[keycloak-dev] Storage protection

[Bruno Oliveira]

> For the security manager, this is a compliment to other storage  
> protection mechanisms and not a replacement, correct?
> 

Correct

>  
> There would be a master password (or key) that is used to encrypt  
> clear
> text items in the database. password would be entered from command  
> line
> at startup, or grabbed from a secure property file.
>  
> I think that's the approach we should take. Unless you can argue  
> for a
> better solution?

Not really, this is a tricky problem to solve.