[keycloak-dev] Private Key encryption
Alarik Myrin
alarik at zwift.com
Tue Aug 26 20:52:48 EDT 2014
Does anyone think it would be a good idea to store the private key
encrypted? This would require a separate secret, presumably stored in a
configuration file, or using the PicketLink Vault Tool, to decrypt the
private key for use. Anyone who can get the private key can start issuing
access tokens to whatever resources they want.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20140826/c16fe3ea/attachment.html
More information about the keycloak-dev
mailing list