When working with a light-4j application, there might be a lot of configuration files that need to be checked into the Git repository. For an open-source project, chances are you need to check the source code and configuration files to the public repository on the GitHub. If you have some sensitive information in one or more config files, you need to be really careful not to check the information to the public repository.
You can use the light-config-server to manage the config values without providing clear text config values in the configuration files; however, it is not very convenient to start the light-config-server locally. Although light-4j config files support encryption and decryption, it is still risky to check the encrypted password, key, etc. to the GitHub as somebody with computing power can brute force the sensitive info.
The best approach is to check in the config file with a variable template and then put replace it with a system environment variable during the runtime. In this case, we keep the secret locally on our computer and only replace the config value during the runtime.
In this tutorial, we are going to use the email-sender module to demo the usage. This module has a config file called email.yml with a password. We don’t want to reveal the password to the public GitHub repository, so we need to make the config file to use an environment variable.
Here is the content of the email.yml file.
# Email Sender Configuration
# Email server host name or IP address
# Email SMTP port number. Please don't use port 25 as it is not safe
# Email user or sender address.
user: norep[email protected]
# Email password
# Enable debug. Default to false.
# Enable Authentication. Default to true.
The pass default value is password but it can be replaced with an environment variable named NOREPLAY_EMAIL_PASSWORD.
To verify if it works, we need to create a test case to ensure it is working. The test case looks like the following.