Spring Boot Password Encryption Using Jasypt

Keeping sensitive data secure is essential, but it isn’t that easy in today’s world. If you are using the Spring Boot application and want to encrypt your credentials, such as DB passwords, server information, or personal data then the simplest way is to use Jasypt.

Jasypt (Java Simplified Encryption) is a Java library that provides utilities for encrypting user-sensitive information. Jasypt is easy to set up, there is no need for you to have an in-depth understanding of cryptography. You can use Jasypt in a few simple steps. It is recommended to go with the default configuration but Jasypt does offer some customizations also.

Steps To Add Encryption Using Jasypt

  • Add jasypt-spring-boot-starter maven dependency in the pom.xml,
  • Add annotation in the Spring Boot Application main Configuration class,
  • Select a secret key to be used for encryption and decryption,
  • Encrypting single string value,
  • Encrypting all values in the application.properties file,
  • Running the application.

Now we will go through each step in detail

1. Add Maven Dependency

The simplest way of using Jasypt is by the maven plugin. The maven plugin can help when you to encrypt or decrypt a single value like “java#123”. Then you can use the encrypted value as you want. But if you do not want to encrypt every single value one by one then the maven plugin comes to the rescue too. You can encrypt all the values you want in a single go. At the end of this tutorial, you will have a full grip over what is said here.

In the pom.xml file, add maven dependency which can be found easily at Maven Repository. You can specify the version you are using in the version tag <version>YOUR_VERSION</version>.


If you want to simplify the encryption and decryption process then you can add the maven plugin in the same pom.xml file in the plugin section. This plugin allows the encryption and decryption of property files compatible with the Jasypt Spring Boot extension. You can read more about it here.


2. Add annotation in the Spring Boot Application main Configuration class

Add @EnableEncryptableProperties annotation to the main configuration class for the application to understand the encryptable properties across the entire Spring Environment.

package com.javajasypt.crud.example;

import com.ulisesbocchio.jasyptspringboot.annotation.EnableEncryptableProperties;

public class MyApplication {
    public static void main (String[] args) { 

3. Select a secret key to be used for encryption and decryption

The secret key is used to encrypt the credentials and later the same key is used to decrypt them. You can choose any value of the secret key. For example “Butterfly”. Just remember that it is case-sensitive.

4. Encrypting and Decrypting a single value

Open the command prompt window. Change the current directory to the project directory where the pom.xml file is. Type the following command.

mvn jasypt:encrypt-value -Djasypt.encryptor.password=theKey -Djasypt.plugin.value="theWordToBeEncrypted"
  • Input: The word you are trying to encrypt goes here. (In my case it is “theWordToBeEncrypted”)
  • Key: The key that you decided goes here (In my case it is “theKey”)
  • Algorithm: The default algorithm used to encrypt is PBEWithMD5AndDES i.e. StandardPBEStringEncryptor
  • Note: The key and the input are both case-sensitive.

Now hit enter. You will see this will run and just above the BUILD SUCCESS line you will find the encrypted text within the bracket of the word ENC() as follows


You need to copy this whole text including ENC and parathesis and then paste it in place of the original word.

The process is bidirectional. It means if you will the above code with decrypt-value and the encrypted value as the input you will get the original word i.e. theWordToBeEncrypted (in my case). The command will be

mvn jasypt:decrypt-value -Djasypt.encryptor.password=theKey -Djasypt.plugin.value=nObqvmVPYhxVaykMl09QVtGCQWjpd7al1RJhOsyz1eLkb6J2USMu9Fb//e4a6Vro

5. Encrypting credentials in the application.properties file:

If you want to encrypt the username and password in application.properties files without manually entering the encrypted text then follow these steps. The trick to this part is whatever you want to get encrypted in the application property file MUST be wrapped in DEC() parenthesis.

Suppose your original code looks like this

spring.datasource.username = username
spring.datasource.password = password

Now wrap the values you need to be encrypted inside DEC() parenthesis as follows

spring.datasource.username = DEC(username)
spring.datasource.password = DEC(password)

Open the command prompt in the same directory and type

mvn jasypt:encrypt -Djasypt.encryptor.password= theKey -Djasypt.plugin.path="file:src/main/resources/application.yml"

When you will run this command it will automatically replace the DEC() placeholder with ENC() and the encrypted text in between, as follow

spring.datasource.username = ENC(34jjfsdfds+fds/fsd7Hs)
spring.datasource.password = ENC(llo8Tfwc2cBLNAzjkksTk9dBj8tIwT3ZUHDQoFQm88D85qJTTY9doPcmQiN/Emtd)

For the reverse process, it’s vice-versa, the first argument of the statement is: decrypt and all placeholders must be wrapped in ENC() parenthesis before execution. Wherever the text was placed inside ENC it will return to its original form. The command will then be:

mvn jasypt:decrypt -Djasypt.encryptor.password= theKey -Djasypt.plugin.path="file:src/main/resources/application.yml"

6. Running the application

That’s all you need to do to encrypt your data. Now if you run your Spring Boot application it will automatically decrypt all the encrypted values and run smoothly as before.

I hope this tutorial was of some help to you. If you have any questions do let me know in the comment section below.

To learn more about building Spring Boot applications, you can check Spring Boot tutorials page or Spring Boot video tutorials page.

Happy learning!