Camel Component: Jasypt - 6.3

Talend ESB Mediation Developer Guide

EnrichVersion
6.3
EnrichProdName
Talend Data Fabric
Talend Data Services Platform
Talend ESB
Talend MDM Platform
Talend Open Studio for ESB
Talend Real-Time Big Data Platform
task
Design and Development
EnrichPlatform
Talend ESB

Jasypt is a simplified encryption library which makes encryption and decryption easy. Camel integrates with Jasypt to allow sensitive information in Camel Component: Properties files to be encrypted. By dropping camel-jasypt on the classpath those encrypted values will automatically be decrypted on-the-fly by Camel. This ensures that human eyes can't easily spot sensitive information such as usernames and passwords.

Maven users will need to add the following dependency to their pom.xml for this component:

<dependency>
   <groupId>org.apache.camel</groupId>
   <artifactId>camel-jasypt</artifactId>
   <!-- use the same version as your Camel core version -->
   <version>x.x.x</version>
</dependency>

Jasypt 1.7 onwards is fully standalone so no additional JARs are needed.

Tooling

The Camel Component: Jasypt component provides a little command line tooling to encrypt or decrypt values.

The console output the syntax and which options it provides:

Apache Camel Jasypt takes the following options

  -h or -help = Displays the help screen
  -c or -command <command> = Command either encrypt or decrypt
  -p or -password <password> = Password to use
  -i or -input <input> = Text to encrypt or decrypt
  -a or -algorithm <algorithm> = Optional algorithm to use

For example to encrypt the value tiger you run with the following parameters. In the apache Camel kit, you cd into the lib folder and run the following java cmd, where <CAMEL_HOME> is where you have downloaded and extract the Camel distribution.

$ cd <CAMEL_HOME>/lib
$ java -jar camel-jasypt-2.5.0.jar -c encrypt -p secret -i tiger

Which outputs the following result

Encrypted text: qaEEacuW7BUti8LcMgyjKw==

This means the encrypted representation qaEEacuW7BUti8LcMgyjKw== can be decrypted back to tiger if you know the master password which was secret . If you run the tool again then the encrypted value will return a different result. But decrypting the value will always return the correct original value.

So you can test it by running the tooling using the following parameters:

$ cd <CAMEL_HOME>/lib
$ java -jar camel-jasypt-2.5.0.jar -c decrypt -p secret 
      -i qaEEacuW7BUti8LcMgyjKw==

Which outputs the following result:

Decrypted text: tiger

The idea is then to use those encrypted values in your Camel Component: Properties files. Notice how the password value is encrypted and the value has the tokens surrounding ENC(value here)

# refer to a mock endpoint name by that encrypted password
cool.result=mock:{{cool.password}}

# here is a password which is encrypted
cool.password=ENC(bsW9uV37gQ0QHFu7KO03Ww==)

URI Options

The options below are exclusive for the Camel Component: Jasypt component.

Name

Default Value

Type

Description

password

null

String

Specifies the master password to use for decrypting. This option is mandatory. See below for more details.

algorithm

null

String

Name of an optional algorithm to use.

Protecting the master password

The master password used by Camel Component: Jasypt must be provided, so that it's capable of decrypting the values. However having this master password out in the open may not be an ideal solution. Therefore you could for example provide it as a JVM system property or as a OS environment setting. If you decide to do so then the password option supports prefixes which dictates this. sysenv: means to lookup the OS system environment with the given key. sys: means to lookup a JVM system property.

For example you could provided the password before you start the application

$ export CAMEL_ENCRYPTION_PASSWORD=secret

Then start the application, such as running the start script.

When the application is up and running you can unset the environment

$ unset CAMEL_ENCRYPTION_PASSWORD

The password option is then a matter of defining as follows: password=sysenv:CAMEL_ENCRYPTION_PASSWORD .

Example with Java DSL

In Java DSL you need to configure Camel Component: Jasypt as a JasyptPropertiesParser instance and set it on the Camel Component: Properties component as shown below:

// create the jasypt properties parser
JasyptPropertiesParser jasypt = new JasyptPropertiesParser();
// and set the master password
jasypt.setPassword("secret");

// create the properties component
PropertiesComponent pc = new PropertiesComponent();
pc.setLocation(
   "classpath:org/apache/camel/component/jasypt/
myproperties.properties");
// and use the jasypt properties parser so we can decrypt values
pc.setPropertiesParser(jasypt);

// add properties component to Camel context
context.addComponent("properties", pc);

The properties file myproperties.properties then contain the encrypted value, such as shown below. Notice how the password value is encrypted and the value has the tokens surrounding ENC(value here)

# refer to a mock endpoint name by that encrypted password
cool.result=mock:{{cool.password}}

# here is a password which is encrypted
cool.password=ENC(bsW9uV37gQ0QHFu7KO03Ww==)

Example with Spring XML

In Spring XML you need to configure the JasyptPropertiesParser which is shown below. Then the Camel Camel Component: Properties component is told to use jasypt as the properties parser, which means Camel Component: Jasypt has its chance to decrypt values looked up in the properties.

<!-- define the jasypt properties parser with the given password -->
<bean id="jasypt"
   class="org.apache.camel.component.jasypt.JasyptPropertiesParser">
   <property name="password" value="secret"/>
</bean>

<!-- define the Camel properties component -->
<bean id="properties" 
   class="org.apache.camel.component.properties.PropertiesComponent">
   <!-- the properties file is in the classpath -->
   <property name="location" value=
      "classpath:org/apache/camel/component/jasypt/myprops.properties"/>
   <!-- and let it leverage the jasypt parser -->
   <property name="propertiesParser" ref="jasypt"/>
</bean>

The Camel Component: Properties component can also be inlined inside the <camelContext> tag which is shown below. Notice how we use the propertiesParserRef attribute to refer to Camel Component: Jasypt .

<!-- define the jasypt properties parser with the given password -->
<bean id="jasypt" 
   class="org.apache.camel.component.jasypt.JasyptPropertiesParser">
   <!-- password is mandatory, you can prefix it with sysenv: or sys: 
      to indicate it should use an OS environment or JVM system property 
      value, so you don't have the master password defined here -->
   <property name="password" value="secret"/>
</bean>

<camelContext xmlns="http://camel.apache.org/schema/spring">
   <!-- define the Camel properties placeholder to use jasypt -->
   <propertyPlaceholder id="properties" location=
      "classpath:org/apache/camel/component/jasypt/   \\
      myproperties.properties"
      propertiesParserRef="jasypt"/>
   <route>
      <from uri="direct:start"/>
      <to uri="{{cool.result}}"/>
   </route>
</camelContext>