Spring Boot - Config Server - Jasypt DecryptionException: Unable to decrypt: ENC()

Question

I have a problem about running config server in my spring boot microservice example.

After I defined the dependency shown below, I tried to encrypt the password.

  <dependency>
        <groupId>com.github.ulisesbocchio</groupId>
        <artifactId>jasypt-spring-boot-starter</artifactId>
  </dependency>

Next, I want to test if it works or not through this code snippet shown below.

public static void main(String[] args) {

    StandardPBEStringEncryptor standardPBEStringEncryptor = new StandardPBEStringEncryptor();
    standardPBEStringEncryptor.setPassword("demo-password");
    standardPBEStringEncryptor.setAlgorithm("PBEWithHMACSHA512AndAES_256");
    standardPBEStringEncryptor.setIvGenerator(new RandomIvGenerator());
    String result = standardPBEStringEncryptor.encrypt("spring-cloud-password");
    System.out.println(result);
    System.out.println(standardPBEStringEncryptor.decrypt(result));

}

Then I copied it and pasted it wrapping with ENC(encrpted-password) in yml file.

Here is the yml file shown below

spring:
  application:
    name: configserver
  cloud:
    config:
      server:
        git:
          uri: Github-repo-address
          username: Github-username
          password: github-token
          clone-on-start: true
          default-label: main
    fail-fast: true

  security:
    user:
      name: spring-cloud-user
      password: ENC(YcplhYriW9Uwo+pByJxBl04lqiQKGEIbBgVeIXn+DBITIHV9IUVenfknA2VHFswkm144fSrQRqjxZ17+g+z3GA==)


jasypt:
  encryptor:
    password: ${PASSWORD}

I get ${PASSWORD} from program arguments part.

Next, I run the app but I got this issue shown below.

com.ulisesbocchio.jasyptspringboot.exception.DecryptionException: Unable to decrypt: ENC(YcplhYriW9Uwo+pByJxBl04lqiQKGEIbBgVeIXn+DBITIHV9IUVenfknA2VHFswkm144fSrQRqjxZ17+g+z3GA==). Decryption of Properties failed,  make sure encryption/decryption passwords match
    at com.ulisesbocchio.jasyptspringboot.resolver.DefaultPropertyResolver.lambda$resolvePropertyValue$0(DefaultPropertyResolver.java:46)
    at java.base/java.util.Optional.map(Optional.java:260)
    at com.ulisesbocchio.jasyptspringboot.resolver.DefaultPropertyResolver.resolvePropertyValue(DefaultPropertyResolver.java:40)
    at com.ulisesbocchio.jasyptspringboot.resolver.DefaultLazyPropertyResolver.resolvePropertyValue(DefaultLazyPropertyResolver.java:50)
    at com.ulisesbocchio.jasyptspringboot.EncryptablePropertySource.getProperty(EncryptablePropertySource.java:20)
    at com.ulisesbocchio.jasyptspringboot.caching.CachingDelegateEncryptablePropertySource.getProperty(CachingDelegateEncryptablePropertySource.java:41)
    at com.ulisesbocchio.jasyptspringboot.wrapper.EncryptableMapPropertySourceWrapper.getProperty(EncryptableMapPropertySourceWrapper.java:31)
    at org.springframework.cloud.bootstrap.encrypt.EnvironmentDecryptApplicationInitializer.merge(EnvironmentDecryptApplicationInitializer.java:236)
    at org.springframework.cloud.bootstrap.encrypt.EnvironmentDecryptApplicationInitializer.merge(EnvironmentDecryptApplicationInitializer.java:207)
    at org.springframework.cloud.bootstrap.encrypt.EnvironmentDecryptApplicationInitializer.decrypt(EnvironmentDecryptApplicationInitializer.java:189)
    at org.springframework.cloud.bootstrap.encrypt.EnvironmentDecryptApplicationInitializer.initialize(EnvironmentDecryptApplicationInitializer.java:124)
    at org.springframework.cloud.bootstrap.BootstrapApplicationListener$DelegatingEnvironmentDecryptApplicationInitializer.initialize(BootstrapApplicationListener.java:441)
    at org.springframework.boot.SpringApplication.applyInitializers(SpringApplication.java:626)
    at org.springframework.boot.SpringApplication.prepareContext(SpringApplication.java:370)
    at org.springframework.boot.SpringApplication.run(SpringApplication.java:314)
    at org.springframework.boot.SpringApplication.run(SpringApplication.java:1237)
    at org.springframework.boot.SpringApplication.run(SpringApplication.java:1226)
    at com.microservices.demo.config.server.ConfigServer.main(ConfigServer.java:11)
Caused by: org.jasypt.exceptions.EncryptionOperationNotPossibleException: null
    at org.jasypt.encryption.pbe.StandardPBEByteEncryptor.decrypt(StandardPBEByteEncryptor.java:1169)
    at org.jasypt.encryption.pbe.StandardPBEStringEncryptor.decrypt(StandardPBEStringEncryptor.java:738)
    at org.jasypt.encryption.pbe.PooledPBEStringEncryptor.decrypt(PooledPBEStringEncryptor.java:511)
    at com.ulisesbocchio.jasyptspringboot.encryptor.DefaultLazyEncryptor.decrypt(DefaultLazyEncryptor.java:57)
    at com.ulisesbocchio.jasyptspringboot.resolver.DefaultPropertyResolver.lambda$resolvePropertyValue$0(DefaultPropertyResolver.java:44)
    ... 17 common frames omitted

How can I fix it?

Edited I passed the value as shown below

Program Arguments -> -Djasypt.encryptor.password='Demo_Pwd!2020'

Answer 1

1.Make sure that the jasypt.encryptor.password property in your application.yml file is set to the same value as the demo-password that you used when encrypting the spring-cloud-password in your main method.

2.Make sure that you are passing the correct value for the PASSWORD program argument when running your application.

3.Make sure that you are using the correct algorithm when encrypting and decrypting the password. In your main method, you are using the "PBEWithHMACSHA512AndAES_256" algorithm, but it's not clear if this is the same algorithm that is being used by Jasypt in your application.

4.Make sure that you are using the correct value for the encrypted password in your application.yml file. It's possible that the value you have pasted there is incorrect or has been modified in some way.