Re: [keycloak-user] Encryption of OIDC client secret
For the realm keys, we have written a custom key provider to encrypt the
keys before storing them in the database. Basically, we generate some
derived keys based on master key (which we share between multiple instances
using docker volumes) and encrypt/decrypt realm keys using that.
So even if KeyCloak doesn't support encryption of the secrets (and other
sensitive information) out of the box, as long as it let us customize it,
we should be Ok.
Regards,
Muein
On Wed, Apr 5, 2017 at 9:11 AM, Bill Burke <bburke(a)redhat.com> wrote:
Not right now. We'll eventually be implementing a vault to
encrypt
secrets and private keys. We were kinda hoping that admins would just
make sure that their DB is secure.
Just as a general survey question, how would you expect it to work?
On 4/5/17 9:10 AM, Muein Muzamil wrote:
> Hi,
>
> I noticed KeyCloak stores OIDC client secret in plain text in Database.
Is
> there a way to extend Keycloak so that we can encrypt OIDC secret before
> storing it in DB?
>
> Thanks,
> Muein
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user