Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to Encrypt and Decrypt using Jasypt in Quarkus for database password

Tags:

quarkus

How can we encrypt and decrypt database passwords in properties files using jasypt in Quarkus? The decryption will happen while loading or starting the application. Please share your inputs or thoughts on this.

@chrisgleissner any help would be appreciated.

application.properties

quarkus.datasource.db-kind=postgre
quarkus.datasource.username=username
quarkus.datasource.password=encrypted pwd(encrypted needs to decrypt while loading application)
like image 502
Shiva Bommanabathina Avatar asked Oct 11 '25 22:10

Shiva Bommanabathina

2 Answers

You can implement a custom credentials provider. The interface is:

public interface CredentialsProvider {

    String USER_PROPERTY_NAME = "user";
    String PASSWORD_PROPERTY_NAME = "password";

    Map<String, String> getCredentials(String credentialsProviderName);

}

From the documentation:

USER_PROPERTY_NAME and PASSWORD_PROPERTY_NAME are standard properties that should be recognized by any consuming extension that support username/password based authentication. It is required that implementations be valid @ApplicationScoped CDI beans.

Your encrypted password should be available by system properties or env variable for example.

Example:

@ApplicationScoped
@Unremovable
public class MyCredentialsProvider implements CredentialsProvider {

    @Override
    public Map<String, String> getCredentials(String credentialsProviderName) {

        Map<String, String> properties = new HashMap<>();
        properties.put(USER_PROPERTY_NAME, "hibernate_orm_test");
        properties.put(PASSWORD_PROPERTY_NAME, decryptPassword());
        return properties;
    }

}

And in the application.properties set the credentials-provider as custom.

quarkus.datasource.credentials-provider=custom

You can check this section in the documentation guides: custom credentials provider

like image 104
Rui Rodrigues Avatar answered Oct 16 '25 07:10

Rui Rodrigues

You can create an implementation of io.smallrye.config.ConfigSourceInterceptor. In the getValue method decrypt with Jasypt the property (or properties) you want. Don't forget to register your implementation class as an SPI, META-INF/services/io.smallrye.config.ConfigSourceInterceptor.

More info on https://smallrye.io/docs/smallrye-config/main/index.html

like image 29
Sérgio Sousa Avatar answered Oct 16 '25 07:10

Sérgio Sousa
Sign in to Comment

Related questions

Reactive rest client headers injection in Quarkus

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!