What Are Secure Properties?
One of the best practices in any application development is to keep the application properties configurable rather than hard-coded. This is achieved by keeping the properties in property files. These application properties are very much required in order to run the application. There will be different sets of application properties defined for each environment, such as development, testing, and production. We have different types of properties defined in the property files, such as host, port, log level, timeout, etc.
However, there are many configuration properties (such as User, Password, AccessKey, SecretAccesskey, client id, client secret, etc.) that are quite security-sensitive in nature and can’t be kept as plain text in application property files. Just imagine, if we keep the credentials as clear text in the application property file, anyone can read this information and misuse it. This could be more disastrous if this information is exposed to hackers or bad actors.