Hi > The issue I'm trying to resolve is the following: currently the XML > configuration file from the server requires sec:keyManagers and > sec:keyStore entries which specify the keyPassword and keystore > password. > > I'd very much like to not have these passwords appearing in plain text > in the configuration file, but I'd also rather not have to prompt the > user for the password every time the server is restarted. Is it safe to > delete the file after the server has started up (assuming I generate a > new certificate every time I restart the server)? I tried this using > the sample server and it seemed to work fine: i.e. the server kept > running and serving requests even though the config file and the JKS > cert were moved after startup, I just want to make sure that wasn't a > fluke. > > I think the needed information is loaded in memory, so removing the config after the restart does not affect the current instance.
Spring property place holders should help with hiding the sensitive info, I tried the "spring property placeholder clear text passwords" combination and quite a few interesting links were found, Cheers, Sergey > Thanks, > -S > > > >
