="org.jasypt.encryption.pbe.config.EnvironmentStringPBEConfig">
                  <property name="algorithm" value="PBEWithMD5AndDES" />
                  <property name="password" value="#Key.keyValue}" />
       </bean>

Key.keyValue Key.

Spring encrypt and decrypt API key in properties file

Original question

Update 1

More articles: