Java Play Encrypt Database Password

Question

I\'m developing a Java Play application and I\'m storing the Database password in plain text inside the application.conf file.

db.default.url=\"jdbc:oracle:thin:         


        

Answer 1

You shouldn't need to encrypt anything inside your own system. Just make sure your server is secure.

Since you will need to let your application access the password, an attacker who has access to your system would be able to get to your password anyway.

But never ever check your passwords into git (or subversion or whatever)!

Instead what you should do is this:

1. Add this line to your application.conf:

   include "secure.conf"
   

2. Create the secure.conf in your conf-folder.And save all your credentials in this file.

3. Add secure.conf to your .gitignore, so it doesn't go into your Git.
4. Manually add and update the secure.conf-file on your server.

Answer 2

Is there any other way to store password in encrypted format other than a plugin.

Well you could create your own formula for encrypting and decrypting the password. For example you can store the password in character array, make characters into bytes, do something to those bytes and save it into a file. For decrypting you just do all that stuff backwards.