Review Necessity of Mandatory Encryption/Decryption for DB Authentication
- The encryption/decryption step is mandatory, but it's redundant and complicates overall development. https://community.opengroup.org/osdu/platform/domain-data-mgmt-services/production/core/dspdm-services/-/blob/main/src/dspdm-repo/dspdm-metadata-dao/src/main/java/com/lgc/dspdm/core/dao/util/datamodel/DataModelDataSourceImpl.java?ref_type=heads#L143
- CSPs are capable of keeping auth secrets securely.
- Keeping the key in the source code makes encryption/decryption thing useless. https://community.opengroup.org/osdu/platform/domain-data-mgmt-services/production/core/dspdm-services/-/blob/main/src/dspdm-common/src/main/java/com/lgc/dspdm/core/common/util/AESSecurityUtilsCCMImpl.java?ref_type=heads#L26
Edited by Rustam Lotsmanenko (EPAM)