BestHub
Sign in
Backend Development 5 min read

Encrypting Spring Boot Configuration Files with Jasypt

This article explains how to secure sensitive Spring Boot configuration properties such as database credentials by integrating the Jasypt library, adding the Maven dependency, configuring an encryption password, generating encrypted values via tests, and applying them in YAML files with optional runtime salt handling.

Java Architect Essentials
Java Architect Essentials
Java Architect Essentials
Encrypting Spring Boot Configuration Files with Jasypt

Spring Boot configuration files (application.properties or application.yml) often contain plain‑text credentials, which poses a security risk. The article introduces jasypt , a library that provides encryption and decryption capabilities for such properties.

1. Add the Jasypt starter dependency

<dependency>
    <groupId>com.github.ulisesbocchio</groupId>
    <artifactId>jasypt-spring-boot-starter</artifactId>
    <version>2.1.0</version>
</dependency>

2. Configure the encryption password

# jasypt encryption key
jasypt:
  encryptor:
    password: Y6M9fAJQdU7jNp5MW

3. Generate encrypted values in a test

@RunWith(SpringRunner.class)
@SpringBootTest
public class DatabaseTest {
    @Autowired
    private StringEncryptor encryptor;

    @Test
    public void getPass() {
        String url = encryptor.encrypt("jdbc:mysql://localhost:3306/mydb?autoReconnect=true&serverTimezone=GMT%2B8&useUnicode=true&characterEncoding=utf-8");
        String name = encryptor.encrypt("root");
        String password = encryptor.encrypt("123456");
        System.out.println("database url: " + url);
        System.out.println("database name: " + name);
        System.out.println("database password: " + password);
        Assert.assertTrue(url.length() > 0);
        Assert.assertTrue(name.length() > 0);
        Assert.assertTrue(password.length() > 0);
    }
}

The test prints encrypted strings such as:

database url: 6Ut7iADnHS18cManoFJuNRQ5QEDfcho/... 
 database name: fmai72yGYKGlP6vTtX77EQ== 
 database password: GPMG7FGV+EA9iGkC27u67A==

4. Replace plain values with encrypted ones in application.yml

spring:
  datasource:
    url: ENC(h20YiPrvNnuuTGjlrE1RVpudMuIQAS6Z...)
    username: ENC(sT6BztXbJEa71eg3pPGYMQ==)
    password: ENC(MpSZFJ9ftq+3+VUANZjr0Q==)

Note that the ENC() wrapper is mandatory.

5. Provide the encryption password at deployment

Pass the password as a JVM argument or environment variable to avoid hard‑coding it:

java -jar xxx.jar -Djasypt.encryptor.password=Y6M9fAJQdU7jNp5MW

Or set it in /etc/profile :

export JASYPT_PASSWORD=Y6M9fAJQdU7jNp5MW
source /etc/profile
java -jar -Djasypt.encryptor.password=${JASYPT_PASSWORD} xxx.jar

By following these steps, sensitive configuration data is stored encrypted, improving the security posture of Spring Boot applications.

JavaconfigurationSpring BootsecurityencryptionJasypt
Java Architect Essentials
Written by

Java Architect Essentials

Committed to sharing quality articles and tutorials to help Java programmers progress from junior to mid-level to senior architect. We curate high-quality learning resources, interview questions, videos, and projects from across the internet to help you systematically improve your Java architecture skills. Follow and reply '1024' to get Java programming resources. Learn together, grow together.

0 followers
Reader feedback

How this landed with the community

login Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment