Jeff Scott Brown recommended I start a discussion to answer this question based on a topic I posted on StackOverflow here:
Basically I have the following situation. I'm working with a large client that has multiple grails applications, and more in the pipeline. These applications are primarily internal to the customer, but some do face their external customers.
My client wants to encrypt some password information in each application to a varying degree. For instance, they want to encrypt the Database password referenced in their DataSource.groovy for their database. They also want to encrypt credentials used for some external service calls, and a few other items.
Originally, the client created a DES Codec that would serve most of these needs, but the Codec had a hard coded salt phrase, and thus all of their applications would have used the same "passphrase" so to speak for the encryption of every application if they used this codec everywhere.
After some discussion, I suggested that we look at creating a Codec Factory that will enable them to change the salt phrase and encryption algorithm for their applications based on some type of configuration. This way they can salt/pepper each application differently and switch algorithms depending on security and jurisdiction requirements (ie, DES for some older applications, AES-256 for domestic apps with JCE, AES-128 for some situations, etc.). I'm implementing this factory as a Grails plug-in so that it can be dropped easily into the clients other applications, and provide an easy replacement for the codecs they have currently.
My original thought, was to create a factory that used an ApplicationContextAware static class to access the grailsApplication config, I would then externalize the configuration I needed into Config.groovy (saltphrase, algorithm, etc.). As mentioned in the stackOverflow item above - this worked well for downline services, but the ApplicationContext wasn't available when the connection to the database was established at application launch. So I ran into a dead end at that point. I have a "fix" in place right now that stores the values in question in the application.properties file and has the factory pull the configuration from that location when a codec is requested.
This method is functioning ok, but seems kind of clunky (basically a POJO processing a config file on request, not very IoC-ish). I'm looking for the "correct" way to externalize configuration that might need to be available when the application is starting up.
Any help understanding this, or suggestions would be welcome.