Encryption of a single property
Learn how you can encrypt a single sensitive property stored in the
efm.properties
file.
To encrypt a property, you should use the Jasypt CLI which you can download from here: http://www.jasypt.org/cli.html
Once you download the CLI, a single property can be encrypted by using the following command:
./encrypt.sh input=propertyValueToEncrypt password=secretKey \
algorithm=PBEWITHHMACSHA512ANDAES_256 \
ivGeneratorClassName=org.jasypt.iv.RandomIvGenerator
efm.properties
file:efm.property.encryptor.algorithm=
efm.property.encryptor.ivGeneratorClassName=
./listAlgorithms.sh
Please note that this command does not list any argument from non-default JCE providers like Bouncy Castle unless you have registered such providers at the JVM. For more info visit http://www.jasypt.org/non-default-providers.html.
You can use this approach to encrypt multiple properties, but you should use the same password for each as you can provide only one password when starting up EFM.
With some Java 8 versions, the Jasypt CLI throws
java.lang.ExceptionInInitializerError
error. To fix this issue you need to
update the icu4j
library used by Jasypt. This means you need to update the
<jasypt-root>/lib/icu4j-3.4.4.jar
file (if you are using Jasypt 1.9.3) with
a newer version that you can download from here: https://github.com/unicode-org/icu/releases/download/release-68-2/icu4j-68_2.jar.
ENC(...)
to let EFM know that it should treat the property as an encrypted
value. For
example,efm.server.ssl.keyStorePassword=ENC(e2cpfr5CA+xyS8uU2BNXltKoR/hCBJeJlBxMAO2lNgt1snFOGza6uUCJCZGGNl5Q)