To save passwords, BCrypt is better than SHA hash

Pros

• Protect against rainbow table attacks (Generate different hashes with the same password)
• Resistant to brute-force attacks

Setup

Updating your dependencies

// build.gradle
dependencies {
  compile "org.springframework.security:spring-security-core"
}

Usage

...
user.passwordHash = BCryptPasswordEncoder().encode(password)
user.save()

fun login(userId:String, password: String): Boolean {
  ...
  if(!BCryptPasswordEncoder().matches(password, user.passwordHash)){
    return false
  }
  return true
}

See also

• Using AWS Secrets Manager with Spring Boot
• Truncate All Tables in Spring Boot
• Background Tasks with Spring Boot
• Spring JPA selecting specific columns
• How to access RDB with Spring Boot and Kotlin Various