Keeping Secrets in Memory

It is a common practice to have to hold some form of secrets in memory i.e. access tokens, AWS keys etc. Grolifant has a service which makes it easier to keep these in a secure way. It is not a foolproof solution, but it does make it a lot harder to find secrets by dumping memory or logging them.

To this effect there is GrolifantSecurePropertyService. It is also directly accessible from a task that extends GrolifantDefaultTask as the getGrolifantSecurePropertyService() method.

If you need it anywhere else you can create access using the following code snippets

import org.ysb33r.grolifant5.api.core.plugins.GrolifantServicePlugin
import org.ysb33r.grolifant5.api.core.services.GrolifantSecurePropertyService

final Provider<GrolifantSecurePropertyService> theService

this.theService = (Provider<GrolifantSecurePropertyService>) project.gradle.sharedServices.registrations
    .getByName(GrolifantServicePlugin.SECURE_STRING_SERVICE).service

Usage

Encrypted content is stored as SimpleSecureString.

In order to pack a string use the pack method.

SimpleSecureString encoded = theService.pack('1213454') (1)

1	Pass a `String` or a `char[]`.

When you need to use the content, unpack it at the very last moment using the unpack method

char[] unencoded = theService.unpack(unencoded) (1)

1	The returned type is always a character array.