Hiding secrets from being printed on Console

Hi I have recently started using Hashicorp Vault . I am using a java program (using Java vault driver )to read and write static secret to vault . When I do System.out.println(username) , I get to see my secret in the console. Doesn,t that defeat the purpose of using Vault .

How can I read my secret so that I can use this secret ( like username and password ) or other sensitive information in my code but it doesnt get printed when someone tries to print it .

Vault can’t prevent you from disclosing your own secret once it’s in your application code. I’m not sure how you think that could work.

You should do some research on best practice for managing secrets in memory in Java. Last time I looked, this included storing them in char[] vs. String so they could be zero’d after use and the risk of accidentally printing them was reduced (toString for char[] is type/hashcode).

2 Likes

Thanks. I will look into it