{"id":36420385,"url":"https://github.com/linux-china/dotenvx-spring-boot","last_synced_at":"2026-01-11T17:07:28.290Z","repository":{"id":306997532,"uuid":"1028007172","full_name":"linux-china/dotenvx-spring-boot","owner":"linux-china","description":"Dotenvx for Spring Boot,  load encrypted items `encrypted:xx` from application.properties","archived":false,"fork":false,"pushed_at":"2025-12-03T14:36:07.000Z","size":112,"stargazers_count":12,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-12-06T03:26:55.463Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/linux-china.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-07-28T22:03:07.000Z","updated_at":"2025-12-03T14:36:10.000Z","dependencies_parsed_at":"2025-07-28T22:45:28.451Z","dependency_job_id":"ce89300b-535c-4b7d-99cb-c3983ac2baf8","html_url":"https://github.com/linux-china/dotenvx-spring-boot","commit_stats":null,"previous_names":["linux-china/dotenvx-spring-boot"],"tags_count":6,"template":false,"template_full_name":null,"purl":"pkg:github/linux-china/dotenvx-spring-boot","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/linux-china%2Fdotenvx-spring-boot","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/linux-china%2Fdotenvx-spring-boot/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/linux-china%2Fdotenvx-spring-boot/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/linux-china%2Fdotenvx-spring-boot/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/linux-china","download_url":"https://codeload.github.com/linux-china/dotenvx-spring-boot/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/linux-china%2Fdotenvx-spring-boot/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28314264,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-11T14:58:17.114Z","status":"ssl_error","status_checked_at":"2026-01-11T14:55:53.580Z","response_time":60,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-01-11T17:07:27.797Z","updated_at":"2026-01-11T17:07:28.285Z","avatar_url":"https://github.com/linux-china.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"dotenvx-spring-boot\n=======================\n\n**[Dotenvx](https://dotenvx.com)** integration for Spring Boot 3.x/4.x to load encrypted items from `application.properties`\nor `application.yml`.\n\n# Get Started\n\nIf you use IntelliJ IDEA, please download [Dotenvx JetBrains Plugin](https://plugins.jetbrains.com/plugin/28148-dotenvx)\nfirst, and all operations could be finished in IDE.\n\nOr download the last version of dotenvx-cli from [dotenvx-rs](https://github.com/linux-china/dotenvx-rs),\nand follow the steps below to add encrypted items.\n\nIf you want to a real Dotenvx Spring Boot demo, please\ncheck [dotenvx-spring-boot-demo](https://github.com/linux-china/dotenvx-boot-demo).\n\n```bash\n$ cd spring-boot-project-dir\n$ dotenvx init\n$ dotenvx set --encrypt nick Jackie\n```\n\n`application.properties` content example:\n\n```properties\n# ---\n# uuid: 019852dd-8798-7991-b1df-c2b388de0fc4\n# sign: 6xEkGwGLig9DuO+iO5jm4RTBG+oQjKZt0XHvVQ28VZIDM8PFaaHMmG+S/xfezoCUJuMvqlFFNOokCg4WIkBWsg==\n# ---\ndotenv.public.key=02324d763b27358d4229651fd9d0822fb263b07bcc3422f5bd9968cafc194011ff\n### spring configuration\nnick=encrypted:BDFsggcvh9IiNUIZ66YrEI10sLoUJS6WW+UiUxqfAGyHo6cfg9lQ1DhOy9z18F50aRicFHZ7dXH7CagfhonUnZA5W+l1xldVBzv4b8OJN05qih2PHIcY01spqx6RYrgg76pUsuv2eA==\n```\n\nAdd the following dependency to your `pom.xml`:\n\n```xml\n\n\u003cdependency\u003e\n    \u003cgroupId\u003eorg.mvnsearch\u003c/groupId\u003e\n    \u003cartifactId\u003edotenvx-spring-boot-starter\u003c/artifactId\u003e\n    \u003cversion\u003e0.1.5\u003c/version\u003e\n\u003c/dependency\u003e\n```\n\nStart your Spring Boot application, and add `-Ddotenv.private.key=your_private_key` to the command line,\nor add `DOTENV_PRIVATE_KEY=your_private_key` to your environment variables.\nand dotenvx start will automatically decrypt the `encrypted:` prefixed items in your properties or YAML files.\nIf you are using [Spring Debugger](https://www.jetbrains.com/help/idea/spring-debugger.html),\nand you will notice the decrypted value as hints in the configuration files.\n\n**Note**: The private key for `application.properties` is from `$HOME/.dotenvx/.env.keys.json`.\n**Attention**: dotenvx-spring-boot-starter uses Bouncy Castle `bcprov-jdk18on`(JDK 1.8+).\nIf `bcprov-jdk15on` is in project's dependencies, please pay attention to confliction.\n\n# Profile support\n\nPlease add `dotenv.public.key.profile-name` in `application-profile.properties`.\n\n```\n# ---\n# id: 019881d9-39b0-7ec1-a623-5829d8480774\n# name: project_ame\n# group: group_name\n# ---\ndotenv.public.key.test=03f23142c47684e0eecda5bad9c2a6a32e461e55d5db1359948aee9e169d5aed4d\n### spring boot configuration\nnick2=encrypted:BMVDgpuPNebbj1NIHxJocBLOxBBxZM3oDqBJ8laGYYso1slYeNJcZs/7Qy1NKDsO+SPmnUd5UDV/LfEEctiyr2I81IGQfuuE8iZwVgqGq12KCa7CouLWH6cm/NRyzSr9PuqVtGdmfAk=\n```\n\nStart your Spring Boot application, and add `-Ddotenv.private.key.test=your_private_key` to the command line,\nor add `DOTENV_PRIVATE_KEY_TEST=your_private_key_test` to your environment variables.\n\n# .env.keys for application test\n\n```\n# ---\n# id: 019852dd-8798-7991-b1df-c2c8b743a0e1\n# name: spring-boot-test\n# group: demo\n# ---\n\n# Private decryption keys. DO NOT commit to source control\nDOTENV_PRIVATE_KEY=a7a0006f9136c246937a5ae60f11cfb71541df0dac389015e6916b3ebbe170cd\nDOTENV_PRIVATE_KEY_TEST=0c8eac932150e0d51cfc59ccbd2c0613298464b2922d900b96511cf7239b7aa5\n```\n\n# How dotenvx-spring-boot reads private keys\n\n- Read `dotenv.private.key` from `ConfigurableEnvironment`\n- Read `DOTENV_PRIVATE_KEY` in your environment variables\n- Read private key from `$HOME/.dotenvx/.env.keys.json` file by the public key\n- Read private key from `.env.keys` or `$HOME/.env.keys` file\n\n# Jackson Integration\n\nIf you want to use Dotenvx to protect some fields with JSON output, you can use the following code:\n\n```java\n\n@Configuration\npublic class DotenvxJacksonConfig {\n    @Bean\n    public SimpleModule dotenvxJacksonModule(@Value(\"${dotenvx.public.key}\") String publicKey, @Value(\"${dotenvx.private.key}\") String privateKey) {\n        SimpleModule simpleModule = new SimpleModule();\n        simpleModule.addSerializer(new DotenvxGlobalJsonSerializer(publicKey));\n        simpleModule.addDeserializer(String.class, new DotenvxGlobalJsonDeserializer(privateKey));\n        return simpleModule;\n    }\n}\n```\n\nFor encryption, make sure the field's value with `private:` prefix.\nFor decryption, make sure the field's value with `encrypted:` prefix.\n\n**Tips**: please use `dotenvx init --stdout` to generate a new key pair for this case. Don't use app config key pair.\n\n# JWT support\n\nMost web applications use JWT to authorize a user, and Dotenvx Spring Boot\nuses [Nimbus JOSE + JWT](https://connect2id.com/products/nimbus-jose-jwt) to generate and verify JWT token.\n\n```java\n\n@Test\npublic void testGenerateJwt() throws Exception {\n    final ECKeyPair keyPair = Ecies.generateEcKeyPair();\n    String subject = \"example-user\";\n    JWTClaimsSet claimsSet = new JWTClaimsSet.Builder()\n            .subject(subject)\n            .issuer(\"dotenvx\")\n            .issueTime(new Date())\n            .expirationTime(new Date(System.currentTimeMillis() + 3600000)) // 1 hour expiration\n            .build();\n    final BCECPublicKey publicKey = keyPair.getPublic();\n    final BCECPrivateKey privateKey = keyPair.getPrivate();\n    final String jwtToken = Secp256k1JwtService.createJwtToken(privateKey, claimsSet);\n    final JWTClaimsSet jwtClaimsSet = Secp256k1JwtService.verifyJwt(jwtToken, publicKey);\n    assertThat(jwtClaimsSet.getSubject()).isEqualTo(subject);\n}\n```\n\nFor more, please refer to the following Java classes:\n\n- [Ecies](dotenvx-spring-boot/src/main/java/org/mvnsearch/dotenvx/ecies/Ecies.java): generate a key pair\n- [Secp256k1KeyParser](dotenvx-spring-boot/src/main/java/org/mvnsearch/dotenvx/jwt/Secp256k1KeyParser.java):\n  public/private key parser\n- [Secp256k1JwtService](dotenvx-spring-boot/src/main/java/org/mvnsearch/dotenvx/jwt/Secp256k1JwtService.java): JWT\n  Service\n- [Secp256k1Signer](dotenvx-spring-boot/src/main/java/org/mvnsearch/dotenvx/jwt/Secp256k1Signer.java): signature service\n\n# Credits\n\n* jasypt-spring-boot: https://github.com/ulisesbocchio/jasypt-spring-boot\n\n# References\n\n* [Dotenvx JetBrains Plugin](https://plugins.jetbrains.com/plugin/28148-dotenvx/): Dotenvx JetBrains IDE plugin with\n  Spring Boot support\n* [Dotenvx](https://dotenvx.com/): encrypts your .env files, limiting their attack vector while retaining their\n  benefits.\n* [dotenvx-rs](https://github.com/linux-china/dotenvx-rs): Dotenvx Rust SDK/CLI\n* [dotenvx-java](https://github.com/linux-china/dotenvx-java): Dotenvx Java SDK\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flinux-china%2Fdotenvx-spring-boot","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flinux-china%2Fdotenvx-spring-boot","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flinux-china%2Fdotenvx-spring-boot/lists"}