new spring boot application using spring data jpa and we need to connect oracle DB without password set in spring.datasource.password instead need to use connectionProperties with javax.net.ssl.truststore file and javax.net.ssl.truststorePassword.
please help me how we can go with approach to connect DB with spring data jpa?
existing application used same without DB password but used certificate to connect DB in jdbc template.
spring.datasource.url
spring.datasource.driverClassName
spring.datasource.username
// No DB password here but we need to use certificates
javax.net.ssl.truststore = load cert file from file path
javax.net.ssl.trustStoreType
javax.net.ssl.truststorePassword = load encrypted cert password from file path
Can you check the details in the blog? You do need the password along with the certificate. Certificate is to enable stronger security with SSL but not to eliminate database password.
You can leave oracle bound to localhost and use SSH tunnel on spring to connect to it.
On the Oracle server use key to connect ssh instead of password.
Check out this: https://stackoverflow.com/a/71766760/4903232
Related
I have a small doubt. I need to connect Spring Cloud Config Server with JDBC Backend. But the credentials to connect to the DB aren’t readily available. The real password has to be retrieved from Cyberark using a nickname and I have relevant Java Code for the same. I need a mechanism where this deciphered Password and Username can be used for setting the datasource of the Spring Cloud Config Server. Is this possible?
I have a spring application that I need to connect to a MongoDB. This connection uses TLS with a self-signed certificate.
I can connect to this database without any problem using Mongo3T with the SSL protocol without PEM file.
I can connect via mongo commandline:
mongo --tls --tlsAllowInvalidCertificates mongoDB://user:pass#host:443/dbname
Without issue.
However if I configure my yml file with
spring.data.mongodb.uri : mongodb://user:pass#host:443/dbname?tls=true&tlsAllowInvalidCertificates=true
It does not connect, and I get a CertificateException:No name matching hostname.
What am I doing wrong? Could it be that tlsAllowInvalidCertificates is not supported for this driver?
Thanks
We have a spring-boot 2 application that connects to db2 database via DAOs. The current application uses application.properties to store the credentials, like this:
spring.datasource.url=jdbc:db2://127.0.0.1:50000/bcupload
spring.datasource.username=db2user
spring.datasource.password=mysecretpa$$
spring.datasource.driver-class-name=com.ibm.db2.jcc.DB2Driver
I would like to store username and password in Hashicorp Vault and retreive it at runtime using Spring Cloud Vault facilities.
I've examined this example from Spring Guides but I'm not understanding what to do with these values I retrieve them from the Vault. How do convert them to properties that Spring Boot uses when connecting to my db2 data source?
Add the same property in vault and connect to Vault with Spring-cloud-vault Library. Have all Vault related configurations in
bootstrap.yml
Not required to convert that as a property. Above mentioned steps are enough
So I've been researching on how to connect to postgres safely using a BasicDataSource from Apache, a Tomcat webserver, and a spring properties file in a Spring App(application.properties/application.yml).
Some suggests to encrypt the property file, and then in runtime decrypt it, but I'm not convinced on how that is safe since someone can use the same decryption to decrypt the password from the properties file
Another suggests to use SSL to connect without a password, which I can't find a clear example on how to actually do this, especially when incorporating JDBC through spring Jdbc and BasicDatasource.
Another suggests to store an encrpyted password that can't be decrypted from the application server, but can be from the postgres server and thus it's safe.
The last suggestion is encryption with a secret as an Environment Variable which is used in the encryption process and decryption process, but isn't that also just as bad since the hacker can see the environment variables if he/she logged in.
I am unsure of how to accomplish a secure connection to postgres with tomcat that is hosting a Spring Boot Web application(packaged to WAR) and would like to request someone's advice or even better, instructions on how they set it up.
I've got user in Oracle DB which is created as "identified externally" and logs in via Kerberos. Is it possible to configure WAS7 DataSource to establish connection under this user?
When user in Oracle is created as "identified by password" there is no problems, I just create in WAS7 JAAS J2C Authentification Data and set it as "Component-managed authentification alias".