[keycloak-dev] Customizing UserEntity to encrypt personally identifiable information

Aaron Harnly aharnly at amplify.com
Thu Jun 23 14:35:43 EDT 2016


Hi there,

I'm on Day 1 of looking at Keycloak, although some colleagues have been
using it successfully. Please forgive the naiveté of the question, but I'd
love confirmation that I'm on the right track.

I'd like to ensure that user email addresses, names, and usernames are
encrypted by the KeyCloak application before persisting to a relational
store.

org.keycloak.models.jpa.entities.UserEntity is pretty obviously the place
to do that – the natural question is, what is the best way for me to
provide a slightly customized UserEntity.java in which I can do my desired
encryption/decryption?

My initial scan of docs and repo suggests one of the following:

1) Create a UserProvider analogous to the JpaUserProvider, but with my own
UserEntity subclass.
2) If needed, follow the approach described in this thread[1] from November
to implement a custom Hibernate EntityManager, but I don't think that's
necessary for my case, and don't yet fully understand that.
3) Something else.

[1] http://lists.jboss.org/pipermail/keycloak-dev/2015-November/005745.html

Thoughts or advice appreciated!
Aaron
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20160623/1719d72e/attachment.html 


More information about the keycloak-dev mailing list