Properties encryption

It is possible to encrypt any of the configuration properties. This guide will walk you through necessary configuration.

Insights uses Jasypt for property encryption. You can download Jasypt from it's official page. After downloading the package, unzip it and place into a directory of your choice.

In order to be able to encrypt configuration properties, JASYPT_ENCRYPTOR_PASSWORD has to be set.

Next step is to use the downloaded Jasypt package to encrypt property of your choice. To do that, execute the following command:

cd <JASYPT_PATH>/bin/
./encrypt.sh input="PROPERTY_VALUE_TO_ENCRYPT" password="YOUR_JASYPT_ENCRYPTOR_PASSWORD"

When the above command is executed the encrypted property value is printed to the screen. The last step is to configure the encrypted value as the actual value in the property file. The value has to be surrounded with ENC(). Below is an example of an encrypted database password:

SPRING_DATASOURCE_PASSWORD=ENC(RipySuX3G5W6P+EObq8ldWiDvz/0ISY+)

You can verify the encryption by running

./decrypt.sh input="PROPERTY_VALUE_TO_ENCRYPT" password="YOUR_JASYPT_ENCRYPTOR_PASSWORD"