I have java application that connects to other tools via API. currently all password are stored locally in the application.
I want to store them safely in database, hash password within database and decrypt when I retrieve passwords at run time. is this the best approach ?
thanks
You can use Asymmetric Cryptography or any other to store securely in database
I would create a Spring-Boot Application. Spring uses a BCryptEncoder /-decoder to store passwords in a database in a secure way.
If you don`t want to use Spring maybe the following link can help you.
https://www.stubbornjava.com/posts/hashing-passwords-in-java-with-bcrypt
Another alternative if only administrators have access to the server the application is running on is to provide the secrets (passwords) as environment variables.
The most basic way of accessing these is System.getEnv(String envKey). For example:
export SOME_ENV_VARIABLE="your secret"; java -jar yourapplication.jar;
If you're using AWS or something similar they often have tools for storing these secrets in a secure way.
You can use cryptographic hashing for storing password.
https://auth0.com/blog/hashing-passwords-one-way-road-to-security/
If you want additional security then you can add salt to hashing.
https://auth0.com/blog/adding-salt-to-hashing-a-better-way-to-store-passwords/
