I know Springboot applications can use application.properties or application.yaml files to retrieve variables like database connectivity setting, username, password etc.
However, and because of sensitive information, our development team has these only for test environment but not for production environments. These are not available to developers.
These are provided by security team and set up directly on server in server configuration files on Liberty server (these are server.xml files located in the server installation directory).
Developers have their own instance of Liberty server running where they have their own versions of server.xml files. If we could make Springboot read these files, then we could make it mimic production server environments and make transition easier instead of reading local application.properties files.
Is this possible?
If not, what would be a workaround?
CodePudding user response:
I will talk about alternative solution.
Firstly I do not understand how developer will access production server properties. And for securing sensitive properties you could use property encryptor tool. Sensitive properties will be in encrypted format in application.properties and during server startup it will decrypt encrypted properties and use accordingly.
Here is a such library for property encrytion library
CodePudding user response:
First, usually developer/application doesn't need direct access to props like database connectivity setting, username, password because all that is configured in server in data source configuration, so application just needs JNDI name of the datasource to connect to it.
Second, if you use technology that cannot be configured in server, developers and security team should utilize environment variables for such props.
Liberty can read env variables, or also define them via server.env
and then utilize in server.xml
config for example:
<dataSource jndiName="jdbc/myDS">
...
<properties.db2.jcc serverName="${JDBC_HOST}" portNumber="${JDBC_PORT}" databaseName="${JDBC_DB}" user="${JDBC_USER}" password="${JDBC_PASSWORD}"/>
</dataSource>
Similarly you can use env vars in your springboot either configuring it in application.properties
like this:
jdbc.user=${JDBC_USER}
or directly in code:
@Value("${JDBC_USER}")
private String jdbcUser;
Utilizing env variables has additional benefit that you can override them later if deploying in containers for example.