JDBC with Oracle (encrypted password)
The Spring Boot application does not encrypt data in transit.
Instead, it solves a configuration-secrets problem.
We store only an encrypted password inside application.properties
Store encryption key + iv in environment variables.
Decrypt the password only at runtime, in memory, just before creating the DataSource.
This follow common security guidance:
- secrets not in source control
- secrets injected via environment
- minimal exposure window in memory
1. Dependencies (pom.xml)
Oracle jdbc drivers are NOT in Maven Central.
They are typically pulled from Oracle Maven or a corporate repo.
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-devtools</artifactId>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>com.oracle.database.jdbc</groupId>
<artifactId>ojdbc8</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-jdbc</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-jdbc</artifactId>
</dependency>
2. Main application
package com.example.jdbc;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
@SpringBootApplication
public class DemoApp {
public static void main(String[] args) {
SpringApplication.run(DemoApp.class, args);
}
}
3. Appication properties
Add datasource configuration properties.
yml
spring.datasource.url=jdbc:oracle:thin:@ktp01t-ora.db.brd.ro:2482:KTP9UPGRD.exa.cloud.brd.ro
spring.datasource.username=gw
spring.datasource.password=p1Akt2ya1eVCn34WUfJtnpOiF3G0zA==
spring.datasource.driver-class-name=oracle.jdbc.OracleDriver
4. Runtime decryption configuration (oracle)
package com.example.jdbc.config;
import org.springframework.core.env.Environment;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.jdbc.datasource.DriverManagerDataSource;
import javax.sql.DataSource;
import com.example.jdbc.encryption.AES_GCM;
@Configuration
public class AppConfig {
@Autowired
private Environment env;
@Bean
public DataSource dataSource() throws Exception {
DriverManagerDataSource dataSource = new DriverManagerDataSource();
String encrypted = env.getProperty("spring.datasource.password");
String key = System.getenv("SB_ENCRYPT_PASSWORD_KEY");
String iv = System.getenv("SB_ENCRYPT_PASSWORD_IV");
String decrypted = AES_GCM.decrypt(encrypted, key, iv);
dataSource.setDriverClassName("oracle.jdbc.OracleDriver");
dataSource.setUrl(env.getProperty("spring.datasource.url"));
dataSource.setUsername(env.getProperty("spring.datasource.username"));
dataSource.setPassword(decrypted);
return dataSource;
}
}
5. REST controller
package com.example.jdbc.controller;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.jdbc.core.JdbcTemplate;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.bind.annotation.GetMapping;
import java.util.List;
import java.util.Map;
@RestController
public class DemoController {
@Autowired
private JdbcTemplate jdbcTemplate;
@GetMapping("/api/date")
public Object getdates() {
String sql = "select to_char(sysdate, 'yyyy-MM-dd') as current_date from dual";
List<Map<String, Object>> data = jdbcTemplate.queryForList(sql);
return data;
}
}
Test it
mvn spring-boot:run
curl http://localhost:8080/api/date
[{"CURRENT_DATE":"2026-04-07"}]
