10.6:documentation:adm:confidential_storage

Confidential storage

To save sensitive data, a confidential storage solution has been created in the application. To read the data from this storage, one needs to know its owner (entity), and the key.

The storage is currently used for:

  • saving the identity password
  • saving the sensitive data in dynamic forms (which are used also for connectors configuration, etc.)
  • saving sensitive configuration items (coming soon)

The storage is encrypted by a key that is saved in the application property cipher.crypt.secret.key or in a file which is set in the application property cipher.crypt.secret.keyPath.

In default installation, CzechIdM doesn't contain any key. Remember therefore to set a key for crypt confidential storage before running your application in production mode.
In production mode, it is possible to change the key for crypting (encoding/decoding) values in confidential storage. For this purpose a new LRT (ChangeConfidentialStorageKey) was designed. LRT must be started after you have replaced the confidential storage key with a new one. As parameter the old key is given.
Search key order:
  1. The highest priority has value in property 'cipher.crypt.secret.key'.
  2. Second is file with a key on the path in property 'cipher.crypt.secret.keyPath'.

Example settings:

cipher.crypt.secret.key=someSuperSecretKey

or

cipher.crypt.secret.keyPath=/path/to/key/file

The key can be changed in production mode by a long running task ChangeConfidentialStorageKey. This task must be started when you have changed a key to a new one. As parameter the old key for confidential storage will be given.