[keycloak-dev] KEYCLOAK-3205 Vault in Keycloak
Hynek Mlnarik
hmlnarik at redhat.com
Tue Jul 30 12:33:35 EDT 2019
Vault (read-only secure credential store) is a repeatedly requested feature
for Keycloak. A document that covers the vault design proposal has been
created in [1] and is ready for review by community.
The vault proposed in that design is intentionally simple. It should cover
use cases for passwords and other credential types that are currently
stored in database in plain text. It does not and is not intended to cover
write operations into the vault - writes should be managed by the tooling
around the vault. Externalizing encryption / decryption of secrets is also
not covered by this proposal and can follow once vault would be in place.
Review comments are appreciated.
--Hynek
[1]
https://github.com/keycloak/keycloak-community/blob/master/design/secure-credentials-store.md
More information about the keycloak-dev
mailing list