0 引入jasypt
<dependency> <groupId>com.github.ulisesbocchio</groupId> <artifactId>jasypt-spring-boot-starter</artifactId> <version>3.0.4</version> </dependency>
1 对原密码进行加密
public static String encrypt(String plaintext) { StandardPBEStringEncryptor encryptor = new StandardPBEStringEncryptor(); EnvironmentStringPBEConfig config = new EnvironmentStringPBEConfig(); // 指定算法 config.setAlgorithm("PBEWithMD5AndDES"); // 指定秘钥,和yml配置文件中保持一致 config.setPassword("LYgKTd24qx1y"); encryptor.setConfig(config); // 生成加密数据 return encryptor.encrypt(plaintext); }
2 改yaml文件中的数据库连接
使用ENC(...)包裹住上面的对原密码进行加密后的生成的字符串
spring: datasource: url: jdbc:mysql://a.b.c.d:3307/xxx?serverTimezone=Asia/Shanghai&characterEncoding=utf8&characterSetResults=utf8&autoReconnect=true&rewriteBatchedStatements=true username: uuuu password: ENC(XgPteMTzxA19SBE16zeqFgtXq2WuSB1LeEY4nr9wz2g=)
3 在k8中建secret
对密钥进行base64加密
echo -n "LYgKTd24qx1y" | base64 TFlnS1RkMjRxeDF5
标签:加密,jasypt,数据库,中写,密码,encryptor,k8s,config From: https://www.cnblogs.com/juniorMa/p/18237597