This is a trick that I have used many times which I first learned about on – one of my favorite Java/Spring/Hibernate resources.

Just about any application will need to connect to external resources like databases, web services, file servers, and the like. And if you are working on a corporate application or in an environment were your source control system like SVN or GIT is not a safe place to keep passwords this can cause quite a security conundrum.

Enter Spring’s PropertyPlaceholderConfigurer class, one of the handiest little classes. It’s actually worth adding Spring in your application just to get access to this little gem. What this does is it allows you to load a properties file into your Spring configuration XML, and use its properties – thereby removing the sensitive content from the XML file.

Using it is very simple, place this bean in your Spring configuration XML:

   <property name="location" value=""> 

You can now use placeholders for any property within the properties file.
For example, let’s say the file contains:


You can then use this in your

<bean id="db" class="org.springframework.jdbc.datasource.DriverManagerDataSource"> 
   <property name="driverClassName" value="com.mysql.jdbc.Driver" /> 
   <property name="url" value="jdbc:mysql://localhost/example" /> 
   <property name="username" value="webuser" /> 
   <property name="password" value="${db.password}" /> 

Now to finish this off, don’t forget NOT to put you file into SVN/Git.
Generally what I do is add a to SVN, with all properties needed but without the actual passwords. Then I add itself to the SVN ignore list (just right click the file and add to svn:ignore). This way I can be sure I will never commit the file to SVN with the password still in it by mistake.

That’s it. I nice quick and easy way to get your system password out of your source code and source code repository.

If you want soem more inforkation and example of how to leverage PropertyPlaceholderConfigurer, check out’s PropertyPlaceholderConfigurer Example.