Set java system properties without putting values on the command line

I have some java code that depends on the system attribute super secret. password. I need to set this property when running my application The application will be started by a shell script and the password will be saved in a file with minimum read permissions

I really don't want to write:

java -Dsuper.secret.password=letmein gov.fortknox.MyApp

Because anyone who can enter the machine and run PS or top can see what the password is

So, is there a good way to set system properties without exposing them on the command line?

The only general solution we propose is to write a small C program that reads system properties from a file, and then start the JVM using the JNI invocation API Needless to say, we are not keen to do so

If there is no way to set them without using the command line, is there a way to hide the command line from prying? We are using Red Hat Enterprise Linux server 5.5

It is worth mentioning that the application in question is actually JBoss EAP 4.3 0, we are using system properties to fill in the substitution construct (${like. This}) in its XML configuration file There are JBoss specific solutions – use systempropertieservice (configured by default through the properties-service.xml file in the deploy directory) or pass the - P option to run Sh. but I'm interested in the more general case, which may be any Java program

Solution

You can read the file somewhere near startup and call system setProperty(). For web applications, use servletcontextlistener for early occurrence, see this answer for quick examples

Update: this may not be early enough for JBoss to load its configuration file