Dan Vega

Using Environment Variables in Spring Boot

Managing sensitive information and configuration across different environments is a crucial aspect of modern application development. In this guide, we'll explore how to effectively use environment variables in Spring Boot applications to handle configuration and secure sensitive data.

Why Environment Variables Matter

When building Spring Boot applications, especially those that integrate with external services or databases, you'll often need to manage configuration values like API keys, database credentials, and service URLs. Hardcoding these values directly into your application code or even in configuration files can lead to security risks and deployment challenges.

Consider this problematic example:

@Service
public class ApiClient {
    private static final String API_KEY = "sk-1234567890abcdef"; // Don't do this!
}

Understanding Spring Boot's Environment Variable Support

Spring Boot provides robust support for environment variables through various property sources. Let's explore how to properly handle configuration using environment variables.

Using the @Value Annotation

The most straightforward way to access environment variables is using the @Value annotation:

@RestController
public class ApiController {
    @Value("${api.key}")
    private String apiKey;
    
    @GetMapping("/status")
    public String getStatus() {
        return "API Configured with key: " + apiKey.substring(0, 5) + "...";
    }
}

Setting Default Values

You can provide default values for cases where the environment variable might not be set:

@Value("${database.url:jdbc:postgresql://localhost:5432/mydb}")
private String databaseUrl;

Working with Environment Variables

There are several ways to provide environment variables to your Spring Boot application:

  1. System Environment Variables:
export API_KEY=your-secret-key
  1. Application Properties:
api.key=${API_KEY}
database.url=${DB_URL:jdbc:postgresql://localhost:5432/mydb}
  1. Command Line Arguments:
java -jar myapp.jar --api.key=your-secret-key

Using the Environment Interface

For more dynamic access to environment variables, you can use Spring's Environment interface:

@Service
public class ConfigService {
    private final Environment environment;
    
    public ConfigService(Environment environment) {
        this.environment = environment;
    }
    
    public String getConfigValue(String key) {
        return environment.getProperty(key);
    }
}

Best Practices and Security Considerations

  1. Never commit sensitive values to version control:
    • Use .gitignore to exclude local configuration files
    • Keep production credentials separate from development
  2. Use meaningful variable names:
    • Follow a consistent naming convention
    • Use prefixes to group related variables
  3. Validate environment variables on startup:
@PostConstruct
public void validateConfig() {
    Assert.notNull(apiKey, "API key must be configured!");
}
  1. Consider using encrypted properties for sensitive data:
    • Spring Cloud Config Server
    • Vault
    • AWS Secrets Manager

Development Workflow Integration

When developing locally, you can set environment variables in your IDE. For IntelliJ IDEA:

  1. Edit Run Configuration
  2. Add Environment Variables
  3. Apply and run

Example configuration:

API_KEY=dev-key-123
DB_URL=jdbc:postgresql://localhost:5432/devdb

Working with Multiple Environments

Spring Boot makes it easy to manage different configurations for various environments:

# application.properties
spring.profiles.active=${SPRING_PROFILES_ACTIVE:dev}

# application-dev.properties
api.url=http://localhost:8080

# application-prod.properties
api.url=${API_URL}

Conclusion

Environment variables are a crucial tool for managing configuration and securing sensitive data in Spring Boot applications. By following the practices outlined in this guide, you can build more secure and maintainable applications that can easily be deployed across different environments.

Remember:

  • Never hardcode sensitive information
  • Use environment variables for configuration that changes between environments
  • Provide clear documentation for required environment variables
  • Validate configuration at startup
  • Use meaningful variable names and follow consistent patterns

Next time you're tempted to hardcode that API key, remember that environment variables are your friend in keeping your application secure and configurable.

Happy coding! 🚀

spring-boot

Subscribe to my newsletter.

Sign up for my weekly newsletter and stay up to date with current blog posts.

Weekly Updates
I will send you an update each week to keep you filled in on what I have been up to.
No spam
You will not receive spam from me and I will not share your email address with anyone.