[keycloak-user] Encryption of OIDC client secret
Muein Muzamil
shmuein+keycloak-dev at gmail.com
Wed Apr 5 15:12:07 EDT 2017
For the realm keys, we have written a custom key provider to encrypt the
keys before storing them in the database. Basically, we generate some
derived keys based on master key (which we share between multiple instances
using docker volumes) and encrypt/decrypt realm keys using that.
So even if KeyCloak doesn't support encryption of the secrets (and other
sensitive information) out of the box, as long as it let us customize it,
we should be Ok.
Regards,
Muein
On Wed, Apr 5, 2017 at 9:11 AM, Bill Burke <bburke at redhat.com> wrote:
> Not right now. We'll eventually be implementing a vault to encrypt
> secrets and private keys. We were kinda hoping that admins would just
> make sure that their DB is secure.
>
> Just as a general survey question, how would you expect it to work?
>
>
> On 4/5/17 9:10 AM, Muein Muzamil wrote:
> > Hi,
> >
> > I noticed KeyCloak stores OIDC client secret in plain text in Database.
> Is
> > there a way to extend Keycloak so that we can encrypt OIDC secret before
> > storing it in DB?
> >
> > Thanks,
> > Muein
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
More information about the keycloak-user
mailing list