[keycloak-dev] Secure Credentials Store

Ricardo Martin Camarero rmartinc at redhat.com
Mon May 27 08:48:30 EDT 2019


Hi Stian,

Remember that in EAP 7.1+ there is a new credential-store, vault is
considered legacy [1]. Think about using the credential-store API
instead of the vault.

Regards.


[1]
https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/migration_guide/index#migrate_secure_vaults_and_properties


On 5/27/19 1:24 PM, Stian Thorgersen wrote:
> Currently we recommend encrypting credentials at the database layer, but
> this is not well documented. It is also not a trivial thing to achieve and
> may have performance implications.
> 
> With that in mind we are planning to introduce a secure credentials store.
> It's very early days, but one thing is certain and that is we will
> introduce a Vault SPI to allow plug-ability.
> 
> To join the discussion read the initial notes around the subject here
> https://github.com/keycloak/keycloak-community/blob/master/design/secure-credentials-store.md
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
> 


More information about the keycloak-dev mailing list