반응형
- application.yml
spring:
datasource:
driver-class-name: com.mysql.cj.jdbc.Driver
url: jdbc:mysql://localhost:3306/testDb?serverTimezone=Asia/Seoul
username: userName
password: password
- application.properties
spring.datasource.driver-class-name=com.mysql.cj.jdbc.Driver
spring.datasource.url=jdbc:mysql://localhost:3306/testDb?serverTimezone=Asia/Seoul
spring.datasource.username=userName
spring.datasource.password=password
해당 부분은 DB의 정보의 그대로 노출되어 있어 보안상에 문제가 존재한다.
1. Dependency 추가
- build.gradle
implementation 'com.github.ulisesbocchio:jasypt-spring-boot-starter:3.0.4'
2. Config Class
2-1. 알고리즘 리스트
PBEWITHHMACSHA1ANDAES_128
PBEWITHHMACSHA1ANDAES_256
PBEWITHHMACSHA224ANDAES_128
PBEWITHHMACSHA224ANDAES_256
PBEWITHHMACSHA256ANDAES_128
PBEWITHHMACSHA256ANDAES_256
PBEWITHHMACSHA384ANDAES_128
PBEWITHHMACSHA384ANDAES_256
PBEWITHHMACSHA512ANDAES_128
PBEWITHHMACSHA512ANDAES_256
PBEWITHMD5ANDDES
PBEWITHMD5ANDTRIPLEDES
PBEWITHSHA1ANDDESEDE
PBEWITHSHA1ANDRC2_128
PBEWITHSHA1ANDRC2_40
PBEWITHSHA1ANDRC4_128
PBEWITHSHA1ANDRC4_402-2. JasyptConfig 클래스 추가
jasypt:
encryptor:
algorithm: ~
key-obtention-iterations: ~
pool-size: ~
bean: jasyptStringEncryptor@Configuration
@EnableEncryptableProperties
public class JasyptConfig {
@Value("${jasypt.encryptor.algorithm}")
private String algorithm;
@Value("${jasypt.encryptor.key-obtention-iterations}")
private int keyObtentionIterations;
@Value("${jasypt.encryptor.pool-size}")
private int poolSize;
@Value("${jasypt.encryptor.password}")
private String password;
@Bean("jasyptStringEncryptor")
public PooledPBEStringEncryptor stringEncryptor() {
PooledPBEStringEncryptor encryptor = new PooledPBEStringEncryptor();
encryptor.setProvider(new BouncyCastleProvider());
encryptor.setAlgorithm(algorithm);
encryptor.setKeyObtentionIterations(keyObtentionIterations);
encryptor.setPoolSize(poolSize);
encryptor.setPassword(password);
return encryptor;
}
}3. Test
public class JasyptConfigTest {
public String jasyptEncrypt(String input) {
PooledPBEStringEncryptor encryptor = new PooledPBEStringEncryptor();
encryptor.setProvider(new BouncyCastleProvider());
encryptor.setKeyObtentionIterations(keyObtentionIterations);
encryptor.setPoolSize(poolSize);
encryptor.setPassword(password);
encryptor.setAlgorithm(algorithm);
// AES 알고리즘일 경우 IV 필수
encryptor.setIvGenerator(new RandomIvGenerator());
return encryptor.encrypt(input);
}
@Test
public void jasypt() {
String encryptDBurl = jasyptEncrypt(DBurl);
String encryptDBid = jasyptEncrypt(DBid);
String encryptDBpwd = jasyptEncrypt(DBpwd);
System.out.println("\n========================PBKDF2Encryptor========================\n");
System.out.println("encryptDBurl\nENC(" + encryptDBurl + ")\n");
System.out.println("encryptDBid\nENC(" + encryptDBid + ")\n");
System.out.println("encryptDBpwd\nENC(" + encryptDBpwd + ")\n");
}
}4. DONE
4-1. 콘솔에 찍힌 값으로 DB 설정값으로 대체
4-2. VM OPTIONS에 다음 값을 추가 -Djasypt.encryptor.password=~~
4-3. 배포 시 : java -jar -Djasypt.encryptor.password=~~
반응형
'Spring > boot' 카테고리의 다른 글
| JPA 사용 시 암호화 복호화 적용하기 : ColumnTransformer (0) | 2024.10.20 |
|---|---|
| Spring boot log 파일을 AWS S3에 자동으로 업로드 시키기 (1) | 2024.01.31 |
| Junit VM Options (0) | 2022.08.23 |
