[keycloak-dev] application configuration idea

This is what an application configuration file looks like: { "realm" : "demo", "resource" : "product-portal", "realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADC", "auth-url" : "http://localhost:8080/auth-server/rest/realms/demo/tokens/login", "code-url" : "http://localhost:8080/auth-server/rest/realms/demo/tokens/access/codes", "ssl-not-required" : true, "credentials" : { "password" : "password" } } Notice that the credentials are in clear text. Admins will dislike this tremendously. What I propose is that you must obtain the application configuration file from the admin console. The configuration file would be encrypted using a hash of a password specific to the application. THe config file would then look something like this: { "realm" : "demo", "encryptedConfig" : "MIGMA0GCSqGS..." } Then, your server instance must be booted up via a system property or environment variable, i.e.: standalone.sh -Dkeycloak.myrealm.password=geheim The keycloak plugin would then decrypt the application config file based on this password. -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com