44.1 Jasypt dependency and made it work (#44 encrypt passwords using jasypt)
This commit is contained in:
Art
@ -92,6 +92,12 @@
|
||||
<version>1.12.75</version>
|
||||
</dependency>
|
||||
|
||||
<dependency>
|
||||
<groupId>com.github.ulisesbocchio</groupId>
|
||||
<artifactId>jasypt-spring-boot-starter</artifactId>
|
||||
<version>2.0.0</version>
|
||||
</dependency>
|
||||
|
||||
<dependency>
|
||||
<groupId>org.springframework.boot</groupId>
|
||||
<artifactId>spring-boot-starter-test</artifactId>
|
||||
|
||||
@ -6,7 +6,7 @@ import com.amazonaws.services.secretsmanager.model.*;
|
||||
import com.fasterxml.jackson.databind.JsonNode;
|
||||
import com.fasterxml.jackson.databind.ObjectMapper;
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
import org.springframework.boot.context.event.ApplicationPreparedEvent;
|
||||
import org.springframework.boot.context.event.ApplicationEnvironmentPreparedEvent;
|
||||
import org.springframework.context.ApplicationListener;
|
||||
import org.springframework.core.env.ConfigurableEnvironment;
|
||||
import org.springframework.core.env.PropertiesPropertySource;
|
||||
@ -16,29 +16,37 @@ import java.util.Base64;
|
||||
import java.util.Properties;
|
||||
|
||||
@Slf4j
|
||||
public class SecretsManagerPropertiesListener implements ApplicationListener<ApplicationPreparedEvent> {
|
||||
public class SecretsManagerPropertiesListener implements ApplicationListener<ApplicationEnvironmentPreparedEvent> {
|
||||
|
||||
private ObjectMapper mapper = new ObjectMapper();
|
||||
|
||||
@Override
|
||||
public void onApplicationEvent(ApplicationPreparedEvent event) {
|
||||
public void onApplicationEvent(ApplicationEnvironmentPreparedEvent event) {
|
||||
|
||||
String activeProfiles = event.getApplicationContext().getEnvironment().getProperty("spring.profiles.active");
|
||||
if (activeProfiles == null || !activeProfiles.contains("aws-rds")) return;
|
||||
System.out.println("ApplicationListener<ApplicationEnvironmentPreparedEvent> invoked");
|
||||
log.info("ApplicationListener<ApplicationEnvironmentPreparedEvent> invoked");
|
||||
|
||||
ConfigurableEnvironment environment = event.getEnvironment();
|
||||
String activeProfiles = environment.getProperty("spring.profiles.active");
|
||||
// if (activeProfiles == null || !activeProfiles.contains("aws-rds")) return;
|
||||
|
||||
String secretJson = getSecret();
|
||||
|
||||
log.debug("Retrieved secretJson from Secret Manager: {}", secretJson);
|
||||
System.out.println("Retrieved secretJson from Secret Manager: " + secretJson);
|
||||
|
||||
String jwtSecret = getString(secretJson, "app_jwt_secret");
|
||||
String springDatasourceUsername = getString(secretJson, "spring_datasource_username");
|
||||
String springDatasourcePassword = getString(secretJson, "spring_datasource_password");
|
||||
String jasyptPassword = getString(secretJson, "jasypt_password");
|
||||
// String jwtSecret = getString(secretJson, "app_jwt_secret");
|
||||
// String springDatasourceUsername = getString(secretJson, "spring_datasource_username");
|
||||
// String springDatasourcePassword = getString(secretJson, "spring_datasource_password");
|
||||
|
||||
ConfigurableEnvironment environment = event.getApplicationContext().getEnvironment();
|
||||
Properties props = new Properties();
|
||||
props.put("app.jwt.secret", jwtSecret);
|
||||
props.put("spring.datasource.username", springDatasourceUsername);
|
||||
props.put("spring.datasource.password", springDatasourcePassword);
|
||||
System.setProperty("JASYPT_PASSWORD", jasyptPassword);
|
||||
props.put("jasypt.encryptor.password", jasyptPassword);
|
||||
|
||||
// props.put("app.jwt.secret", jwtSecret);
|
||||
// props.put("spring.datasource.username", springDatasourceUsername);
|
||||
// props.put("spring.datasource.password", springDatasourcePassword);
|
||||
|
||||
environment.getPropertySources().addFirst(new PropertiesPropertySource("aws.secret.manager", props));
|
||||
|
||||
|
||||
@ -21,8 +21,8 @@ spring:
|
||||
datasource:
|
||||
driver-class-name: com.mysql.cj.jdbc.Driver
|
||||
url: jdbc:mysql://mysql:3306/support-portal
|
||||
username: support_portal_user
|
||||
password: support_portal_password
|
||||
username: ENC(bGNdXu0n1sQxtHpAQy8E/fegT25zKbk6iTZoqg8ddaU=)
|
||||
password: ENC(hZarzMkUMf97sQ07tD58A2HOhbdoPdZtcpkif4vR9jY=)
|
||||
jpa:
|
||||
hibernate:
|
||||
ddl-auto: update
|
||||
@ -44,8 +44,12 @@ app:
|
||||
cors:
|
||||
allowed-origins: http://localhost:4200,https://localhost:4200,http://art-support-portal.s3-website.eu-north-1.amazonaws.com,http://portal.shyshkin.net
|
||||
jwt:
|
||||
secret: VeRy_5ecretP@55W0rd!
|
||||
secret: ENC(VAMFn7FEkahKbzf+99EzkajMeLjE/WvJLCadLVZXSE8=)
|
||||
# secret: ${random.value} #Does not work - every time generates new value
|
||||
jasypt:
|
||||
encryptor:
|
||||
password: ${JASYPT_PASSWORD}
|
||||
|
||||
---
|
||||
spring:
|
||||
config:
|
||||
@ -94,13 +98,13 @@ spring:
|
||||
on-profile: aws-rds
|
||||
datasource:
|
||||
url: jdbc:mysql://portal-db.coaum9neetxc.eu-north-1.rds.amazonaws.com:3306/support_portal
|
||||
username: portal_user
|
||||
password: Supp0rt_Porta!_PAssword
|
||||
username: ENC(35q85d0/Lei1FAWM5zvqUyfnOxvUYqWG)
|
||||
password: ENC(IN86fPa4xxATIP1S5fV94fos3drWXOTCurStNvQYM9s=)
|
||||
mail:
|
||||
host: email-smtp.eu-north-1.amazonaws.com
|
||||
port: 587
|
||||
username: AKIAVW7XGDOWFHHCELIH
|
||||
password: BJyWOWS1xWYR35MRCFn3BuuQ6vY+k7DRsdAvOfqDs/Fk
|
||||
username: ENC(WWVCoLPOjjNlfepTKeRFF4wep6onc3LnbkoPGh+Xwqc=)
|
||||
password: ENC(VTO/7U6tFHSzMs6UtTusUXSWAUkgLaTbsqvsVphIvCS9VfdEd9nx8+919i7usoKwvuzWZPFx4/8=)
|
||||
|
||||
# we want to test (1) from localhost, (2) from S3 bucket Static Web Site, (3) from our EC2 instance
|
||||
app:
|
||||
|
||||
Reference in New Issue
Block a user