06-29-2023, 02:01 PM
I have an application that has an image upload feature, the images are stored on a 3rd party service which is basically an SFTP server. The credentials for accessing this storage were initially hard-coded in the java service class itself, and to secure it, I am planning to keep the SFTP server credentials in a password vault(CyberArk) and then retrieve the credential programmatically (when the application starts up) using the cyberArk REST API and certificate auth method. After retrieving the credentials from the vault, I plan to keep the password in memory and use it for subsequent communication with the SFTP server. Is this the correct approach? Or will this still be a security risk?
Note1: this is a Java Struts2 application and deployed as a war on JBoss server.
Note2: I read in some places that its safer to use char array instead of a string to store a password, but not sure if that is enough.