When using Spring Boot application we use different application.properties
files according to different environments.
We put important credentials like: database configurations, server IPs, admin username/password and so on.
I am worrying about what would happen if someone would obtain our application properties and get all important details.
Is there any good approach to put important credentials somewhere and obtain them in our Spring Boot application based on environment?
Instead of using just the password as input to the hash function, random bytes (known as salt) would be generated for every users' password. The salt and the user's password would be ran through the hash function which produced a unique hash. The salt would be stored alongside the user's password in clear text.
Many techniques
Using tokens replacement (maven replacor)
application.properties spring.datasource.password=#MY_DB_PASSWORD#
tokens.properties #MY_DB_PASSWORD#=SECRET_PASSWORD
where tokens.properties has an access protection
Using environment variablemvn spring-boot:run -Dspring.datasource.password=SECRET_PASSWORD
or simplyspring.datasource.password=${myDbPasswordEnv}
Using Jaspyt to encrypt your properties
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With