Package com.bonitasoft.processbuilder.extension

Class PasswordCrypto

java.lang.Object
com.bonitasoft.processbuilder.extension.PasswordCrypto
public final class PasswordCrypto extends Object
Utility class for secure password encryption and decryption.

Uses the environment variable MASTER_BONITA_PWD as the master password to derive encryption keys using PBKDF2. This approach eliminates the need to store encryption keys in the database.

Usage:


 // Encrypt a password before storing in database
 String encrypted = PasswordCrypto.encrypt("myPassword123");

 // Decrypt when needed
 String decrypted = PasswordCrypto.decrypt(encrypted);

 // Safe methods that check if already encrypted/decrypted
 String safeEncrypted = PasswordCrypto.encryptIfNeeded(text);
 String safeDecrypted = PasswordCrypto.decryptIfNeeded(text);

Configuration:

Set the environment variable before starting the server:


 export MASTER_BONITA_PWD="YourSecureMasterPassword123!"
Since:
1.0
Author:
Bonitasoft

  • Field Details

    • ENV_VAR_NAME

      public static final String ENV_VAR_NAME
      Environment variable name for the master password.
      See Also:

  • Method Details

    • encrypt

      public static String encrypt(String plainText)
      Encrypts the given text using the master password from environment variable.
      Parameters:
      plainText - the text to encrypt (must not be null)
      Returns:
      the encrypted text as Base64 string
      Throws:
      IllegalArgumentException - if plainText is null
      PasswordCrypto.CryptoException - if master password is not configured or encryption fails

    • decrypt

      public static String decrypt(String encryptedText)
      Decrypts the given encrypted text using the master password from environment variable.
      Parameters:
      encryptedText - the Base64 encrypted text to decrypt
      Returns:
      the decrypted plain text
      Throws:
      IllegalArgumentException - if encryptedText is null or empty
      PasswordCrypto.CryptoException - if master password is not configured or decryption fails

    • encryptIfNeeded

      public static String encryptIfNeeded(String text)
      Encrypts the text only if it does not appear to be already encrypted.
      Parameters:
      text - the text to encrypt
      Returns:
      the encrypted text, or the original if null/empty/already encrypted

    • decryptIfNeeded

      public static String decryptIfNeeded(String text)
      Decrypts the text only if it appears to be encrypted.
      Parameters:
      text - the text to decrypt
      Returns:
      the decrypted text, or the original if null/empty/not encrypted

    • isMasterPasswordConfigured

      public static boolean isMasterPasswordConfigured()
      Checks if the master password environment variable is configured.
      Returns:
      true if configured, false otherwise

    • isEncrypted

      public static boolean isEncrypted(String text)
      Checks if the given text appears to be encrypted.

      This is a heuristic check based on Base64 format and minimum length.

      Parameters:
      text - the text to check
      Returns:
      true if the text appears to be encrypted