java – How I can encrypt/decrypt Spring boot server properties
If youre looking for spring boot related answer I suggest taking a look at spring-cloud-config project.
This project allows managing configurations externally (in filesystem or in git, for example), and among other things has a support for encrypting property values both via symmetric private secret and via public/private key pair
A protected Property, in this case, looks like this:
Where the AZXCASDAZXC341234ZXCASDFedr453 is actually an encrypted value of some password.
In order to encrypt it, you should call the encrypt method one time, assuming the spring-cloud-config server is running on port 8888 of your machine.
$ curl localhost:8888/encrypt -d mysecretdbpassword >>AZXCASDAZXC341234ZXCASDFedr453
Here the value of password mysecretdbopassword gets encrypted.
The key has to be specified in configurations of the spring-cloud-config microservice itself.
Another option that this service has is an integration with Hashicorp vault, so it also can be a good candidate for keeping the secrets.
We did something similar by incorporating the Jasypt tool. Its nicely baked into the Spring eco-system. Basically you encrypt the values with an encryption key (a string) and put the encrypted value in your properties file surrounded by
ENC(...). Then you put the encryption key in a specified environment variable on the server where your code is running. You can then map the encrypted values directly into variables with
Another option is not to store the password in your source at all, and instead secure those on the server in environment variables and access them directly at runtime. I think any way you slice it you end up relying on the fact that the server is secure, so its important that you are confident that your server wont be compromised.