Hibernate ORM - Is it possible to have Hibernate use encrypted password to create EntityManager?

We’ve been exploring how Hibernate ORM uses the password when creating an EntityManager. It appears that Hibernate stores the password in clear text (in memory) by transferring the properties into an instance of ServiceRegistryBuilder, then masking the properties in the EntityManagerFactoryImpl.

We are looking for solution that enables us to send in an encrypted password for the database connection and have it used (in the clear) to connect, but stored in memory as an encrypted object like GuardedString or SecureString.

We have also looked at using something like this (but it appears that this is for encrypting decrypting data (properties) exposed on an Entity (not the passwords used to connect)

StandardPBEStringEncryptor strongEncryptor = new StandardPBEStringEncryptor();
HibernatePBEEncryptorRegistry registry = HibernatePBEEncryptorRegistry.getInstance();
registry.registerPBEStringEncryptor(“configurationHibernateEncryptor”, strongEncryptor);

Can anyone here help us clarify if what we’re trying to do is possible?

Thank you!

Better have Hibernate use a DataSource and handle this at the DataSource-level. I see you are using Jasypt, so you can use a DataSource proxy to handle the username/password setup.

Thank you vlad, wondering if you could expound upon what you’re reccomending? Is there a way (even with the DataSource Proxy) that would prevent hibernate from eventually storing the value internally.

Are you talking about using something like this from jasypt?

Try with the Jasypt ConnectionProvider and see if it fulfills your goal.

I agree, some DataSources, like Oracle, even have built in support for this.