Encryption/Decryption of properties in Spring boot with Jasypt

Hello viewers,

In today’s post we will talk about how to encrypt/decrypt properties of  application.properties in spring boot project.

Before starting my post, I want to ask one question from you.

What do you think that why do we need to secure properties of the application or why we need encryption? Any guess!!

Okay, Let’s understand the reason by taking an example of an application.

Suppose you are creating an application which perform operations on database then you need to specify database related properties in property file. Right?

Following are the basic properties which you need to mention in property file:

  • Database url (contains Ip address and port)
  • Driver name
  • username
  • password

Now, in above properties username and password contains sensitive value which should not be keep as a plain text so these kind of properties should be encrypt so that no one can misuse of it.

So let’s start.


Jasypt is a Java library which allows developers to add basic encryption capabilities to projects with minimum effort, and without the need of having an in-depth knowledge about implementation details of encryption protocols. To know more click here

Following are the steps to use Jasypt in spring boot application:

Create a spring boot project and add following dependency in build.gradle file:


And mention following in repositories because Jasypt is not available on mavenCentral()

// To load Jasypt dependency from this url
maven {
    url 'https://repo.spring.io/libs-milestone'

If you are using maven to build the project then add following dependency in pom.xml file:

	com.github.ulisesbocchio - groupId
	jasypt-spring-boot-starter - artifactId
	2.0.0 - version

If application is @SpringBootApplication then after adding dependency in classpath it will enable encryptable properties across the module. If application is not using @SpringBootApplication and it is only using @Configuration then need to add @EnableEncryptableProperties annotation on configuration class as below:

public class MyApplication {


And encryptable properties will be enabled across the entire Spring Environment.

Now encrypt the property with Jasypt library as below:

java -cp jasypt-1.9.2.jar org.jasypt.intf.cli.JasyptPBEStringEncryptionCLI input=contactspassword password=supersecretz algorithm=PBEWithMD5AndDES


Runtime: Oracle Corporation Java HotSpot(TM) 64-Bit Server VM 25.101-b13


algorithm: PBEWithMD5AndDES
input: contactspassword
password: supersecretz



In above, JasyptPBEStringEncryptionCLI is a class which is provided by Jasypt library which takes two mandatory parameters

  • input – what needs to be encrypt
  • password – secret key for encryption

After encrypting password, put the secret and password in application.properties as below:

##Secret which was used to encrypt the password by Jasypt

##Encrypted password which was encrypted by Jasypt library
server.password = ENC(atTX3bnC2Mrryn/s0SwYKiu8UhaG7G/Ob7EdhZfuJcI=)

We are done. Let’s test the same as below:

package threadminions.demo;

import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.CommandLineRunner;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;

public class EncryptDecryptApplication implements CommandLineRunner {

	String serverPassword;

	public static void main(String[] args) {
		SpringApplication.run(EncryptDecryptApplication.class, args);

	public void run(String... args) throws Exception {
		System.out.println("Server password is: " + serverPassword);

Now run the program, and it will automatically decrypt the secret.password according to provided secret key and will print the following output on console:

2018-07-23 10:27:50.572  INFO 3296 --- [           main] o.s.j.e.a.AnnotationMBeanExporter        : Registering beans for JMX exposure on startup
2018-07-23 10:27:50.708  INFO 3296 --- [           main] o.s.b.w.embedded.tomcat.TomcatWebServer  : Tomcat started on port(s): 9000 (http) with context path ''
2018-07-23 10:27:50.714  INFO 3296 --- [           main] t.demo.EncryptDecryptApplication         : Started EncryptDecryptApplication in 7.299 seconds (JVM running for 8.169)
Server password is: contactspassword

As you can see we have got actual password.

That’s all about how to encrypt/decrypt properties with Jasypt in spring boot. To know more click here

Download the source code from here

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s