Securing a password in a properties file [duplicate]

by

enter image description here

Jasypt provides the org.jasypt.properties.EncryptableProperties class for loading, managing and transparently decrypting encrypted values in .properties files, allowing the mix of both encrypted and not-encrypted values in the same file.

http://www.jasypt.org/encrypting-configuration.html

By using an org.jasypt.properties.EncryptableProperties object, an
application would be able to correctly read and use a .properties file
like this:

datasource.driver=com.mysql.jdbc.Driver 
datasource.url=jdbc:mysql://localhost/reportsdb 
datasource.username=reportsUser 
datasource.password=ENC(G6N718UuyPE5bHyWKyuLQSm02auQPUtm)

Note that
the database password is encrypted (in fact, any other property could
also be encrypted, be it related with database configuration or not).

How do we read this value? like this:

/*
* First, create (or ask some other component for) the adequate encryptor for   
* decrypting the values in our .properties file.   
*/  
StandardPBEStringEncryptor encryptor = new StandardPBEStringEncryptor();     
encryptor.setPassword("jasypt"); // could be got from web, env variable...    
/*   
* Create our EncryptableProperties object and load it the usual way.   
*/  
Properties props = new EncryptableProperties(encryptor);  
props.load(new FileInputStream("/path/to/my/configuration.properties"));

/*   
* To get a non-encrypted value, we just get it with getProperty...   
*/  
String datasourceUsername = props.getProperty("datasource.username");

/*   
* ...and to get an encrypted value, we do exactly the same. Decryption will   
* be transparently performed behind the scenes.   
*/ 
String datasourcePassword = props.getProperty("datasource.password");

 // From now on, datasourcePassword equals "reports_passwd"...

More Related Contents:

  1. PreparedStatement IN clause alternatives?
  2. XSS prevention in JSP/Servlet web application
  3. How are SSL certificate server names resolved/Can I add alternative names using keytool?
  4. Handling passwords used for auth in source code
  5. Secure HTTP Post in Android
  6. How do I access private methods and private data members via reflection?
  7. Java Error: “Your security settings have blocked a local application from running”
  8. Handling Java crypto exceptions
  9. Appearance of Java Security dialog
  10. Keystore type: which one to use?
  11. java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty on Linux, or why is the default truststore empty [duplicate]
  12. Using NTLM authentication in Java applications
  13. How to force java server to accept only tls 1.2 and reject tls 1.0 and tls 1.1 connections
  14. How to implement a possibility for user to post some html-formatted data in a safe way?
  15. Create a mutable java.lang.String
  16. java.security.AccessControlException: Access denied (java.io.FilePermission
  17. convert openSSH rsa key to javax.crypto.Cipher compatible format
  18. How do I generate a SALT in Java for Salted-Hash?
  19. Android encryption
  20. How to restrict developers to use reflection to access private methods and constructors in Java?
  21. How to disable Java security manager?
  22. Too much data for RSA block fail. What is PKCS#7?
  23. How can I ensure the destruction of a String object in Java?
  24. When to move from Container managed security to alternatives like Apache Shiro, Spring Security?
  25. SSLContext initialization
  26. New java.security.AccessControlException in Java 8
  27. AccessController.doPrivileged
  28. Single role multiple IP addresses in Spring Security configuration
  29. How to check if class exists somewhere in package?
  30. How are the IV and authentication tag handled for “AES/GCM/NoPadding”?

Leave a Comment