Confidential storage agenda
When you install a new instance of CzechIdM, a new key must be generated for crypting all the values in confidential storage. The key can be changed through a long running task ChangeConfidentialStorageKey, the LRT you must start after change crypt key, as parameter will be given old confidential storage key.
Agenda in Settings (left menu), where confidential storage values are readable. It is in read only mode, so values cannot be changed, removed or added some more. Confidential storage permission is needed, otherwise you cannot get in confidential storage agenda. You have to create a new role and in tab Permissions add permission (entity type = Confidential storage, permission = READ). Now any user with this role assigned has access to Confidential storage agenda.
The confidential storage is currently used for:
- saving the confidential values from EAV forms
- saving sensitive configuration items
The storage detail shows this information:
- Owner Id - Identifier of entity that owns a confidential storage value.
- Owner type - It's entity type of owner. If system entity has saved value, owner type is SysSystem. But if the value is in extended attribute of system, it is saved by extended attribute of system, so owner type would be SysSystemFormValue. It is shown in the previous picture.
- Key - It defines value. It is one third of identificator of value. To find one value, exact which we want, is needed key, owner id and owner type.
- Value - It is decrypted password.
- Creator - Identity that has created a confidential value.
- Created - Date when confidential storage value was created.