Fork me on GitHub

Example Settings4j

An example how secured-properties can be used with Spring-Boot.

Description

Spring-Boot has a nice clear definition how an application should be configured.

typically configurations are place in file:./application.properties or file:./config/application.properties

Limitation: Property-files in classpath cannot be modified, and YAML variants are not supported to auto-encrypt values by secured-properties for now.

Implementation Pattern

It is recommended to create a simple Helper class to initial encrypt values in the propoerty files and decrypt the values on demand where you need it.

Typically spring-boot config

In Spring-Boot you can simpley annotate a simple POJO with @ConfigurationProperties for application-configurations

Like the following Example:

@Component
@ConfigurationProperties(prefix = "your.app.props")
public class SpringBootTestProperties {
    private String anotherSecretPassword;
    private String mySecretPassword;

    public String getAnotherSecretPassword() {
        return anotherSecretPassword;

The complete code is in SpringBootTestProperties.java

Secured Properties Helper

The Helper contains your secured-properties configuration and can be used to initial encrypt unencrypted values in the propoerty files and decrypt the values on demand where you need it.

import net.brabenetz.lib.securedproperties.SecuredProperties;
import net.brabenetz.lib.securedproperties.SecuredPropertiesConfig;

import java.io.File;

public class SpringBootSecuredPropertiesHelper {
    // Here you should look if you maybe need a custom config:
    private static final SecuredPropertiesConfig config = new SecuredPropertiesConfig().initDefault();

    // the same property files which are supported by spring-boot:
    private static File[] propertyFiles = new File[] {new File("./config/application.properties"), new File("./application.properties")};

    public static void encryptProperties(String... keys) {
        SecuredProperties.encryptNonEncryptedValues(config, propertyFiles, keys);
    }

    public static String decrypt(String value) {
        if (SecuredProperties.isEncryptedValue(value)) {
            return SecuredProperties.decrypt(config, value);
        }
        return value;
    }

}

The complete code is in SpringBootSecuredPropertiesHelper.java

The Spring-Boot Starter Application

A spring-Boot application has a starter-class where you can directly decrypt values in the property-files if needed before it is used by spring.

@SpringBootApplication
public class SpringBootStarterApplication {

    public static void main(String[] args) {
        securePasswords();
        SpringApplication.run(SpringBootStarterApplication.class, args);
    }

    private static void securePasswords() {
        // this will encrypt the given properties if there are not already encrypted:
        SpringBootSecuredPropertiesHelper.encryptProperties(
                "your.app.props.my-secret-password",
                "your.app.props.another-secret-password");
    }
}

The complete code is in SpringBootStarterApplication.java

Some Service-Class

Now you can decrypt the values of your Properties class whereever you need it.

@Service
public class SpringBootTestService {

    @Autowired
    private SpringBootTestProperties testProperties;

    public void runHelloworld() {
        // decrypt the password as late as possible:
        System.out.println("MySecretPassword: " + SpringBootSecuredPropertiesHelper.decrypt(testProperties.getMySecretPassword()));
    }
}

The complete code is in SpringBootTestService.java