SEC-3123: Encrypted property value support

[spring-projects-issues]

sreekanth (Migrated from SEC-3123) said:

Its good to have encrypted property value support for property file, now we have to use jasypt to enable this functionality unfortunately jasypt doesn't have support for @propertysource (java config). Though jasypt support or not its good to have it as a part of spring or spring security framework itself, since it adds value to the end user by not fiddling with third party libraries. So primary request is to do a inbuilt support for encrypted property value in spring/spring security framework.

[spring-projects-issues]

Rob Winch said:

Moving to Spring Security for consideration

[spring-projects-issues]

Sam Brannen said:

Please note that this is related to the following issues.

• SPR-8963
• SPR-8928
• SPR-10666
• SPR-12635

[kazuki43zoo]

👍

[sreekanthsnair]

@rwinch thanks for taking it up, is this improvement in streamline ?

[rwinch]

@sreekanthsnair Thanks for the comment. @pivotal-joe-grandja is taking this on

[sreekanthsnair]

Thanks @rwinch and @pivotal-joe-grandja 👍

[sreekanthsnair]

@jgrandja any updates on this ?

[jgrandja]

@sreekanthsnair Unfortunately there hasn't been any movement on this as of yet. I've been working on other higher priority items. Will update you as soon as work starts on this.

[rwinch]

@sreekanthsnair FYI...There are initial efforts on extracting a spring-vault project from spring-cloud-vault that is likely going to support encrypting properties w/ vault

cc @jgrandja

[sreekanthsnair]

@jgrandja thanks for your kind update, @rwinch in fact i saw spring-cloud update regarding supporting encrypted properties that's the reason i've requested here for an update and its nice to see its been addressed. thanks... 👍

[AmruthaMishra]

Is there a way i can use encryption for my datasource without using spring cloud @sreekanthsnair
Due to security standards i have to encrypt the password and i am stuck.
Thanks!!