I followed the below links for encrypting the password in my application properties file.

http://www.technovillage.org/?p=187

https://www.ricston.com/blog/encrypting-properties-in-spring-boot-with-jasypt-spring-boot/

I am just wondering which option here is more safer keeping the jasypt.encryptor.password in the application properties(then someone will decrypt my encrypted password using encryptor password.)

Or I shall pass it as a jvm parameter while starting the application.

Just wanted thoughts. Thanks in advance

share|improve this question
  • There's nothing concrete or factual here; you're looking for opinions. We shouldn't be giving you opinions.– MakotoFeb 14 at 20:36

If you don't want to keep the real password in application.properties file to keep it as a secret, it wouldn't make any sense to keep the necessary information to decode it in there - you might just as well keep the decoded password there in that case. Thus passing it as a jvm parameter would be more safer - that way people who have access to the repository wouldn't have access to the password.

share|improve this answer

    Your Answer

     
    discard

    By posting your answer, you agree to the privacy policy and terms of service.

    Not the answer you're looking for? Browse other questions tagged or ask your own question.