What is the best practice for securely storing passwords in Java

You can use a local keystore where you could put passwords instead of secret keys.

Answer to edit:

Keystores are a perfect fit for your need. If you want extra protection, you could ask the user for one password to access all passwords when the user starts the application. Then, you could protect stored database password with a simple salt-and-stretch method (to generate an encryption key) using the one password that was used when starting the application.

Leave a Comment