Spring boot - how to decrypt env variables in yaml file?

Context

I got spring boot app. I'm passing to it variables like this:

    ...
      datasource:
          url: jdbc:postgresql://${DB_SERVER_AND_PORT}/my_db
          username: ${DB_USER}
          password: ${DB_USER_PASSWORD}

Challenge

This env variables can be easily read because they are in plain text. I want to increase security with symmetric encryption.

I looking for something that I can use in my yaml file.

    # example how I want to use it:
    ...
     datasource:
          url: jdbc:postgresql://#{decrypt(${DB_SERVER_AND_PORT}}/my_db

The only requirement for encryption is ease of doing it from shell (gitlab pipeline)

Question

If this is possible, how to do this spring boot or spring?

Solution

Check out jasypt which provides encryption support for property sources in Spring Boot Applications:

https://github.com/ulisesbocchio/jasypt-spring-boot

Spring Boot with React and Keycloak: redirect to Keycloak's login page fails due to CORS error (no Access-Control-Allow-Origin header set)
WebMvcTest and entitMangerFactory missing reference
Component scan for configuration class could not be used with conditions in REGISTER_BEAN
How do I add audience validation using Spring OAuth without needing the issuer?
unit test @Valid of springboot without having to spin up / mock the server
How to call a service from Main application calls Spring Boot?
Spring JBDC bad SQL grammar on PostgreSQL
Test REST APIs on a real server (without localhost )
How can I pass an array of objects in query params in postman for the post request?
perform SpringBoot request validation based on configurable property
Setting cookie from java spring boot rest API to angular
Validate list inside request with springboot against [null]
How to use Spring Security WebAuthn to implement Passkey?
Unable to run Spring Boot native application with AWSSecretsManagerPostgreSQLDriver
Spring Boot Redis Cache @CachePut is not updating the cache
spring batch dependency cycle
SimpMessagingTemplate not sending messages in spring boot
Hibernate StaleObjectStateException After Upgrading to 6.6.3: Row was updated or deleted by another transaction or unsaved-value mapping was incorrect
Spring doesn't recommend to annotate interface methods with @Cache* annotation on Spring HttpInterface
Spring Boot 3.4.0 lets integration tests with JPA/Hibernate fail
I get "No message available" in postman response from api spring
How to fix jackson java 8 data/time error?
How to use both @RestControllerAdvice and Swagger UI in Spring boot
@RequestParam return null value from Postman
Why is my controller calling different API when there is no match API for the request?
Throw TestContainers issue in Jenkins for CI/CD in Spring Boot on Windows (Can not connect to Ryuk at 172.17.0.1: port_number)
Spoof-proof file type validation in a Spring Boot app
Why does @Size(min) validation trigger before @NotBlank validation in Spring Boot?
Process finished with exit code 1 Spring Boot Intellij
Pooling RestTemplante setReadTimeout