docs/modules/ROOT/pages/reference/extensions/jasypt.adoc

// Do not edit directly!
// This file was generated by camel-quarkus-maven-plugin:update-extension-doc-page
[id="extensions-jasypt"]
= Jasypt
:linkattrs:
:cq-artifact-id: camel-quarkus-jasypt
:cq-native-supported: true
:cq-status: Stable
:cq-status-deprecation: Stable
:cq-description: Security using Jasypt
:cq-deprecated: false
:cq-jvm-since: 1.2.0
:cq-native-since: 3.7.0

ifeval::[{doc-show-badges} == true]
[.badges]
[.badge-key]##JVM since##[.badge-supported]##1.2.0## [.badge-key]##Native since##[.badge-supported]##3.7.0##
endif::[]

Security using Jasypt

[id="extensions-jasypt-whats-inside"]
== What's inside

* xref:{cq-camel-components}:others:jasypt.adoc[Jasypt]

Please refer to the above link for usage and configuration details.

[id="extensions-jasypt-maven-coordinates"]
== Maven coordinates

https://{link-quarkus-code-generator}/?extension-search=camel-quarkus-jasypt[Create a new project with this extension on {link-quarkus-code-generator}, window="_blank"]

Or add the coordinates to your existing project:

[source,xml]
----
<dependency>
    <groupId>org.apache.camel.quarkus</groupId>
    <artifactId>camel-quarkus-jasypt</artifactId>
</dependency>
----
ifeval::[{doc-show-user-guide-link} == true]
Check the xref:user-guide/index.adoc[User guide] for more information about writing Camel Quarkus applications.
endif::[]

[id="extensions-jasypt-usage"]
== Usage
The configuration of Jasypt in Camel Quarkus is driven by <<extensions-jasypt-additional-camel-quarkus-configuration,configuration properties>>.

The minimum expectation is that you provide a master password for Jasypt decryption with configuration property `quarkus.camel.jasypt.password`.

You can choose the encryption algorithm and other aspects of the Jasypt configuration via the `quarkus.camel.jasypt` options described below.

By default, you do not need to write custom code to configure the Camel `JasyptPropertiesParser` or `PropertiesComponent`. This is done for you automatically.

Any Camel configuration property added to `application.properties` can be secured with Jasypt.
To encrypt a value, there is a utility that can be run with https://www.jbang.dev/[JBang].

[source]
----
jbang org.apache.camel:camel-jasypt:{camel-version} -c encrypt -p secret-password -i "Some secret content"
----

IMPORTANT: If you choose to use a different Jasypt algorithm to the default (`PBEWithMD5AndDES`), you must provide `-a` (algorithm), `-riga` (IV generator algorithm) & `-rsga` (Salt generator algorithm)
arguments to set the correct algorithms used in encryption. Else your application will not be able to decrypt configuration values.

Alternatively, when running in dev mode, open the https://quarkus.io/guides/dev-mode-differences#dev-ui[Dev UI] and click the 'utilities' link in the Camel Jasypt pane.
Next, select either the 'Decrypt' or 'Encrypt' action, enter some text and click the submit button. The result of the action is output together with a button to copy it to the clipboard.

Configuration properties can be added to `application.properties` with the encrypted value enclosed within `ENC()` For example.

[source]
----
my.secret = ENC(BoDSRQfdBME4V/AcugPOkaR+IcyKufGz)
----

In your Camel routes, you can refer to the property name using the standard placeholder syntax and its value will get decrypted.

[source,java]
----
public class MySecureRoute extends RouteBuilder {
    @Override
    public void configure() {
        from("timer:tick?period=5s")
            .to("{{my.secret}}");
    }
}
----

TIP: You can use the ability to mask security sensitive configuration in Camel by suffixing property values with `.secret`.
You can also disable the startup configuration summary with the configuration `camel.main.autoConfigurationLogSummary = false`.

[id="extensions-jasypt-usage-injecting-encrypted-configuration"]
=== Injecting encrypted configuration

You can use the `@ConfigProperty` annotation to inject encrypted configuration into your Camel routes or CDI beans.

[source,java]
----
@ApplicationScoped
public class MySecureRoute extends RouteBuilder {
    @ConfigInject("my.secret")
    String mySecret;

    @Override
    public void configure() {
        from("timer:tick?period=5s")
            .to(mySecret);
    }
}
----

[id="extensions-jasypt-usage-securing-alternate-configuration-sources"]
==== Securing alternate configuration sources

If you prefer to keep your secret configuration in a file separate to `application.properties`,
you can use the `quarkus.config.locations` configuration option to specify additional configuration files.

In native mode you must also add any additional configuration file resource paths to `quarkus.native.resources.includes`.

[id="extensions-jasypt-usage-finer-control-of-jasypt-configuration"]
==== Finer control of Jasypt configuration

If you require finer control of the Jasypt configuration than that provided by the default configuration, the following options are available.

[id="extensions-jasypt-usage-jasyptconfigurationcustomizer"]
===== JasyptConfigurationCustomizer

Implement a `JasyptConfigurationCustomizer` class to customize any aspect of the Jasypt `EnvironmentStringPBEConfig`.

[source,java]
----
package org.acme;

import org.apache.camel.quarkus.component.jasypt.JasyptConfigurationCustomizer;
import org.jasypt.encryption.pbe.config.EnvironmentStringPBEConfig;
import org.jasypt.iv.RandomIvGenerator;
import org.jasypt.salt.RandomSaltGenerator;

public class JasyptConfigurationCustomizer implements JasyptConfigurationCustomizer {
    public void customize(EnvironmentStringPBEConfig config) {
        // Custom algorithms
        config.setAlgorithm("PBEWithHmacSHA256AndAES_256");
        config.setSaltGenerator(new RandomSaltGenerator("PKCS11"));
        config.setIvGenerator(new RandomIvGenerator("PKCS11"));
        // Additional customizations...
    }
}
----

In `application.properties` add the `quarkus.camel.jasypt.configuration-customizer-class-name` configuration property.

[source]
----
quarkus.camel.jasypt.configuration-customizer-class-name = org.acme.MyJasyptEncryptorCustomizer
----

[id="extensions-jasypt-usage-disabling-automatic-jasypt-configuration"]
===== Disabling automatic Jasypt configuration

If you prefer to use the 'classic' Java DSL way of configuring Camel Jasypt, you can disable the automatic configuration with `quarkus.camel.jasypt.enabled = false`.

This allows you to configure the Camel `JasyptPropertiesParser` and `PropertiesComponent` manually.

NOTE: In this mode, you cannot use the `@ConfigProperty` annotation to inject encrypted configuration properties.

[source,java]
----
import org.apache.camel.CamelContext;
import org.apache.camel.component.jasypt.JasyptPropertiesParser;
import org.apache.camel.component.properties.PropertiesComponent;

public class MySecureRoute extends RouteBuilder {
    @Override
    public void configure() {
        JasyptPropertiesParser jasypt = new JasyptPropertiesParser();
        jasypt.setPassword("secret");

        PropertiesComponent component = (PropertiesComponent) getContext().getPropertiesComponent();
        jasypt.setPropertiesComponent(component);
        component.setPropertiesParser(jasypt);

        from("timer:tick?period=5s")
            .to("{{my.secret}}");
    }
}
----

NOTE: If you call `setLocation(...)` on the `PropertiesComponent` to specify a custom configuration file location using the `classpath:` prefix,
you must add the file to `quarkus.native.resources.includes` so that it can be loaded in native mode.


[id="extensions-jasypt-additional-camel-quarkus-configuration"]
== Additional Camel Quarkus configuration

[width="100%",cols="80,5,15",options="header"]
|===
| Configuration property | Type | Default


|icon:lock[title=Fixed at build time] [[quarkus.camel.jasypt.enabled]]`link:#quarkus.camel.jasypt.enabled[quarkus.camel.jasypt.enabled]`

Setting this option to false will disable Jasypt integration with Quarkus SmallRye configuration. You can however, manually configure Jasypt with Camel in the 'classic' way of manually configuring JasyptPropertiesParser and PropertiesComponent. Refer to the usage section for more details.
| `boolean`
| `true`

| [[quarkus.camel.jasypt.algorithm]]`link:#quarkus.camel.jasypt.algorithm[quarkus.camel.jasypt.algorithm]`

The algorithm to be used for decryption.
| `string`
| `PBEWithMD5AndDES`

| [[quarkus.camel.jasypt.password]]`link:#quarkus.camel.jasypt.password[quarkus.camel.jasypt.password]`

The master password used by Jasypt for decrypting configuration values. This option supports prefixes which influence the master password lookup behaviour.

`sys:` will to look up the value from a JVM system property. `sysenv:` will look up the value from the OS system environment with the given key.
| `string`
| 

| [[quarkus.camel.jasypt.random-iv-generator-algorithm]]`link:#quarkus.camel.jasypt.random-iv-generator-algorithm[quarkus.camel.jasypt.random-iv-generator-algorithm]`

Configures the Jasypt StandardPBEStringEncryptor with a RandomIvGenerator using the given algorithm.
| `string`
| `SHA1PRNG`

| [[quarkus.camel.jasypt.random-salt-generator-algorithm]]`link:#quarkus.camel.jasypt.random-salt-generator-algorithm[quarkus.camel.jasypt.random-salt-generator-algorithm]`

Configures the Jasypt StandardPBEStringEncryptor with a RandomSaltGenerator using the given algorithm.
| `string`
| `SHA1PRNG`

| [[quarkus.camel.jasypt.configuration-customizer-class-name]]`link:#quarkus.camel.jasypt.configuration-customizer-class-name[quarkus.camel.jasypt.configuration-customizer-class-name]`

The fully qualified class name of an org.apache.camel.quarkus.component.jasypt.JasyptConfigurationCustomizer implementation. This provides the optional capability of having full control over the Jasypt configuration.
| `string`
| 
|===

[.configuration-legend]
{doc-link-icon-lock}[title=Fixed at build time] Configuration property fixed at build time. All other configuration properties are overridable at runtime.