Support encrypted properties

[efenderbosch]

We've implemented encryptable YAML properties by specifying a custom EncryptedYamlPropertySourceLoader in META-INF/spring.factories. However, we can't do this for Environment variables. We have a requirement that usernames and passwords must not be in plain text. We've solved that problem for YAML, but we'd like to move to building Docker containers, which will pull parameters from ENV variables.

Our EncryptedYamlPropertySourceLoader uses a custom EncryptablePropertiesPropertySource which has our decryption utility injected. Here's a gist with those two classes:
https://gist.github.com/efenderbosch/6839a7864d520766d240

It would be nice to support encrypted properties natively, without any custom classes. A naming convention could be used, like if the property begins with "encrypted" then it will be decrypted via an injected utility that implements PropertyDecryptor or something similar.

Our YAML files look like this now:

encrypted:
  username: <base64 encoded encrypted text goes here>
  password: <base64 encoded encrypted text goes here>
  redis.password: <base64 encoded encrypted text goes here>
  key: <partial base64 encoded encryption key goes here>
  # other part of key is in code
spring:
  datasource:
    url: jdbc:postgresql://server.${spring.profiles.active}.company.net/database
    username: ${encrypted.username}
    password: ${encrypted.password}
  redis:
    password: ${encrypted.redis.password}

This makes it easy to setup an encrypted block per profile(local/dev/qa/stage/prod) and keep the rest of the config the same.

[ptahchiev]

This seems to be related to https://jira.spring.io/browse/SPR-12420

[philwebb]

I think this one duplicates #1312, could you possibly add your voice to the comments in that bug. It seems like this is becoming quite a popular request.