Until now, application was designed to pick the text password from file, but now came a requirement where the text format is not allowed to store in the YAML file. Because client doesn't want to let everybody know the password.
Is there any way I can store the encrypted password in the YAML file and then the application pick that encrypted password and then decrypt it and pass it to the target application(cloud)?
Doesn't the cloud service support an authentication standard such as OAuth? That way you don't have to mess around with passwords.
If you can decrypt a password, so can anyone else, so always use an non-decryptable scheme.
However, I believe that OP is talking about system credentials, that are part of an automated authentication process. One way to do automated authentication, of course, is to use SSH key authentication. But that won't work for everything. What if your company policy is to have a generic user assigned to your application, then you have to use that generic user's credentials for database connections and things like that? That's where tools like Jasypt come in handy. Like I said, I used this tool on past projects and it was fine for what we needed, and for a security-related application no less. Again, this is not and should be your only line of defense -- you should have a multi-layered security strategy to protect secrets and confidential assets.
What we did was to use Jasypt to encrypt the DB password and then keep the encrypted string in our application's config file. We integrated Jasypt into the application startup process where the operator had to key in the passphrase. We used randomly generated passphrases that were kept secure in password manager programs. We had a schedule for changing those passphrases at regular intervals and a process for distributing the password manager databases securely to people who needed them. For other cases, we kept the passphrases as environment settings on servers to which ACLs limited privileges and access.
Vault is a tool for securely accessing secrets. A secret is anything that you want to tightly control access to, such as API keys, passwords, or certificates. Vault provides a unified interface to any secret, while providing tight access control and recording a detailed audit log.
You can read about this project here https://www.vaultproject.io/intro/index.html
This integrates with Spring and Spring Boot fairly easily.