[keycloak-dev] Secure Credentials Store

Stian Thorgersen sthorger at redhat.com
Mon May 27 09:38:47 EDT 2019


The Vault SPI we provide will be a Keycloak specific API and will not have
anything to do with APIs provided by EAP. We may provide a provider that
integrates with EAP credential-store, but that is also probably unlikely
due to most likely moving away from EAP in the future we don't want to tie
to much to the underlying container.

On Mon, 27 May 2019 at 14:48, Ricardo Martin Camarero <rmartinc at redhat.com>
wrote:

> Hi Stian,
>
> Remember that in EAP 7.1+ there is a new credential-store, vault is
> considered legacy [1]. Think about using the credential-store API
> instead of the vault.
>
> Regards.
>
>
> [1]
>
> https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/migration_guide/index#migrate_secure_vaults_and_properties
>
>
> On 5/27/19 1:24 PM, Stian Thorgersen wrote:
> > Currently we recommend encrypting credentials at the database layer, but
> > this is not well documented. It is also not a trivial thing to achieve
> and
> > may have performance implications.
> >
> > With that in mind we are planning to introduce a secure credentials
> store.
> > It's very early days, but one thing is certain and that is we will
> > introduce a Vault SPI to allow plug-ability.
> >
> > To join the discussion read the initial notes around the subject here
> >
> https://github.com/keycloak/keycloak-community/blob/master/design/secure-credentials-store.md
> > _______________________________________________
> > keycloak-dev mailing list
> > keycloak-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-dev
> >
>


More information about the keycloak-dev mailing list