howto encrypt passwords in configuration files, grails [and java]

I am looking for a step-by-step how to on securing passwords put in configuration files, in grails. This means securing passwords in Config.groovy and DataS开发者_如何学JAVAource.groovy. There are a lot of google results that contains bits and pieces of the answer, but no concise guides on how to do this. Can someone please point me in the right direction? Thanx

For Config.groovy, you could always just encrypt the password some way and then put that hash in Config.groovy, manually. When you need to use it in your code, have some code to decrypt it for you. Doesn't seem that hard.

DataSource.groovy is a different animal, however, since it is fed into the Hibernate API for you. I did see some code like this on the interwebs and it seems like it is headed in the right direction...

dataSource { 
   pooled = false 
   driverClassName = "org.hsqldb.jdbcDriver" 
   username = "sa" 
   password =  someEncryptionApiObject.decrypt(propertyFile.readProperty("MyPassword")) 
} 

...where you would encrypt the property file containing the data you need, and decrypt when needed.

The question is: against what do you want to protect your config file? One possiblity would be to use file system encryption. Another one would be to encrypt the file with a strong password and ask for the password, when the applications starts. But consider that the application can not be restarted then without entering again the password!

Take a look at the Apache httpd documentation to see how Apache handles the same problem.

Config.groovy and DataSource.groovy is not a configuration file, it's a configuration class. Compiled results are direct not readable.

Update

The use a obfuscation tool on your config classes. Here is a list.