I'm developing a Java Play application and I'm storing the Database password in plain text inside the application.conf file.
db.default.url="jdbc:oracle:thin:@HOST:PORT/SID"
db.default.user=USER
db.default.pass=PW
Now i want to store it as an encrypted password.
While searching for a solution I saw many articals about implementing a plugin. Following is an solution I came across.
Encrypting db password in application.conf
In that example, play.PlayPlugin is used but when I try it, I get an package not found error. Do I need to insert an external jar file or is it because of a version problem. I'm using Java play 1.2
Is there any other way to store password in encrypted format other than a plugin.
You shouldn't need to encrypt anything inside your own system. Just make sure your server is secure.
Since you will need to let your application access the password, an attacker who has access to your system would be able to get to your password anyway.
But never ever check your passwords into git (or subversion or whatever)!
Instead what you should do is this:
Add this line to your application.conf:
include "secure.conf"
Create the secure.conf in your conf-folder.And save all your credentials in this file.
- Add
secure.conf to your .gitignore, so it doesn't go into your Git.
- Manually add and update the
secure.conf-file on your server.
Is there any other way to store password in encrypted format other than a plugin.
Well you could create your own formula for encrypting and decrypting the password. For example you can store the password in character array, make characters into bytes, do something to those bytes and save it into a file. For decrypting you just do all that stuff backwards.
