This sounds interesting, would you mind sharing the code? :)
Cheers,
Thomas
2017-04-05 21:12 GMT+02:00 Muein Muzamil <shmuein+keycloak-dev(a)gmail.com>:
For the realm keys, we have written a custom key provider to encrypt
the
keys before storing them in the database. Basically, we generate some
derived keys based on master key (which we share between multiple instances
using docker volumes) and encrypt/decrypt realm keys using that.
So even if KeyCloak doesn't support encryption of the secrets (and other
sensitive information) out of the box, as long as it let us customize it,
we should be Ok.
Regards,
Muein
On Wed, Apr 5, 2017 at 9:11 AM, Bill Burke <bburke(a)redhat.com> wrote:
> Not right now. We'll eventually be implementing a vault to encrypt
> secrets and private keys. We were kinda hoping that admins would just
> make sure that their DB is secure.
>
> Just as a general survey question, how would you expect it to work?
>
>
> On 4/5/17 9:10 AM, Muein Muzamil wrote:
> > Hi,
> >
> > I noticed KeyCloak stores OIDC client secret in plain text in Database.
> Is
> > there a way to extend Keycloak so that we can encrypt OIDC secret
before
> > storing it in DB?
> >
> > Thanks,
> > Muein
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user(a)lists.jboss.org
> >
https://lists.jboss.org/mailman/listinfo/keycloak-user
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user