Could you help me please is that when generating the jar of my application it also packages the information of the database (Persistence.xml) next to some .properties files and this makes the application very vulnerable, I would like to know how I do to prevent this to add security to those files. I thank you for your collaboration and I have been with this problem for several days.
I will answer your question because I can think of a particular case in which the attacker would not have access to your server environment where your application runs, but to your code repository, although there are probably better ways to do it.
input=LOQUEQUIERESENCRIPTAR password=FRASESECRETA algorithm=PBEWITHMD5ANDDES , will generate a string of this style AbcVQvbRzZJ7uw00CahB3Q==
assuming you use hibernate, modify your persistence as follows
<property name="hibernate.connection.password" value="ENC(AbcVQvbRzZJ7uw00CahB3Q==)"/>
<property name="hibernate.connection.provider_class" value="org.jasypt.hibernate.connectionprovider.EncryptedPasswordC3P0ConnectionProvider"/>
<property name="hibernate.connection.encryptor_registered_name" value="hibernateEncryptor"/>
Register the encryptor in your context
EnvironmentStringPBEConfig config = new EnvironmentStringPBEConfig();
config.setPasswordEnvName("MY_SECRET");
StandardPBEStringEncryptor strongEncryptor = new StandardPBEStringEncryptor();
strongEncryptor.setAlgorithm("PBEWITHMD5ANDDES");
strongEncryptor.setConfig(config);
HibernatePBEEncryptorRegistry registry = HibernatePBEEncryptorRegistry.getInstance();
registry.registerPBEStringEncryptor("hibernateEncryptor", strongEncryptor);
now it's up to add an environment variable that is according to the previous code, that is to say it is called MY_SECRET
Assuming that you worry about someone entering your server and stealing that password from your environment variable, once you start your application you can delete it without problems
Source: link