[keycloak-dev] Private Key encryption
Alarik Myrin
alarik at zwift.com
Tue Aug 26 21:08:42 EDT 2014
...sorry, and by "private key" I mean the realm private key.
On Tue, Aug 26, 2014 at 8:52 PM, Alarik Myrin <alarik at zwift.com> wrote:
> Does anyone think it would be a good idea to store the private key
> encrypted? This would require a separate secret, presumably stored in a
> configuration file, or using the PicketLink Vault Tool, to decrypt the
> private key for use. Anyone who can get the private key can start issuing
> access tokens to whatever resources they want.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20140826/45a4cef8/attachment.html
More information about the keycloak-dev
mailing list