I’m working on a Java application that interacts with a REST API. To communicate with this API, I must use TOKEN, all these TOKEN are sensitive data and I cannot write in my code.
So I’m looking for a way like a configuration file to store the TOKEN and access it.
Currently, I made an XML file with all my TOKEN and I read, but I don’t think that’s the right way to do it.
I'm working with IDEA, JDK-17, Maven Project
Thanks for your help!
CodePudding user response:
Based on what I have observed so far, I believe this XML file is acting as a config file or something like that which manages environment variables at runtime. However, you need to be aware that any sensitive values should not be stored as plain text inside your repository, database, containers, etc.
We resolve this problem by storing sensitive values encrypted in a trustworthy and secure location and decrypting them just before deployment into production.
If you wish to store these tokens encrypted, you can use the github encypted-secret feature. Then, before deployment, rebuild this XML using a CI pipeline, and let github handle decryption of values during the build time (See this example). As another example, you can use AWS secret-manager to encrypt all values and then inject these values inside your container while deploying your docker container into ECS.
The advantages of this approach include preventing token leakage and providing easy key rotation by simply replacing values in Gtihub, AWS, etc and creating a new deployment.
CodePudding user response:
You can check Keycloak server: https://www.keycloak.org/