Thank you for the video - I do have a quick question about the property - server.ssl.key-store-password If you notice the password is in "plain text" and not encrypted, is there a way to encrypt the password? Is it NOT a security risk that the password is in plain text? Is it even possible for a "bad actor" to unpack a JAR file and see what's in the application.properties file? I have not been able to find anything on the web that addresses this issue/question/problem. Any response would be appreciated. Thanks again.
There any many ways, we can externalize the password 1. We can use any of vaulting tool 2. If you are using deployment pipe lines, then you can use pipeline secrets 3. We can configure secrets in server bash profile and we can keep place holder in properties
Starting at min 9:32-ish he starts to generate the jks file, it is generated in E:\ then the file is copy'd into the "Project Path". Soon as the file is pasted there the application will be able to find it as defined in the property "server.ssl.key-store:classpath:javaexpert.jks" Hope that helps - I think it's right.
In video, i have mentioned as Asymmetric key but it is actually Symmetric key (time 5:30)
Good explanation. One correction needed - At 5:30, the server generates a symmetric key and NOT an asymmetric key.
My bad. Good observation ps z. Let me update it. Thank you for your support and keep supporting
Simply explained.helpful info.
please continue this series.
Thank you for your support.
Thank you for the video - I do have a quick question about the property - server.ssl.key-store-password
If you notice the password is in "plain text" and not encrypted, is there a way to encrypt the password? Is it NOT a security risk that the password is in plain text?
Is it even possible for a "bad actor" to unpack a JAR file and see what's in the application.properties file?
I have not been able to find anything on the web that addresses this issue/question/problem.
Any response would be appreciated. Thanks again.
There any many ways, we can externalize the password
1. We can use any of vaulting tool
2. If you are using deployment pipe lines, then you can use pipeline secrets
3. We can configure secrets in server bash profile and we can keep place holder in properties
where is the .jks file
Starting at min 9:32-ish he starts to generate the jks file, it is generated in E:\ then the file is copy'd into the "Project Path". Soon as the file is pasted there the application will be able to find it as defined in the property "server.ssl.key-store:classpath:javaexpert.jks"
Hope that helps - I think it's right.