Where/how do you store application secrets(password, API KEY) in Spring Boot application
Question
I want to encrypt sensitive data in application properties. I will use AES algorithm to encrypt/decrypt data. The key to decrypt will be stored in ENV variables, accessing this key requires the same privileges as modifying production application.
What do you think about this approach?
How do you protect sensitive data?
1 answers
solution1
2 2017-07-04 11:20:05
There are many ways:
- Spring Cloud Config
- Spring Cloud Config Vault
- Not store them at all and provide them via environment variables/files/whatever at run time
- I'm sure there are other ways
This is really too broad of a topic for Stackoverflow and is not really specific to Spring Boot or anything in particular.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
How do you mock external dependencies in spring boot application?
how to pass password to a java (Spring boot) application
Where to store the accessKey and secretKey for AWS Secrets Manager in Spring Boot
Where to store Spring Boot application-{profile}.properties?
How To use DistanceMatrix Api in Spring boot Application
Spring Boot - Key Store Password set in Code
Securely storing secrets of a Spring Boot application in HashiCorp Vault?
How do I KMS decrypt the password in the application.properties first before being used in spring boot
How to do an integration test for a Spring Boot application?
How to pass gitlab-ci secrets via docker-compose to spring-boot application?
Related Tags