Re: [keycloak-user] best way to save Keystore and Truststore passwords in standalone.xml?
It depends what do you mean exactly.
Keycloak uses Elytron subsystem from Wildfly [1] to setup TLS. The main
goal here is to configure Undertow HTTPS listener. You may probably use a
Secure Credential Store here [2] but I highly recommend to look some
Wildfly manuals up.
Keycloak also provides its own Truststore SPI (that requires a Trust
Store). I'm not exactly sure, but maybe it is possible to use Elytron
Credential Store and pass the password using some reference. Maybe @Peter
Skopek <pskopek(a)redhat.com> or @Pedro Igor Silva <psilva(a)redhat.com> could
help here.
[1] https://docs.jboss.org/author/display/WFLY/Using+the+Elytron+Subsystem
[2]
https://docs.jboss.org/author/display/WFLY/Using+the+Elytron+Subsystem#Us...
On Sat, Sep 7, 2019 at 7:03 PM Chris Smith <chris.smith(a)cmfirstgroup.com>
wrote:
How can the Keystore and Truststore passwords be reasonably saved?
Just
having them in plaintext in standalone.xml seems like kind of a "bad thing".
Keycloak is running as a specific Active directory user, so set standalone
as only accessible to that user and Domain Admins?
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user