3

I have the following use case :

  1. I have a property file, say test.properties
  2. This property file needs to be encrypted as this has some confidential data.
  3. I have a utility through which i can encrypt the property file.

Is there a way I can use Spring to inject the values from this property file to my class?

Maarten Bodewes
  • 90,524
  • 13
  • 150
  • 263
Vyomkesh Tiwari
  • 61
  • 1
  • 6
  • Possible duplicate: http://stackoverflow.com/questions/7249880/spring-encrypt-values-from-properties-file – Rafal G. Sep 06 '15 at 13:29
  • @R4J That's asking to encrypt values *in* a property file instead of encrypting the property file in totality if I'm reading the other question correctly. Still, for this specific use case ("it has **some** confidential data") it could provide an answer. Still, not a dupe. – Maarten Bodewes Sep 06 '15 at 13:40
  • First thing to wonder: where would Spring find the decryption key? – JB Nizet Sep 06 '15 at 13:47
  • @Vyomkesh i did it and actively using it in mu project for encryting db pasword etc. . Im using spring boot but it should be similar with spring as well. Im outside now, but later today i'll post an answer. – Gokhan Oner Sep 06 '15 at 15:07
  • Also, for spring boot, you can look to this.https://github.com/ulisesbocchio/jasypt-spring-boot/tree/master/jasypt-spring-boot – Gokhan Oner Sep 06 '15 at 15:07
  • I suggest Jasypt Follow the answer by tolitius http://stackoverflow.com/questions/7249880/spring-encrypt-values-from-properties-file – Haim Raman Sep 07 '15 at 04:54

1 Answers1

0

The real question is, how are you protecting the key? If someone has access to the key, they can decrypt the properties file.

Even if you keep the key in an HSM, the user that can utilize the HSM can decrypt the properties file, so what's the point?

Create an O/S user to run your application as. Run the application as that user. Only let that user access the properties file. That's the best you can do.

Neil McGuigan
  • 46,580
  • 12
  • 123
  • 152