About this task
As Jasypt supports blueprint components, it can be easily configured to use it.
Procedure
-
Add this namespace to the blueprint file:
xmlns:enc="http://karaf.apache.org/xmlns/jasypt/v1.0.0"
-
Configure the jasypt as follows:
<enc:property-placeholder>
<enc:encryptor class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor">
<property name="config">
<bean class="org.jasypt.encryption.pbe.config.EnvironmentStringPBEConfig">
<property name="algorithm" value="PBEWITHSHA256AND128BITAES-CBC-BC"/>
<property name="passwordEnvName" value="TESB_ENV_PASSWORD"/>
</bean>
</property>
</enc:encryptor>
</enc:property-placeholder>
-
Create the encrypted properties as described in Encrypting clear text parameters and passwords.
-
Add the encrypted property inside the
ENC()
prefix like in the
following example:
<cm:property-placeholder persistent-id="my" update-strategy="reload">
<cm:default-properties>
<cm:property name="password" value="ENC(T4H3aL4AfR20Tl+S9krZQVzTFCVG9akKxWmfDAobPxM=)"/>
</cm:default-properties>
</cm:property-placeholder>
-
If you are using Maven, the following dependencies should be added to the
pom.xml:
<dependency>
<groupId>org.apache.servicemix.bundles</groupId>
<artifactId>org.apache.servicemix.bundles.jasypt</artifactId>
<version>1.9.2_1</version>
</dependency>
<dependency>
<groupId>org.apache.karaf.jaas.blueprint</groupId>
<artifactId>org.apache.karaf.jaas.blueprint.jasypt</artifactId>
<version>4.0.1</version>
</dependency>
-
Import the package org.jasypt.encryption.pbe into the
bundle. If you are using Maven, the following instructions should be added to
the pom.xml:
<plugin>
<groupId>org.apache.felix</groupId>
<artifactId>maven-bundle-plugin</artifactId>
<version>2.4.0</version>
<extensions>true</extensions>
<configuration>
<instructions>
<Import-Package>org.jasypt.encryption.pbe;version=1.9.2, org.jasypt.encryption.pbe.config;version=1.9.2, org.osgi.service.blueprint</Import-Package>
</instructions>
</configuration>
</plugin>
-
Section
<cm:property-placeholder>
must be defined before
(upward) section <enc:property-placeholder>
inside the blueprint
configuration, otherwise decryption of parameters from etc/*.cfg
will not work.
Results
An example of blueprint configuration (environment variable
TESB_ENV_PASSWORD
is set to pwd
) is shown below:
<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:cm="http://aries.apache.org/blueprint/xmlns/blueprint-cm/v1.1.0"
xmlns:enc="http://karaf.apache.org/xmlns/jasypt/v1.0.0"
xsi:schemaLocation="
http://www.osgi.org/xmlns/blueprint/v1.0.0 http://www.osgi.org/xmlns/blueprint/v1.0.0/blueprint.xsd
http://aries.apache.org/blueprint/xmlns/blueprint-cm/v1.1.0 http://aries.apache.org/schemas/blueprint-cm/blueprint-cm-1.1.0.xsd">
<cm:property-placeholder persistent-id="my" update-strategy="reload">
<cm:default-properties>
<cm:property name="password" value="ENC(ri+N4zeF/hTl1omjgYky1uQxYwhyxyPmdnyC/UmY1ug=)" />
</cm:default-properties>
</cm:property-placeholder>
<enc:property-placeholder>
<enc:encryptor class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor">
<property name="config">
<bean class="org.jasypt.encryption.pbe.config.EnvironmentStringPBEConfig">
<property name="algorithm" value="PBEWITHSHA256AND128BITAES-CBC-BC" />
<property name="passwordEnvName" value="TESB_ENV_PASSWORD" />
</bean>
</property>
</enc:encryptor>
</enc:property-placeholder>
<bean id="serviceBean" class="org.company.example.MyServiceImpl">
<property name="prop" value="${password}"/>
</bean>
<blueprint>
An example of persistent configuration (container/etc/my.cfg
) is as
follows:
password=ENC(6laeC861kCMSh2Eaj4sjtNzgstdo5BKFh8d+fop2Jt0=)