The logback configuration is done very early on in the bootstrap process and if you have encrypted passwords, then those will not be decrypted by default.
To fix this, you need to use a custom ConfigurableEnvironment
as recommended in method 4 of GitHub – ulisesbocchio/jasypt-spring-boot: Jasypt integration for Spring boot
If using Springboot and @SpringbootApplication
annotation, then use the jasypt-spring-boot-starter
and specify latest version in your pom.xml
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://maven.apache.org/POM/4.0.0"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.jcompetence</groupId>
<artifactId>example-app</artifactId>
<version>0.0.1-SNAPSHOT</version>
<packaging>jar</packaging>
<name>example-app</name>
<description>Example app</description>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.7.11</version>
<relativePath/>
</parent>
<properties>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<java.version>11</java.version>
<jasypt-spring-boot-starter.version>3.0.5</jasypt-spring-boot-starter.version>
</properties>
<dependencies>
<dependency>
<groupId>com.github.ulisesbocchio</groupId>
<artifactId>jasypt-spring-boot-starter</artifactId>
<version>${jasypt-spring-boot-starter.version}</version>
</dependency>
.... rest of pom.xml file
Create logback-spring.xml file under src/main/resources and define the spring datasource properties including the encrypted ones that will be used by the DBAppender.
The properties will be in the form of <springProperty>
If the file you create is named logback.xml, the springProperty tags will not work.
Because the standard
https://docs.spring.io/spring-boot/docs/current/reference/htmlsingle/#features.logging.logback-extensionslogback.xml
configuration file is loaded too early, you cannot use extensions in it. You need to either uselogback-spring.xml
or define alogging.config
property.
<?xml version="1.0" encoding="UTF-8"?>
<configuration debug="true">
<springProperty name="url" source="spring.datasource.url"/>
<springProperty name="username" source="spring.datasource.username"/>
<springProperty name="password" source="spring.datasource.password"/>
<property name="driverClassName" value="org.postgresql.Driver"/>
<property name="LOG_PATTERN" value="%d{yyyy-MM-dd'T'HH:mm:ss.SSSZ} %p %m%n"/>
<property name="APP_LOG_ROOT" value="/app/kola/web/appl/Backout_Queue_logs"/>
<timestamp key="logTimestamp" datePattern="yyyy-MM-dd'_'HH-mm-ss.SSS"/>
<appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
<encoder>
<pattern>${LOG_PATTERN}</pattern>
</encoder>
</appender>
<appender name="databaseAppender" class="ch.qos.logback.classic.db.DBAppender">
<connectionSource class="ch.qos.logback.core.db.DriverManagerConnectionSource">
<driverClass>org.postgresql.Driver</driverClass>
<url>${url}</url>
<user>${username}</user>
<password>${password}</password>
</connectionSource>
</appender>
<logger name="com.jcompetence.example.app.test" level="INFO">
<appender-ref ref="databaseAppender"/>
</logger>
<root level="info">
<appender-ref ref="STDOUT"/>
</root>
</configuration>
The main application class entry point needs to change as well to use a custom environment
@SpringBootApplication
@EnableJms
@ConfigurationPropertiesScan
public class ExampleApplication{
public static void main(String[] args) {
new SpringApplicationBuilder()
.environment(new StandardEncryptableEnvironment())
.sources(ExampleApplication.class).run(args);
}
}
The application.yml file under src/main/resources:
datasource:
url: jdbc:postgresql://somewhere:5432/database?currentSchema=myexampleschema
username: myuser
password: ENC(JBLKARF1hwg2GwFF8UGuFlnCJBOdvYM3vYJy/MJmI3FG==)
driver-class-name: org.postgresql.Driver