springbooot整合dynamic datasource数据库密码加密方式
作者:今天写bug了吗?
前言
该文档主要用于在springboot中利用baomidou整合多数据源时候,如果需要对数据库密码进行加密该进行哪些操作。
1.引入依赖
<dependency>
<groupId>com.baomidou</groupId>
<artifactId>dynamic-datasource-spring-boot-starter</artifactId>
<version>3.2.1</version>
</dependency>
2.生成密钥私钥
public static void main(String[] args) throws Exception {
//CryptoUtils 为自带工具 keySize 密钥越长,安全性越高
String[] strings = CryptoUtils.genKeyPair(512);
System.out.println("公钥:"+strings[0]);
System.out.println("私钥:"+strings[1]);
}
输出结果:
公钥用于加密,私钥用于解密,基于Rsa算法进行的加密
公钥:MIIBVAIBADANBgkqhkiG9w0BAQEFAASCAT4wggE6AgEAAkEAvFj7PQS+gOWPfpeDjS37qLikoJivZOdx4KbjuLFHENS7F10ztjKFx+MUt3iOmQO8nCYdwOZJeS2ky5Oof6HI1wIDAQABAkEAmvqE0HKk5p798eZuQq8BkpVMMTExsU+YLohkfMayeS+E7/Yp2fG2XyrQfMh8hQJ9C9bWW3iKr+icOssW3HkoYQIhAP5tAUAJZuYBkDIxpCJnDhCjhRoimENsz/PqjEizdVaPAiEAvYNQBxTKaEZ0r9fUPtyBItc36L9cPuFUrhS6w8k/zTkCIBRKx12/IjjYCRMnyGqCA6oqEJScC77c790JaPTnc0VbAiEAvFvxhLhDXVT50XShPkGIEIr8xNa95rmrosJzxvkV8vECH3TIKWgr09RmQztQh49xOu5ca0y7nXDIrEeg2AiktEE=
私钥:MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALxY+z0EvoDlj36Xg40t+6i4pKCYr2TnceCm47ixRxDUuxddM7YyhcfjFLd4jpkDvJwmHcDmSXktpMuTqH+hyNcCAwEAAQ==
// 公钥加密
String encrypt = CryptoUtils.encrypt(s1, "password");
System.out.println("密码加密为:"+ encrypt);
// 私钥进行解密
System.out.println("密码解密为:"+CryptoUtils.decrypt(s2,encrypt));
3.进行yml配置
spring:
datasource:
druid:
stat-view-servlet:
enabled: true
loginUsername: admin
loginPassword: 123456
dynamic:
druid:
initial-size: 5
min-idle: 5
maxActive: 20
maxWait: 60000
timeBetweenEvictionRunsMillis: 60000
minEvictableIdleTimeMillis: 300000
validationQuery: SELECT 'X'
testWhileIdle: true
testOnBorrow: false
testOnReturn: false
poolPreparedStatements: true
maxPoolPreparedStatementPerConnectionSize: 20
filters: stat,wall,slf4j
connectionProperties: druid.stat.mergeSql\=true;druid.stat.slowSqlMillis\=5000
datasource:
master:
driver-class-name: com.mysql.cj.jdbc.Driver
url: jdbc:mysql://xxxx.xx.xxxxx:3306/test?useUnicode=true&characterEncoding=utf8&zeroDateTimeBehavior=convertToNull&useSSL=true&serverTimezone=GMT%2B8
username: root
# ENC()括号内就为加密的密码;
password: ENC(b5YQRCK++Ek9nNawxXfwvVxbufXJORqMHM5Pv9W0VMSuN+UCZec7bakQV4ZOo025WM7Cf/iV4E5RgVaPF5SSVQ==)
#注意:public-key为刚才生成私钥:但直接放入配置文件不安全,建议放入到启动项中
public-key: ${publicKey}
# 从库数据源
slave:
driver-class-name: org.postgresql.Driver
url: jdbc:postgresql://xxxxxxxx:5432/test2?useUnicode=true&characterEncoding=utf8&zeroDateTimeBehavior=convertToNull&useSSL=true&serverTimezone=GMT%2B8
username: root
password: ENC(b5YQRCK++Ek9nNawxXfwvVxbufXJORqMHM5Pv9W0VMSuN+UCZec7bakQV4ZOo025WM7Cf/iV4E5RgVaPF5SSVQ==)
public-key: ${publicKey}
注意:
- 可以直接使用CryptoUtils.encrypt("password),则下列的public-key参数可以不配置,视为使用默认rsa密钥对(不推荐)
- public-key与password为同一级,切记层级不能配错
4.项目启动项配置
java -jar xxxxx.jar --publicKey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALxY+z0EvoDlj36Xg40t+6i4pKCYr2T.....
5.idea项目配置
6.注意事项
如果启动报错,可以尝试去掉
druid@SpringBootApplication(exclude = {DruidDataSourceAutoConfigure.class})因为部分项目可能引入了druid,又引用了苞米豆,会引发冲突
总结
以上为个人经验,希望能给大家一个参考,也希望大家多多支持脚本之家。