I'm deploying my Spring boot application into Heroku server via git deployment. There are passwords and api secrets in my application.yml. Those properties are encrypted with Jasypt. One thing I don't understand is: how to pass jasypt decryption password into deployed application for startup? Heroku has Config Vars, but they do not seem secure, considering that all of them could be revealed on the dashboard Is there a secure way to send a password into deployment?
the Config Vars is the accepted mechanism to pass runtime information to the apps upon deployment; It is pretty secure if the access to the Dashboard is controlled of course (those settings are never exposed or logged), only the owner can reveal the values.