I am hosting my Spring boot application on Heroku using git deploy. I have a public git repository and have added my application.properties file to the .gitignore as it contains sensitive details such as an api key and database credentials.
What is the best way of handling this situation, am I able to upload the single application.properties file myself directly to Heroku? I don't want to use the Heroku config vars as I would rather stay platform independent.
I would recommend restoring your application.properties file and move your sensitive data to environment variables (You can read more at their official
documentation)
So, your properties file could look like:
datasource.username = ${DB_USER_NAME}
datasource.password = ${DB_USER_PASSWORD}
Moreover, you can split your configs by several profiles like dev, test or prod, in order to avoid setting those variables while developing or testing your application (You can read more about it here).
Then, you can use for example h2 in-memory database on the dev profile, and another database on the production.
Then, your application-dev.properties will look:
datasource.username = sa
datasource.password = not_so_secret_password
And, application-prod.properties:
datasource.username = ${DB_USER_NAME}
datasource.password = ${DB_USER_PASSWORD}
