Reputation: 65298
How to handle passwords in config/properties files
We have a shared code base between different teams. Is there any kind of best practice of storing admin credentials in a spring properties file? I don't want anyone to see the username or password. We are using docker and aware I can use docker secrets but I don't want to tie passwords to docker. I want to access the passwords even if we're not using docker.
Upvotes: 2
Views: 2332
Answers (5)
Reputation: 7384
In Docker Swarm use secrets. In a normal Docker daemon use Environment Variables or env_file
Upvotes: 0
Reputation: 7041
Simple Approach: Use environment variables instead of putting sensitive values inside your application.properties file.
Advanced Approach: Vault. Check out the Spring Cloud Vault project for more details on how to leverage Vault with Spring applications.
Upvotes: 1
Reputation: 45500
Encrypt the application.properties file, then track it with git.
Then Simply ingore the decrypted application.properties.
Upvotes: 0
Reputation: 20097
One of the best solutions I know is Blackbox https://github.com/StackExchange/blackbox (via stackexchange ;)
Upvotes: 1
Related Questions
- Spring Boot how to hide passwords in properties file
- How to handle Docker-Secrets in application.properties files
- SpringBoot application.properties file with multiple users/passwords/roles
- Best way define important credentials in spring boot
- Hide passwords in application properties of Spring boot application
- Externalize password in Spring Boot properties file
- Using properties file for user credentials with java configuration in Spring security
- Spring boot security config with Docker
- How to store password as encrypted in properties file in Spring
- How can I store sensitive data in Java configuration files?