From 68839a6725f1bbb828f15367b59c7fdb0d2278d2 Mon Sep 17 00:00:00 2001
From: fang <2535030577@qq.com>
Date: Sun, 10 Dec 2023 01:15:46 +0800
Subject: [PATCH] =?UTF-8?q?[DOC]=E6=96=B0=E5=A2=9EMySQL=E5=AF=86=E7=A0=81?=
=?UTF-8?q?=E4=BB=A5=E5=8A=A0=E5=AF=86=E6=96=B9=E5=BC=8F=E5=AD=98=E5=82=A8?=
=?UTF-8?q?=E5=B9=B6=E4=BD=BF=E7=94=A8=E7=9A=84=E6=96=87=E6=A1=A3=20(#1135?=
=?UTF-8?q?)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
...40\345\257\206\346\211\213\345\206\214.md" | 115 ++++++++++++++++++
km-rest/pom.xml | 6 +
2 files changed, 121 insertions(+)
create mode 100644 "docs/dev_guide/MYSQL\345\257\206\347\240\201\345\212\240\345\257\206\346\211\213\345\206\214.md"
diff --git "a/docs/dev_guide/MYSQL\345\257\206\347\240\201\345\212\240\345\257\206\346\211\213\345\206\214.md" "b/docs/dev_guide/MYSQL\345\257\206\347\240\201\345\212\240\345\257\206\346\211\213\345\206\214.md"
new file mode 100644
index 000000000..f38b5b006
--- /dev/null
+++ "b/docs/dev_guide/MYSQL\345\257\206\347\240\201\345\212\240\345\257\206\346\211\213\345\206\214.md"
@@ -0,0 +1,115 @@
+## YML文件MYSQL密码加密存储手册
+
+### 1、本地部署加密
+
+**第一步:生成密文**
+
+在本地仓库中找到jasypt-1.9.3.jar,默认在org/jasypt/jasypt/1.9.3中,使用`java -cp`生成密文。
+
+```bash
+java -cp jasypt-1.9.3.jar org.jasypt.intf.cli.JasyptPBEStringEncryptionCLI input=mysql密码 password=加密的salt algorithm=PBEWithMD5AndDES
+```
+
+```bash
+## 得到密文
+DYbVDLg5D0WRcJSCUGWjiw==
+```
+
+**第二步:配置jasypt**
+
+在YML文件中配置jasypt,例如
+
+```yaml
+jasypt:
+ encryptor:
+ algorithm: PBEWithMD5AndDES
+ iv-generator-classname: org.jasypt.iv.NoIvGenerator
+```
+
+**第三步:配置密文**
+
+使用密文替换YML文件中的明文密码为ENC(密文),例如[application.yml](https://github.com/didi/KnowStreaming/blob/master/km-rest/src/main/resources/application.yml)中MYSQL密码。
+
+```yaml
+know-streaming:
+ username: root
+ password: ENC(DYbVDLg5D0WRcJSCUGWjiw==)
+```
+
+**第四步:配置加密的salt(选择其一)**
+
+- 配置在YML文件中(不推荐)
+
+```yaml
+jasypt:
+ encryptor:
+ password: salt
+```
+
+- 配置程序启动时的命令行参数
+
+```bash
+java -jar xxx.jar --jasypt.encryptor.password=salt
+```
+
+- 配置程序启动时的环境变量
+
+```bash
+export JASYPT_PASSWORD=salt
+java -jar xxx.jar --jasypt.encryptor.password=${JASYPT_PASSWORD}
+```
+
+## 2、容器部署加密
+
+利用docker swarm 提供的 secret 机制加密存储密码,使用docker swarm来管理密码。
+
+### 2.1、secret加密存储
+
+**第一步:初始化docker swarm**
+
+```bash
+docker swarm init
+```
+
+**第二步:创建密钥**
+
+```bash
+echo "admin2022_" | docker secret create mysql_password -
+
+# 输出密钥
+f964wi4gg946hu78quxsh2ge9
+```
+
+**第三步:使用密钥**
+
+```yaml
+# mysql用户密码
+SERVER_MYSQL_USER: root
+SERVER_MYSQL_PASSWORD: mysql_password
+
+knowstreaming-mysql:
+ # root 用户密码
+ MYSQL_ROOT_PASSWORD: mysql_password
+secrets:
+ mysql_password:
+ external: true
+```
+
+### 2.2、使用密钥文件加密
+
+**第一步:创建密钥**
+
+```bash
+echo "admin2022_" > password
+```
+
+**第二步:使用密钥**
+
+```yaml
+# mysql用户密码
+SERVER_MYSQL_USER: root
+SERVER_MYSQL_PASSWORD: mysql_password
+secrets:
+ mysql_password:
+ file: ./password
+```
diff --git a/km-rest/pom.xml b/km-rest/pom.xml
index 0c69eccc7..954629fc8 100644
--- a/km-rest/pom.xml
+++ b/km-rest/pom.xml
@@ -138,6 +138,12 @@
${springboot.version}
+
+ com.github.ulisesbocchio
+ jasypt-spring-boot-starter
+ 3.0.5
+
+
org.testcontainers