Because hard-coding the encryption key in the mapping does not sound like a very good idea, we will use the PostgreSQL support for user-defined settings instead.
So, the encrypt.key is stored in postgresql.conf configuration file:
encrypt.key = 'Wow! So much security.'
Note that storing the encryption key in the postgresql.conf configuration file is just to avoid hard-coding it. This is not meant to be used in a production environment, where a Security expert should advise you about the best way to store this very sensitive info.
When persisting a Vault entity:
Vault user = new Vault();
Hibernate is going to encrypt the column, so if you select it with a native SQL query:
The storage attribute is properly decrypted back to the original value.
If you enjoyed this article, I bet you are going to love my Book and Video Courses as well.
As I explained in my book, High-Performance Java Persistence, if you don’t take advantage of the underlying JPA provider or relational database capabilities, you are going to lose lots of features, like easy-peasy encryption.
Based on my book, High-Performance Java Persistence, this workshop teaches you various data access performance optimizations from JDBC, to JPA, Hibernate and jOOQ for the major rational database systems (e.g. Oracle, SQL Server, MySQL and PostgreSQL).
The SQL Master Class for Java Developers training is aimed to level up your SQL skills with techniques such as Window Functions, recursive queries, Pivoting, JSON processing, and many other database querying features supported by Oracle, SQL Server, MySQL, or PostgreSQL.