Spring boot Jasypt Example

• Jasypt provides you with easy unidirectional (digest) and bidirectional encryption techniques.
• Open API for use with any JCE provider, and not only the default Java VM one. Jasypt can be easily used with well-known providers like Bouncy Castle. Learn more.
• Higher security for your users’ passwords. Learn more.
• Binary encryption support. Jasypt allows the digest and encryption of binaries (byte arrays). Encrypt your objects or files when needed (for being sent over the net, for example).
• Number encryption support. Besides texts and binaries, it allows the digest and encryption of numeric values (BigInteger and BigDecimal, other numeric types are supported when encrypting for Hibernate persistence). Learn more.
• Completely thread-safe.
• Support for encryptor/digester pooling, in order to achieve high performance in multi-processor/multi-core systems.
• Includes a lightweight (“lite”) version of the library for better manageability in size-restrictive environments like mobile platforms.
• Provides both easy, no-configuration encryption tools for users new to encryption, and also highly configurable standard encryption tools, for power-users.

Please refer and learn: http://www.jasypt.org/features.html

Jasypt Maven Plugins — https://mvnrepository.com/artifact/com.github.ulisesbocchio/jasypt-maven-plugin/3.0.4

GitHub - ulisesbocchio/jasypt-spring-boot: Jasypt integration for Spring boot

pom.xml

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
   <modelVersion>4.0.0</modelVersion>
   <parent>
      <groupId>org.springframework.boot</groupId>
      <artifactId>spring-boot-starter-parent</artifactId>
      <version>2.6.3</version>
      <relativePath/> <!-- lookup parent from repository -->
   </parent>
   <groupId>com.example</groupId>
   <artifactId>spring-boot-jasypt</artifactId>
   <version>0.0.1-SNAPSHOT</version>
   <name>spring-boot-jasypt</name>
   <description>Demo project for Spring Boot</description>
   <properties>
      <java.version>11</java.version>
   </properties>
   <dependencies>
      <dependency>
         <groupId>org.springframework.boot</groupId>
         <artifactId>spring-boot-starter-data-jpa</artifactId>
      </dependency>
      <dependency>
         <groupId>com.github.ulisesbocchio</groupId>
         <artifactId>jasypt-spring-boot-starter</artifactId>
         <version>3.0.4</version>
      </dependency>
      <dependency>
         <groupId>mysql</groupId>
         <artifactId>mysql-connector-java</artifactId>
         <scope>runtime</scope>
      </dependency>
      <dependency>
         <groupId>org.projectlombok</groupId>
         <artifactId>lombok</artifactId>
         <optional>true</optional>
      </dependency>
      <dependency>
         <groupId>org.springframework.boot</groupId>
         <artifactId>spring-boot-starter-test</artifactId>
         <scope>test</scope>
      </dependency>
   </dependencies>

   <build>
      <plugins>
         <plugin>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-maven-plugin</artifactId>
            <configuration>
               <excludes>
                  <exclude>
                     <groupId>org.projectlombok</groupId>
                     <artifactId>lombok</artifactId>
                  </exclude>
               </excludes>
            </configuration>
         </plugin>
         <plugin>
            <groupId>com.github.ulisesbocchio</groupId>
            <artifactId>jasypt-maven-plugin</artifactId>
            <version>3.0.3</version>
         </plugin>
      </plugins>
   </build>
</project>

Employee.java

@Builder
@NoArgsConstructor
@AllArgsConstructor
@Data
@Entity
@Table(name = "employee")
public class Employee {
    @Id
    @GeneratedValue(strategy = GenerationType.IDENTITY)
    private Long employeeId;
    private String firstName;
    private String lastName;
    private String email;
    private String ssn;
}

EmployeeRepository.java

import org.springframework.data.jpa.repository.JpaRepository;

public interface EmployeeRepository extends JpaRepository<Employee, Long> {
}

EmployeeService.java

import org.jasypt.encryption.pbe.StandardPBEStringEncryptor;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;

import java.util.List;
import java.util.stream.Collectors;

@Service
public class EmployeeService {

    // This value must be kept in vault and Password value should be Strong
    private static String mpCryptoPassword = "BornToFight";

    @Autowired
    private EmployeeRepository employeeRepository;

    public Employee saveEmployee(Employee employee) {
        return employeeRepository.save(employee);
    }

    public List<Employee> findAllEmployees() {
        List<Employee> employees = employeeRepository.findAll();
        List<Employee> finalEmployees = employees.stream().map(e -> Employee.builder()
                        .employeeId(e.getEmployeeId())
                        .firstName(e.getFirstName())
                        .lastName(e.getLastName())
                        .email(e.getEmail())
                        .ssn(this.decrypt(e.getSsn()))
                        .build())
                .collect(Collectors.toList());
        return finalEmployees;
    }

    public String encryptor(String value) {
        StandardPBEStringEncryptor encryptor = new StandardPBEStringEncryptor();
        encryptor.setPassword(mpCryptoPassword);
        String encryptedPassword = encryptor.encrypt(value);
        return encryptedPassword;
    }

    public String decrypt(String value) {
        StandardPBEStringEncryptor decrypter = new StandardPBEStringEncryptor();
        decrypter.setPassword(mpCryptoPassword);
        String decryptedValue = decrypter.decrypt(value);
        return decryptedValue;
    }
}

MainApp.java

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.CommandLineRunner;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;

import java.util.List;

@SpringBootApplication
public class SpringBootJasyptApplication implements CommandLineRunner {

   public static void main(String[] args) {
      SpringApplication.run(SpringBootJasyptApplication.class, args);
   }

   @Autowired
   private EmployeeService employeeService;

   @Override
   public void run(String... args) throws Exception {
      Employee employee = Employee.builder()
            .firstName("John")
            .lastName("Doe")
            .email("john.doe@springone.com")
            .ssn(employeeService.encryptor("1234567890"))
            .build();

      employeeService.saveEmployee(employee);

      List<Employee> allEmployees = employeeService.findAllEmployees();
      allEmployees.forEach(e -> System.out.println(e.toString()));
   }
}

application.yml

spring:
  datasource:
    username: root
    password: Password
    url: jdbc:mysql://localhost:3306/test
    driver-class-name: com.mysql.cj.jdbc.Driver
  jpa:
    show-sql: true
    hibernate:
      ddl-auto: update
    properties.hibernate.dialect: org.hibernate.dialect.MySQL5Dialect

Create Table-

create table employee (
    employee_id bigint not null auto_increment,
    email varchar(255),
    first_name varchar(255),
    last_name varchar(255),
    ssn varchar(255),
    primary key (employee_id)
) engine=MyISAM;

Result

Console Response

Note — Related Article — https://javatechie4u.medium.com/spring-boot-password-encryption-using-jasypt-9ee731701e70