Reputation: 1851
Alternative Strategy for using plaintext credentials in Java code
I want to send a POST request to an endpoint, which involves sending the following in the Body:
{"userid" : "someusername" , "password" : "somepassword"}
I'm currently writing this body, including the password inside my code. My requirement is that I cannot write the password in the code. Not sure of the userid, but it may not be allowed in the future as well.
What strategy should I use such that I don't write the username and password in my code, but still I'm able to access and connect to the endpoint.
Upvotes: 0
Views: 74
Answers (2)
Reputation: 8163
- read from file
- pass username / password as arguments to the program
- query the user at the start of the program for username/password
This depends on your exact requirements also, if the issue is only that no credentials should be in code, but during runtime it doesn't really need to be secure, then any of the above is ok.
Upvotes: 0
Reputation: 780
Jasypt can be used to encrypt and decrypt passwords you've stored in your configuration files.
The library includes support for transparently accessing variables in spring, and hibernate.
<dependency>
<groupId>com.github.ulisesbocchio</groupId>
<artifactId>jasypt-spring-boot</artifactId>
<version>2.0.0</version>
</dependency>
Upvotes: 2
Related Questions
- Securely store user account details required for use in code
- Handling passwords used for auth in source code
- How to avoid hard coded database credentials in code
- Storing usernames and passwords securely
- JAVA - Secure way of retrieving / storing username & password to a server?
- How to avoid having keystore/trustore plain text password in code base?
- Secure plain text passwords in configuration
- What is a good/safe way to dynamically save a username and password information in Java?
- Storing a Password String in the Code
- How to programatically encrypt/decrypt plain text credentials in JSP?