2

I have seen examples with Gradle, where API key is stored in gradle.properties file. After that modifying the build.gradle file and then using a variable for it in Java app.

How can I do something similar in a Maven Project?

papasvenska
  • 21
  • 1
  • 7
  • Is the `gradle.properties` file one you would commit to source control? If so, that's not a good place to store the API key. Spring Boot's `application.properties` can take values from the environment. How do you run your SB application? Is it managed by something like `OpenShift`? – David Conrad Mar 23 '22 at 13:49
  • As already mentioned checkin in is a bad idea...better using things like vault etc. ? – khmarbaise Mar 23 '22 at 13:49
  • I'm not an expert on this, but such files usually go into source control, like GitHub, and thus I wouldn't put sensitive content in there. An everything-agnostic way is putting them into environment variables and reading via `System.getenv()`, https://docs.oracle.com/javase/tutorial/essential/environment/env.html – tevemadar Mar 23 '22 at 13:51
  • Its just a quick local webapp test which I want to put to github without exposing the keys. – papasvenska Mar 23 '22 at 13:54
  • Try JASYPT- https://www.baeldung.com/spring-boot-jasypt or Vault - https://stackoverflow.com/questions/60723956/securely-storing-secrets-of-a-spring-boot-application-in-hashicorp-vault – Sibin Rasiya Mar 25 '22 at 10:19

1 Answers1

1

You can configure your api key to don't be pushed to your git remote repository, and then use it on your project using the @Value annotation.

You can configure the file containing your api key as "application-dev.properties" so it can't be pushed to the remote repository.

.gitignore

application-dev.properties

It can be created under

/resources/application-dev.properties

You can define your api key there

application-dev.properties

apiKey=your_key

And then in some class that you want to use it

SomeClass.java

public class SomeClass {

    @Value("${apiKey}")
    private String apiKey;

}

Then you can use this variable apiKey as your api key, hiding the actual value.

Pedro Luiz
  • 321
  • 1
  • 5