44.1 Jasypt dependency and made it work (#44 encrypt passwords using jasypt)

support-portal-backend/pom.xml

@@ -92,6 +92,12 @@
             <version>1.12.75</version>
         </dependency>
 
+        <dependency>
+            <groupId>com.github.ulisesbocchio</groupId>
+            <artifactId>jasypt-spring-boot-starter</artifactId>
+            <version>2.0.0</version>
+        </dependency>
+
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-test</artifactId>

support-portal-backend/src/main/java/net/shyshkin/study/fullstack/supportportal/backend/config/SecretsManagerPropertiesListener.java

@@ -6,7 +6,7 @@ import com.amazonaws.services.secretsmanager.model.*;
 import com.fasterxml.jackson.databind.JsonNode;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import lombok.extern.slf4j.Slf4j;
-import org.springframework.boot.context.event.ApplicationPreparedEvent;
+import org.springframework.boot.context.event.ApplicationEnvironmentPreparedEvent;
 import org.springframework.context.ApplicationListener;
 import org.springframework.core.env.ConfigurableEnvironment;
 import org.springframework.core.env.PropertiesPropertySource;
@@ -16,29 +16,37 @@ import java.util.Base64;
 import java.util.Properties;
 
 @Slf4j
-public class SecretsManagerPropertiesListener implements ApplicationListener<ApplicationPreparedEvent> {
+public class SecretsManagerPropertiesListener implements ApplicationListener<ApplicationEnvironmentPreparedEvent> {
 
     private ObjectMapper mapper = new ObjectMapper();
 
     @Override
-    public void onApplicationEvent(ApplicationPreparedEvent event) {
+    public void onApplicationEvent(ApplicationEnvironmentPreparedEvent event) {
 
-        String activeProfiles = event.getApplicationContext().getEnvironment().getProperty("spring.profiles.active");
+        System.out.println("ApplicationListener<ApplicationEnvironmentPreparedEvent> invoked");
-        if (activeProfiles == null || !activeProfiles.contains("aws-rds")) return;
+        log.info("ApplicationListener<ApplicationEnvironmentPreparedEvent> invoked");
+
+        ConfigurableEnvironment environment = event.getEnvironment();
+        String activeProfiles = environment.getProperty("spring.profiles.active");
+//        if (activeProfiles == null || !activeProfiles.contains("aws-rds")) return;
 
         String secretJson = getSecret();
 
         log.debug("Retrieved secretJson from Secret Manager: {}", secretJson);
+        System.out.println("Retrieved secretJson from Secret Manager: " + secretJson);
 
-        String jwtSecret = getString(secretJson, "app_jwt_secret");
+        String jasyptPassword = getString(secretJson, "jasypt_password");
-        String springDatasourceUsername = getString(secretJson, "spring_datasource_username");
+//        String jwtSecret = getString(secretJson, "app_jwt_secret");
-        String springDatasourcePassword = getString(secretJson, "spring_datasource_password");
+//        String springDatasourceUsername = getString(secretJson, "spring_datasource_username");
+//        String springDatasourcePassword = getString(secretJson, "spring_datasource_password");
 
-        ConfigurableEnvironment environment = event.getApplicationContext().getEnvironment();
         Properties props = new Properties();
-        props.put("app.jwt.secret", jwtSecret);
+        System.setProperty("JASYPT_PASSWORD", jasyptPassword);
-        props.put("spring.datasource.username", springDatasourceUsername);
+        props.put("jasypt.encryptor.password", jasyptPassword);
-        props.put("spring.datasource.password", springDatasourcePassword);
+
+//        props.put("app.jwt.secret", jwtSecret);
+//        props.put("spring.datasource.username", springDatasourceUsername);
+//        props.put("spring.datasource.password", springDatasourcePassword);
 
         environment.getPropertySources().addFirst(new PropertiesPropertySource("aws.secret.manager", props));
 

support-portal-backend/src/main/resources/application.yml

@@ -21,8 +21,8 @@ spring:
   datasource:
     driver-class-name: com.mysql.cj.jdbc.Driver
     url: jdbc:mysql://mysql:3306/support-portal
-    username: support_portal_user
+    username: ENC(bGNdXu0n1sQxtHpAQy8E/fegT25zKbk6iTZoqg8ddaU=)
-    password: support_portal_password
+    password: ENC(hZarzMkUMf97sQ07tD58A2HOhbdoPdZtcpkif4vR9jY=)
   jpa:
     hibernate:
       ddl-auto: update
@@ -44,8 +44,12 @@ app:
   cors:
     allowed-origins: http://localhost:4200,https://localhost:4200,http://art-support-portal.s3-website.eu-north-1.amazonaws.com,http://portal.shyshkin.net
   jwt:
-    secret: VeRy_5ecretP@55W0rd!
+    secret: ENC(VAMFn7FEkahKbzf+99EzkajMeLjE/WvJLCadLVZXSE8=)
 #    secret: ${random.value} #Does not work - every time generates new value
+jasypt:
+  encryptor:
+    password: ${JASYPT_PASSWORD}
+
 ---
 spring:
   config:
@@ -94,13 +98,13 @@ spring:
       on-profile: aws-rds
   datasource:
     url: jdbc:mysql://portal-db.coaum9neetxc.eu-north-1.rds.amazonaws.com:3306/support_portal
-    username: portal_user
+    username: ENC(35q85d0/Lei1FAWM5zvqUyfnOxvUYqWG)
-    password: Supp0rt_Porta!_PAssword
+    password: ENC(IN86fPa4xxATIP1S5fV94fos3drWXOTCurStNvQYM9s=)
   mail:
     host: email-smtp.eu-north-1.amazonaws.com
     port: 587
-    username: AKIAVW7XGDOWFHHCELIH
+    username: ENC(WWVCoLPOjjNlfepTKeRFF4wep6onc3LnbkoPGh+Xwqc=)
-    password: BJyWOWS1xWYR35MRCFn3BuuQ6vY+k7DRsdAvOfqDs/Fk
+    password: ENC(VTO/7U6tFHSzMs6UtTusUXSWAUkgLaTbsqvsVphIvCS9VfdEd9nx8+919i7usoKwvuzWZPFx4/8=)
 
 # we want to test (1) from localhost, (2) from S3 bucket Static Web Site, (3) from our EC2 instance
 app: