I have a Spring-Boot-Application, that I deploy with Helm to an Openshift Kubernetes Cluster. We are using an SSL-secured database, that needs passwords from key-and truststore.
The only way this works is by adding it to the JVM arguments like
-Djavax.net.ssl.trustStorePassword=XXX and -Djava.net.ssl.keyStorePassword=XXX
However, this is then logged, when the container starts up with the BARE passwords.
For example, its logged like this:
exec java -Dspring.profiles.active=test -Dt4sqlmx.sslEncryption=ON -Djavax.net.ssl.keyStorePassword=1234567 -Djavax.net.ssl.trustStorePassword=1234567 -jar test.jar
How can I overcome this?
Is there an alternate way to inject env variables to JVM?
