Securing DB user/password #10595

FX-Liagre · 2022-03-04T14:02:54Z

FX-Liagre
Mar 4, 2022

On the Wildfly version, we were using initially picketbox SecureIdentityLoginModule to encrypt user/pwd in standalone.xml files.
We then switched to Elytron encrypted expressions on the latest releases of Keycloak.
But I cannot find anything in the Keycloak.X docs about such possibility.
And our customers' security guys (and DB admins...) tend to faint when you present them a config text file with clear text DB credentials... :-(

Is there anything I didn't found, or?...

pglavica · 2022-03-16T12:08:53Z

pglavica
Mar 16, 2022

Hi,

I also have the same issue.
Is there any INFO related to the matter?

Regards,
Patrik

0 replies

dfs- · 2022-03-29T14:47:40Z

dfs-
Mar 29, 2022

The only way currently is to use environment variables for the Keycloak process.
However this isn't really secure either, as the information can easily be read using tools (i.e. Process Explorer on Windows).

The same also applies to other secrets like the https-key-store-password (when using a pfx/p12).

1 reply

dfs- Apr 4, 2022

I created an issue ticket: #11089

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Securing DB user/password #10595

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

Replies: 2 comments 1 reply

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

Securing DB user/password #10595

Uh oh!

Uh oh!

FX-Liagre Mar 4, 2022

Replies: 2 comments · 1 reply

Uh oh!

pglavica Mar 16, 2022

Uh oh!

dfs- Mar 29, 2022

Uh oh!

dfs- Apr 4, 2022

FX-Liagre
Mar 4, 2022

Replies: 2 comments 1 reply

pglavica
Mar 16, 2022

dfs-
Mar 29, 2022