Can we avoid plain text passwords for DB connectivity.? We dont want to specify text passwords.

[reppala]

# User and password to access the DB server
db_username: <user name to access the db>
db_password: <passwd to access the db>

Encryption or reading passwords from centralized location will help

[raulcf]

We can add an util to return an encrypted version of the password. Then decrypt it before using it in the connection path. That would fix the issue.

To do that, we can use javax.crypto.Cipher which contains a lot of functionality for this task. This, however, will require a password to decode the encoded password (within the application). The question is then, how do we provide the decipher password? Would giving it as a runtime property ( option -D in the JVM) work? How do people like to handle this?

Another related question is how do we identify whether the password is encrypted or not? Should we have two different fields in the YAML config file (e.g., db_password and also db_password_encrypted?) This would work because we can then check at runtime that at least one has a value and: i) use it directly if not encrypted or; ii) decrypt with the provided decryption password and use.

Does that sound good?