Tagged articles

Configuration Security

4 articles · Page 1 of 1
Spring Full-Stack Practical Cases
Spring Full-Stack Practical Cases
Jun 20, 2026 · Backend Development

No Third‑Party Dependencies: Build a Custom Spring Boot Dynamic Decryption Component

The article explains how to protect database passwords and API keys in Spring Boot 3.5.0 by implementing a lightweight, third‑party‑free dynamic decryption component that encrypts values with AES, stores them with a {cipher} prefix, and decrypts them at pre‑refresh using a custom ApplicationContextInitializer.

AESConfiguration SecurityDynamic Decryption
0 likes · 8 min read
No Third‑Party Dependencies: Build a Custom Spring Boot Dynamic Decryption Component
Senior Xiao Ying
Senior Xiao Ying
Apr 30, 2026 · Backend Development

Stop Hardcoding Secrets: Secure Spring Boot Configurations with @SecretValue

This article explains why storing passwords and API keys in plain‑text configuration files is risky, outlines the three core principles of configuration security, and provides a step‑by‑step guide to using the @SecretValue annotation from the spring‑secret‑starter library to inject secrets safely from services such as AWS Secrets Manager.

@SecretValueAWS Secrets ManagerConfiguration Security
0 likes · 11 min read
Stop Hardcoding Secrets: Secure Spring Boot Configurations with @SecretValue
IT Xianyu
IT Xianyu
Jul 9, 2024 · Information Security

Encrypting Plaintext Passwords in SpringBoot Configuration Using Jasypt

This article explains how to protect sensitive database credentials in SpringBoot applications by encrypting passwords in configuration files, leveraging Jasypt and a custom BeanFactoryPostProcessor to transparently decrypt values at runtime.

Configuration SecurityJasyptPassword Encryption
0 likes · 8 min read
Encrypting Plaintext Passwords in SpringBoot Configuration Using Jasypt
Alibaba Cloud Native
Alibaba Cloud Native
Apr 19, 2024 · Information Security

Securing Nacos with Zero‑Trust: TLS, Encryption, and Access Control

This article explains how to protect Nacos configuration data by applying zero‑trust principles, covering transport encryption with TLS, storage encryption using plugins, and fine‑grained access control through authentication and RBAC, while providing practical configuration steps.

Access ControlConfiguration SecurityEncryption
0 likes · 18 min read
Securing Nacos with Zero‑Trust: TLS, Encryption, and Access Control