Jasypt (https://github.com/jasypt/jasypt) and the according Spring Boot integration (https://github.com/ulisesbocchio/jasypt-spring-boot) do not really seem to be alive any longer.
What are current good practices for encrypting properties in Spring Boot applications using open source libraries? Simple solutions preferred.
Spring Cloud has builtin support for decrypting properties. Any property that starts with {cipher}... will automatically be decrypted at runtime. Similar to jasypt, a 'master' encryption key is used. Configuring this key can be done by specifying encrypt.key in bootstrap.yaml or by specifying the ENCRYPT_KEY environment variable. Default uses symmetric encryption, but it's also possible to use asymmetric keys.
spring:
datasource:
password: {cipher}xxxxx
To encrypt a value to ciphertext, there are different options:
The Spring CLI had support for encrypting values:
spring encrypt --key MySeCrEtMaStErKeY 'secretAPIkey'
however spring cli support is now gone (since version 3).
you could do it via this tooling
simply use this Java snippet (see here)
You can run Spring Cloud Config Server, and use the encrypt endpoint
Then start your app (that needs to have a dependency to spring-cloud-starter-config) by specifying the master encryption key in bootstrap.yaml or using an environment variable:
ENCRYPT_KEY=MySeCrEtMaStErKeY java -jar myapp.jar
See https://docs.spring.io/spring-cloud-commons/docs/current/reference/html/#encryption-and-decryption
For more sophisticated setups, I highly recommend using Hashicorp Vault. It's open source and free to use.