I have an Akka project that needs several passwords to work: to access a datastore, a distributed filesystem connection string...
Those values are not hardcoded in the configuration file, but rather pulled from a key vault at run time during app startup and then stored in memory in a typesafe config object as the thirdparty are using this configuration to get the password and open the connections.
I am just wondering if somehow this is risky, as I am guessing the strings would be in clear in memory. Is there a way to transparently obfuscate/encrypt the values ? Or do I need to implement it on my side, and update the thirdparties so that they transform the string before actually opening the connections.
In my opinion that is, in almost every application, a security risk you should not be concerned of. Since Scala runs on the JVM please refer to: Sensitive Data In Memory.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With