0

I'm using Spring Boot and I wanted to save a password in

src/main/resources/application.properties

with this line:

spring.datasource.password={bcrypt}$2y$18$nBz3NZD6ygFL/MvgLm9lu.rZvfCjNhQRqpHBw4VkBphOzxxMUi1nW

On my business pc it worked but now it tells me it can't connect to user postgres with the provided password. I'm not using BcryptEncoder or something like that. I didn't do that on the other project as well. Now that it accidentally got deleted I'm not sure anymore what I should do.

  • 1
    If this is an actively used password i would suggest changing the salted hash. – puelo Jun 16 '21 at 12:28
  • It is only needed while starting the application. –  Jun 16 '21 at 12:33
  • 1
    bcrypt is a one-way hash. You cannot use this as a datasource password (because you have to have that in plain text) – derkoe Jun 16 '21 at 12:36
  • But how did it work on my other project? I had the same password twice. One for Spring Security and one for Spring Data JPA and it worked. (it was a sandbox connection, so it's okay to use the same password twice) –  Jun 16 '21 at 12:39
  • 1
    As I said it cannot work with bcrypt - maybe you were using something different like https://www.baeldung.com/spring-boot-jasypt – derkoe Jun 16 '21 at 12:42
  • Definitely not Jasypt. –  Jun 16 '21 at 14:09
  • The password in `spring.datasource.password` is used as plain text (unless you use something like Jasypt to wrap the `PropertySource`s to decrypt values). But by default it is used as is. If it worked on your work PC (which I doubt) you probably passed, somewhere, a different value for `spring.datasource.password` or the Postgres instance you connect to used that value as the password. Either way Spring Security's `PasswordEncoder` is never going to be used for the `spring.datasource.password` property. – M. Deinum Jun 16 '21 at 15:09

0 Answers0