...
Jasypt
...
component
...
Available
...
as
...
of
...
Camel
...
2.5
...
Jasypt is a simplified encryption library which makes encryption and decryption easy. Camel integrates with Jasypt to allow sensitive information in Properties files to be encrypted. By dropping camel-jasypt
on the classpath those encrypted values will automatically be decrypted on-the-fly
...
by
...
Camel.
...
This
...
ensures
...
that
...
human
...
eyes
...
can't
...
easily
...
spot
...
sensitive
...
information
...
such
...
as
...
usernames
...
and
...
passwords.
...
Maven
...
users
...
will
...
need
...
to
...
add
...
the
...
following
...
dependency
...
to
...
their
...
pom.xml
...
for
...
this
...
component:
...
...
Tooling
The Jasypt component provides a little command line tooling to encrypt or decrypt values.
The console output the syntax and which options it provides:
...
For example to encrypt the value tiger
you run with the following parameters. In the apache camel kit, you cd into the lib folder and run the following java cmd, where <CAMEL_HOME> is where you have downloaded and extract the Camel distribution.
...
Which
...
outputs
...
the
...
following
...
result
...
...
This
...
means
...
the
...
encrypted
...
representation
...
qaEEacuW7BUti8LcMgyjKw==
...
can
...
be
...
decrypted
...
back
...
to
...
tiger
...
if
...
you
...
know
...
the
...
master
...
password
...
which
...
was
...
secret
...
.
...
If
...
you
...
run
...
the
...
tool
...
again
...
then
...
the
...
encrypted
...
value
...
will
...
return
...
a
...
different
...
result.
...
But
...
decrypting
...
the
...
value
...
will
...
always
...
return
...
the
...
correct
...
original
...
value.
...
So
...
you
...
can
...
test
...
it
...
by
...
running
...
the
...
tooling
...
using
...
the
...
following
...
parameters:
...
...
Which
...
outputs
...
the
...
following
...
result:
...
...
The idea is then to use those encrypted values in your Properties files. Notice how the password value is encrypted and the value has the tokens surrounding ENC(value here)
...
Tooling
...
dependencies for Camel 2.5 and 2.6
The tooling requires the following JARs in the classpath, which has been enlisted in the MANIFEST.MF
file of camel-jasypt
with optional/
as prefix. Hence why the java cmd above can pickup the needed JARs from the Apache Distribution in the optional
directory.
...
The icu4j-4.0.1.jar
...
is only needed when running on JDK 1.5.
This JAR is not distributed by Apache Camel and you have to download it manually and copy it to the lib/optional
directory of the Camel distribution.
You can download it from Apache Central Maven repo.
Tooling dependencies for Camel 2.7 or better
Jasypt 1.7 onwards is now fully standalone so no additional JARs is needed.
URI Options
The options below are exclusive for the Jasypt component.
...
Name | Default Value | Type | Description |
---|---|---|---|
| | | Specifies the master password to use for decrypting. This option is mandatory. See below for more details. |
| | | Name of an optional algorithm to use. |
Protecting the master password
The master password used by Jasypt must be provided, so that it's capable of decrypting the values. However having this master password out in the open may not be an ideal solution. Therefore you could for example provide it as a JVM system property or as a OS environment setting. If you decide to do so then the password
option supports prefixes which dictates this. sysenv:
means to lookup the OS system environment with the given key. sys:
means to lookup a JVM system property.
For example you could provided the password before you start the application
...
Then start the application, such as running the start script.
When the application is up and running you can unset the environment
...
The password
option is then a matter of defining as follows: password=sysenv:CAMEL_ENCRYPTION_PASSWORD
...
.
Example with Java DSL
In Java DSL you need to configure Jasypt as a JasyptPropertiesParser
instance and set it on the Properties component as show below:
...
The
...
properties
...
file
...
myproperties.properties
...
then
...
contain
...
the
...
encrypted
...
value,
...
such
...
as
...
shown
...
below.
...
Notice
...
how
...
the
...
password
...
value
...
is
...
encrypted
...
and
...
the
...
value
...
has
...
the
...
tokens
...
surrounding
...
ENC(value
...
here)
...
...
Example
...
with
...
Spring
...
XML
...
In
...
Spring
...
XML
...
you
...
need
...
to
...
configure
...
the
...
JasyptPropertiesParser
...
which
...
is
...
shown
...
below.
...
Then
...
the
...
Camel
...
...
component
...
is
...
told
...
to
...
use
...
jasypt
...
as
...
the
...
properties
...
parser,
...
which
...
means
...
Jasypt has its chance to decrypt values looked up in the properties.
...
The Properties component can also be inlined inside the <camelContext>
tag which is shown below. Notice how we use the propertiesParserRef
attribute to refer to Jasypt.
...
Example with Blueprint XML
In Blueprint XML you need to configure the JasyptPropertiesParser
which is shown below. Then the Camel Properties component is told to use jasypt
as the properties parser, which means Jasypt has its chance to decrypt values looked up in the properties.
...
The Properties component can also be inlined inside the <camelContext>
tag which is shown below. Notice how we use the propertiesParserRef
attribute to refer to Jasypt.
...
See Also
- Security
- Properties
- Encrypted passwords in ActiveMQ - ActiveMQ has a similar feature as this
camel-jasypt
component