Spring Boot 数据库druid密码加密

Spring Boot 数据库druid密码加密

前言

为了避免密码被开发人员获知，对druid数据库密码加密，下面介绍如何实现的。
使用JAR版本：druid-1.1.9.jar

实现步骤

生成公钥、私钥、加密密码

• 工具类获取

package ba.la.ba.la.common.util;

import com.alibaba.druid.filter.config.ConfigTools;

public class DruidTest {

    public static void main(String[] args) throws Exception {
        // 明文密码
        String password = "abc@123";

        System.out.println("密码[ "+password+" ]的加密信息如下：\n");

        // 获取密码对，参数不能小于512，否则会报错
        String [] keyPair = ConfigTools.genKeyPair(512);
        // 私钥
        String privateKey = keyPair[0];
        // 公钥
        String publicKey = keyPair[1];
        // 用私钥加密后的密文
        password = ConfigTools.encrypt(privateKey, password);

        System.out.println("privateKey:"+privateKey);
        System.out.println("publicKey:"+publicKey);
        System.out.println("password:"+password);
        // 通过公钥和密文密码获取密码明文
        String decryptPassword = ConfigTools.decrypt(publicKey, password);
        System.out.println("decryptPassword："+decryptPassword);
    }
}

• 输出结果

密码[ abc@123 ]的加密信息如下：

privateKey:MIIBVQIBADANBgkqhkiG9w0BAQEFAASCAT8wggE7AgEAAkEA5Ifto6WuKXGnMz5vGpo8X9pJOwnYkaYOIlL5lgqQWjPeKCzHRRCNjB0HWIqzcYnDg1DdKK99k1ADyUwV47nfDwIDAQABAkEAiRxkn4KP852Uy1HyJuvSvU+iECHgJcKTSFSwGi1MXlEN00VMk6pX3en7lW5lIX+XzT2N7BAgjX3MdONwv9v6gQIhAPrCxKzTGzD5JkRDyZomYmvVg2i+mm+XCG/lFFnZuzv3AiEA6U5Cp6R9BW71+JOfH1YPlUO4wZgwyT+IW/x9fgkuv6kCIBzZk68eip5Ty+dGtUca62/knL3MUBBOnBXjkTfVKQl5AiBa87x+eFyY2qofbwVQhQ9sJEuJhVg3jIIPQj51/QRxiQIhALF9y9puZxMiSqwCiMu9lkDFH22t4pvN3oqigTlSrksM
publicKey:MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAOSH7aOlrilxpzM+bxqaPF/aSTsJ2JGmDiJS+ZYKkFoz3igsx0UQjYwdB1iKs3GJw4NQ3SivfZNQA8lMFeO53w8CAwEAAQ==
password:ygUHR0YYBD0dByVjhX/2/70Q/WOEYVeMutL0eV4hAndFE8/bs1sPhj40xNmy3qeYFISbfJrG0nYGJTQoz/zL3w==
decryptPassword：abc@123

修改数据库配置 yml

• 修改密码

spring:
  datasource:
    #druid相关配置
    druid:
      #基本属性
      url: jdbc:mysql://balabala.aliyuncs.com:3306/bala_database?useUnicode=true&characterEncoding=UTF-8&allowMultiQueries=true
      username: balabala
      password: ygUHR0YYBD0dByVjhX/2/70Q/WOEYVeMutL0eV4hAndFE8/bs1sPhj40xNmy3qeYFISbfJrG0nYGJTQoz/zL3w==
      connection-properties: config.decrypt=true;config.decrypt.key=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAOSH7aOlrilxpzM+bxqaPF/aSTsJ2JGmDiJS+ZYKkFoz3igsx0UQjYwdB1iKs3GJw4NQ3SivfZNQA8lMFeO53w8CAwEAAQ==
      # 必须添加filter.config.enabled=true，否则不生效
      filter:
        config:
          enabled: true

必须添加filter.config.enabled=true，否则不生效

总结

好，大功告成