Encrypt Configuration Properties

Updated at 1699804387000
From version 1.1.8 properties-file allows you use encrypted properties like this:


1. Generate encryption key

You need some steps to generate encryption key:

  • Clone properties-file repo
  • Import the repo to your IDE, example: IntelliJ
  • Open file EncryptionTool
  • Run the file and you will see in the Run Log like this: key: HjcisAmIXusz3FLTBE6IbIJ6siI6gI3t

, let's copy the key HjcisAmIXusz3FLTBE6IbIJ6siI6gI3t and store somewhere

2. Encrypt a property value

Let's say we need encrypt property value: Hello World with the key HjcisAmIXusz3FLTBE6IbIJ6siI6gI3t, we will need do some step:

    public static void main(String[] args) {
        String key = "HjcisAmIXusz3FLTBE6IbIJ6siI6gI3t"; // change to your key
        String message = "Hello World";
        String encryptedMessage = encrypt(message, key);
        System.out.println("encrypted message: " + encryptedMessage);
  • You will se the log: encrypted message: ENC(uvZ92aXCSlSbAAKo9rJYnXq9yE6kcAgdgSaS1yD4Tzw=)
  • Now you can input to your application.properties: hello_world=ENC(uvZ92aXCSlSbAAKo9rJYnXq9yE6kcAgdgSaS1yD4Tzw=)

3. Decrypt the property value

There are some ways you can use to set encryption:

  • Store in application.properties: properties.decryption_key=HjcisAmIXusz3FLTBE6IbIJ6siI6gI3t: but this way is not secure, because everyone can see the file and use key to decrypt properties value
  • Store in system environment: properties.decryption_key=HjcisAmIXusz3FLTBE6IbIJ6siI6gI3t: this way is better because just someone can access the server
  • Run java application with vm options like this: -Dproperties.decryption_key=HjcisAmIXusz3FLTBE6IbIJ6siI6gI3t

After set the encryption key, you can read the decrypted property value. With properties-file, you can do like this:

    Properties properties = new MultiFileReader()

With ezyfox-bean, ezyfox-server, ezyhttp and every framework of youngmonkeys: you will don't need anything, it will decrypt and bind the property value automatically for you. For ezyfox-server, you can put -Dproperties.decryption_key=your encryption key vm option to console.bat, console.sh and start-service.sh files.