I followed the below links for encrypting the password in my application properties file.



I am just wondering which option here is more safer keeping the jasypt.encryptor.password in the application properties(then someone will decrypt my encrypted password using encryptor password.)

Or I shall pass it as a jvm parameter while starting the application.

Just wanted thoughts. Thanks in advance

  • There's nothing concrete or factual here; you're looking for opinions. We shouldn't be giving you opinions.– MakotoFeb 14 at 20:36

If you don't want to keep the real password in application.properties file to keep it as a secret, it wouldn't make any sense to keep the necessary information to decode it in there - you might just as well keep the decoded password there in that case. Thus passing it as a jvm parameter would be more safer - that way people who have access to the repository wouldn't have access to the password.

    Your Answer


    By clicking "Post Your Answer", you acknowledge that you have read our updated terms of service, privacy policy and cookie policy, and that your continued use of the website is subject to these policies.

    Not the answer you're looking for? Browse other questions tagged or ask your own question.