diff --git a/pom.xml b/pom.xml
index 5c13b506f..e45ec2497 100644
--- a/pom.xml
+++ b/pom.xml
@@ -77,6 +77,7 @@
utils/events
utils/cdi-provider
utils/crypto
+ utils/jasypt
testsuite
documentation
examples
diff --git a/utils/jasypt/pom.xml b/utils/jasypt/pom.xml
new file mode 100644
index 000000000..92c8b66b6
--- /dev/null
+++ b/utils/jasypt/pom.xml
@@ -0,0 +1,42 @@
+
+
+ 4.0.0
+
+ smallrye-config-parent
+ io.smallrye.config
+ 2.12.2-SNAPSHOT
+ ../../pom.xml
+
+
+ smallrye-config-jasypt
+
+ SmallRye Config: Jasypt
+
+
+
+ io.smallrye.config
+ smallrye-config
+
+
+ org.jasypt
+ jasypt
+ 1.9.3
+
+
+
+
+ org.junit.jupiter
+ junit-jupiter
+
+
+ io.smallrye.testing
+ smallrye-testing-utilities
+
+
+ jakarta.annotation
+ jakarta.annotation-api
+ test
+
+
+
+
diff --git a/utils/jasypt/src/main/java/io/smallrye/config/jasypt/JasyptSecretKeysHandler.java b/utils/jasypt/src/main/java/io/smallrye/config/jasypt/JasyptSecretKeysHandler.java
new file mode 100644
index 000000000..aa80fd596
--- /dev/null
+++ b/utils/jasypt/src/main/java/io/smallrye/config/jasypt/JasyptSecretKeysHandler.java
@@ -0,0 +1,26 @@
+package io.smallrye.config.jasypt;
+
+import org.jasypt.encryption.pbe.StandardPBEStringEncryptor;
+import org.jasypt.iv.RandomIvGenerator;
+import org.jasypt.properties.PropertyValueEncryptionUtils;
+
+import io.smallrye.config.SecretKeysHandler;
+
+public class JasyptSecretKeysHandler implements SecretKeysHandler {
+ @Override
+ public String handleSecret(final String secret) {
+ // TODO - We need to be able to configure this in the Handler.
+ // Option to configure it in the constructor or retrieve config on the fly?
+ StandardPBEStringEncryptor encryptor = new StandardPBEStringEncryptor();
+ encryptor.setPassword("jasypt");
+ encryptor.setAlgorithm("PBEWithHMACSHA512AndAES_256");
+ encryptor.setIvGenerator(new RandomIvGenerator());
+ encryptor.initialize();
+ return PropertyValueEncryptionUtils.decrypt(secret, encryptor);
+ }
+
+ @Override
+ public String getName() {
+ return "jasypt";
+ }
+}
diff --git a/utils/jasypt/src/main/resources/META-INF/services/io.smallrye.config.SecretKeysHandler b/utils/jasypt/src/main/resources/META-INF/services/io.smallrye.config.SecretKeysHandler
new file mode 100644
index 000000000..d2338e798
--- /dev/null
+++ b/utils/jasypt/src/main/resources/META-INF/services/io.smallrye.config.SecretKeysHandler
@@ -0,0 +1 @@
+io.smallrye.config.jasypt.JasyptSecretKeysHandler
diff --git a/utils/jasypt/src/test/java/io/smallrye/config/jasypt/JasyptSecretKeysHandlerTest.java b/utils/jasypt/src/test/java/io/smallrye/config/jasypt/JasyptSecretKeysHandlerTest.java
new file mode 100644
index 000000000..c44acd6ab
--- /dev/null
+++ b/utils/jasypt/src/test/java/io/smallrye/config/jasypt/JasyptSecretKeysHandlerTest.java
@@ -0,0 +1,28 @@
+package io.smallrye.config.jasypt;
+
+import static org.junit.jupiter.api.Assertions.*;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import org.junit.jupiter.api.Test;
+
+import io.smallrye.config.PropertiesConfigSource;
+import io.smallrye.config.SmallRyeConfig;
+import io.smallrye.config.SmallRyeConfigBuilder;
+
+class JasyptSecretKeysHandlerTest {
+ @Test
+ void jasypt() {
+ Map properties = new HashMap<>();
+ properties.put("my.secret", "${jasypt::ENC(wqp8zDeiCQ5JaFvwDtoAcr2WMLdlD0rjwvo8Rh0thG5qyTQVGxwJjBIiW26y0dtU)}");
+
+ SmallRyeConfig config = new SmallRyeConfigBuilder()
+ .addDefaultInterceptors()
+ .addDiscoveredSources()
+ .withSources(new PropertiesConfigSource(properties, "", 0))
+ .build();
+
+ assertEquals("12345678", config.getRawValue("my.secret"));
+ }
+}