Databases
StackOverflow2013
Postsdbo
POStatic Encryption Methods: How to Get the Password from Properties with Spring Profiles
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POStatic Encryption Methods: How to Get the Password from Properties with Spring Profiles
    text
    copied!<p>We are encrypting / decrypting some of our database attributes transparently with <code>prePersist()</code> (using Morphia) and in the getter of the entity. To keep the entities nice and clean, we're using static methods. It looks something like this:</p> <pre><code>@Override @PrePersist public void prePersist() { super.prePersist(); if(password != null){ if(passwordEncrypted == null){ passwordEncrypted = new EncryptedString(); } passwordEncrypted.setEncryptedAttribute(AESEncryptor.encrypt(password, passwordEncrypted.getSalt())); } } </code></pre> <p>Note that we are not decrypting in the <code>postLoad()</code> method, since the encrypted attributes are not always required and we want to avoid the performance overhead. Unfortunately this rules out <code>@EntityListener</code>, as described in <a href="http://invariantproperties.com/2012/11/25/database-encryption-using-jpa-listeners/" rel="nofollow">http://invariantproperties.com/2012/11/25/database-encryption-using-jpa-listeners/</a>.</p> <pre><code>public String getPassword() { if((password == null) &amp;&amp; (passwordEncrypted != null)){ password = AESEncryptor.decrypt(passwordEncrypted.getEncryptedAttribute(), passwordEncrypted.getSalt()); } return password; } </code></pre> <p>Now we want to keep the encryption password in our properties file and the one from the correct profile (prod, stage, dev) should be loaded.</p> <p>The encryption code looks something like this - the <code>getPassword</code> should be loaded via Spring:</p> <pre><code>public static String encrypt(String input, String salt) { TextEncryptor encryptor = Encryptors.text(getPassword(), salt); String cipher = null; try { cipher = encryptor.encrypt(input); } catch(Exception e){ LOG.error("Could not encrypt the input '{}', be sure to check the password for illegal characters", input); } return cipher; } </code></pre> <p>While it is possible to load static variables with Spring (for example <a href="http://www.connorgarvey.com/blog/?p=105" rel="nofollow">http://www.connorgarvey.com/blog/?p=105</a>), this is pretty hackish and nearly always discouraged. Additionally, we're not sure if this might not open up garbage collection issues.</p> <p>How could / should this be done correctly?</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload