Secure Database Connections in SAP HANA Express with Spring Boot

September 15, 2025

#1

This guide shows how to secure database connections between Spring Boot and SAP HANA Express using SSL and encrypted credentials.

1. Enable SSL in SAP HANA

Check if SSL is enabled:

SELECT * FROM SYS.M_SERVICES WHERE SSL_STATUS = 'ON';

If not, configure SSL in HANA settings and restart the instance.

2. Configure SSL in Spring Boot

Update application.properties:

spring.datasource.url=jdbc:sap://localhost:39015/?databaseName=HXE&encrypt=true&validateCertificate=false
spring.datasource.username=SYSTEM
spring.datasource.password=${DB_PASSWORD}
spring.datasource.driver-class-name=com.sap.db.jdbc.Driver

Here:

• encrypt=true → enables SSL.
• validateCertificate=false (set to true with proper cert).
• ${DB_PASSWORD} → password from environment variable.

3. Use Environment Variables

Never hardcode secrets. Run app with:

export DB_PASSWORD=MySecurePassword
mvn spring-boot:run

Spring will substitute the variable.

4. Use Spring Boot Config for Secrets

Alternatively, store secrets in application.yml:

spring:
  datasource:
    url: jdbc:sap://localhost:39015/?databaseName=HXE&encrypt=true
    username: SYSTEM
    password: ${DB_PASSWORD}

This allows secrets to be injected from environment or Kubernetes secrets.

5. Test the Connection

If configuration is correct, Spring Boot will connect to HANA over SSL.
Check logs for:

Connected to SAP HANA via secure JDBC connection

6. Extra Hardening Tips

• Use strong passwords and rotate them regularly.
• Use certificate validation in production (validateCertificate=true).
• Store secrets in a vault service (e.g., HashiCorp Vault, AWS Secrets Manager).