Where/how do you store application secrets(password, API KEY) in Spring Boot application

Question

I want to encrypt sensitive data in application properties. I will use AES algorithm to encrypt/decrypt data. The key to decrypt will be stored in ENV variables, accessing this key requires the same privileges as modifying production application.

What do you think about this approach?

How do you protect sensitive data?

Answer 1

There are many ways:

1. Spring Cloud Config
2. Spring Cloud Config Vault
3. Not store them at all and provide them via environment variables/files/whatever at run time
4. I'm sure there are other ways

This is really too broad of a topic for Stackoverflow and is not really specific to Spring Boot or anything in particular.