DEV Community

Shubham Bhati
Shubham Bhati

Posted on

Spring Boot Security: Don't Expose That Sensitive Property

Ever found yourself accidentally committing sensitive keys or passwords to your Git repo? It's a common slip-up. In Spring Boot, the easiest way to avoid this for things like API keys or database credentials is to keep them out of your main application.properties or application.yml.

Instead, use environment variables. Spring Boot automatically picks them up. For example, if you have a property app.external.api.key, you can set an environment variable named APP_EXTERNAL_API_KEY.

Your application.properties would still declare it:

app.external.api.key=${EXTERNAL_API_KEY:default_fallback_key}
Enter fullscreen mode Exit fullscreen mode

This way, your code is clean, your repo is safe and you can manage your secrets per environment (dev staging prod) without touching the codebase.

Top comments (0)