I want to sign a digest and I need to store the Hmac.So should I store it in application properties or make folder like src/main/conf/key-hmac.txt or what?
Or encrypt it and at runtime decrypt it. I am referring to github-code that say to Load keys from configuration text/json files in order to avoid to store keys as String in JVM memory.When I load the key it will be in memory right so it will be he same case.Or should I always read them from the file?