Reputation: 2095
how to pass password to a java (Spring boot) application
We have to use ssl certificate for our rest web service which are created through springboot application.
Now, what I came to know that password is necessary in order to use a certificate. So we are changing our available .pem (without password) to .p12 (with password) using openssl. Now we have to provide spring this password.
Problem is the overhead which comes with introducing any new password.
We cannot hard-code this password in our application.properties due to bad design. So we are thinking of finding out the other ways to use password in application. So far I can think of below options. which one is better one and why?
Rather then setting password in application.properties, set it from java code. (I am not sure it will be set as environment variable or system variable)
use environment variable to store the password.
use any text file which stores the password (not preferred again due to bad design)
Upvotes: 0
Views: 8658
Answers (4)
Reputation: 584
you can achieve your scenario in the following way.
i am posting sample example.\
In Properties File:
spring.datasource.url=${db.url}
spring.datasource.username=${db.username}
while starting the project,
you can give the following command:
java -jar -Ddb.url=jdbc:postgresql://localhost:5432/postgres -Ddb.username=postgres sample.0.0.1-SNAPSHOT.jar(your jar name)
Upvotes: 1
Reputation: 2340
I can think of 3 ways you can do it
1. You can define password property only in application.properties but pass the value of the property during application startup.
java -jar -Dmyapp.password=YOUR_PASSWORD myapplication.jar
2. You can put encrypted passwords in application.properties and pass the decryption key during application startup. Jasypt plays very good with spring boot.
java -jar -Dmyapp.decryptKey=YOUR_KEY myapplication.jar
3. You can use spring vault
Upvotes: 0
Reputation: 455
For the provided options, i would go with the option 2, by using environment variables it will be easier to provide and change the password even in containerized environments and clouds.
But you can also consider other options, like using a safe k-v storage like Hashicorp Vault or etcd.
Note that using Vault or etcd, you can also provide and change the certificate dynamically, instead of shipping it with the application.
Upvotes: 0
Reputation: 130
option 3 seems feasible, but instead of storing it in a plain text file, you can encrypt the file, and put a decryption function in the application when reading the file.
Upvotes: 0
Related Questions
- Using encrypted password for database connection in spring boot web application
- How to encrypt server.ssl.key-store-password value and use it in SpringBoot
- Spring Security : Encrypt password
- Password Encryption / Decryption using Spring
- How to apply password encryption with Spring Security?
- Username and password in https url using Springboot
- Spring: encrypted password configuration
- Password encryption in Spring MVC
- spring security 4 java config to encrypt password with jpa
- Require authentication through https with spring security?