Encrypt Configuration Properties

From version 1.1.8 properties-file allow you use encrypted properties like this:

1. Generate encryption key

You need some steps to generate encryption key:
  • Clone properties-file repo
  • Import the repo to your IDE, example: IntelliJ
  • Open file EncryptionTool
  • Run the file and you will see in the Run Log like this: key: HjcisAmIXusz3FLTBE6IbIJ6siI6gI3t
  • , let's copy the key HjcisAmIXusz3FLTBE6IbIJ6siI6gI3t and store somewhere

2. Encrypt a property value

Let's say we need encrypt property value: Hello World with the key HjcisAmIXusz3FLTBE6IbIJ6siI6gI3t, we will need do some step:
public static void main(String[] args) {
    String key = "HjcisAmIXusz3FLTBE6IbIJ6siI6gI3t"; // change to your key
    String message = "Hello World";
    String encryptedMessage = encrypt(message, key);
    System.out.println("encrypted message: " + encryptedMessage);
  • You will se the log: encrypted message: ENC(uvZ92aXCSlSbAAKo9rJYnXq9yE6kcAgdgSaS1yD4Tzw=)
  • Now you can input to your application.properties: hello_world=ENC(uvZ92aXCSlSbAAKo9rJYnXq9yE6kcAgdgSaS1yD4Tzw=)

3. Decrypt the property value

There are some ways you can use to set encryption:
  • Store in application.properties: properties.decryption_key=HjcisAmIXusz3FLTBE6IbIJ6siI6gI3t: but this way is not secure, because everyone can see the file and use key to decrypt properties value
  • Store in system environment: properties.decryption_key=HjcisAmIXusz3FLTBE6IbIJ6siI6gI3t: this way is better because just someone can access the server
  • Run java application with vm options like this: -Dproperties.decryption_key=HjcisAmIXusz3FLTBE6IbIJ6siI6gI3t
After set the encryption key, you can read the decrypted property value.
With properties-file, you can do like this:
Properties properties = new MultiFileReader()
With ezyfox-bean, ezyfox-server, ezyhttp and every framework of youngmonkeys: you will don't need anything, it will decrypt and bind the property value automatically for you.
For ezyfox-server, you can put -Dproperties.decryption_key=your encryption key vm option to console.bat, console.sh and start-service.sh files.