In multi-tenant spring boot web application, I am loading tenant specific properties upon user login and keeping it in static Hashmap object as cache with tenant-id as key and properties object as value.
I have been advised to secure this cache as it contain sensitive data for long time. So I want a mechanism to keep this properties map encrypted all the time. Each tenant should be able to use its own tenant specific certificate to encrypt (when setting) and decrypt (when getting).
If I break it into multiple questions- 1) Is it good idea to secure such in-memory cache maps to prevent hacks? 2) Which library to use for encrypting/decrypting in-memory java objects? 3) How can I enforce user certificates to handle encryption/decryption?
TA
