How do you avoid storing passwords in version control?

Question

What strategy do you use to avoid storing passwords in version control?

Currently, I have development/test/production passwords saved in three different files and th

Answer 1

Environment-specific configuration properties I tend to put in, say, a properties file that isn't in source control and isn't part of the build process. When setting up a new environment, part of that setup is to put create that properties file that includes things like database addresses, credentials and names, names of relevant remote hosts and so on.

In Spring you use the PropertyPlaceholderConfigurer to load the properties file. It just needs to be findable by Spring, which usually just means putting it in an appropriate directory under the application server.

Alternatively, you use wrapper to run the application server and the JVM startup options include adding these properties files to the classpath so Spring can find them.