- By default, config secrets are stored in a JCEKS key store in the instance directory. The key store is automatically created using a random password.
JCEKS aliases
JCEKS key stores only support lower case aliases. Hence when using the default JCEKS key store implementation all aliases will be converted to lower case.
- All information required by IAM is stored in two files:
- A property file defining how to store the sensitive config values and what password to use:
cat instances/auth/sensitive-values.properties # This file has been created automatically. # Caution: changing this file may result in the loss # of the sensitive values stored for this instance. sensitive-values-provider = com.airlock.iam.sensitivevalues.application.service.JceksSensitiveValuesProvider jceks-keystore-path = instances/auth/sensitive-values.jceks jceks-keystore-password = 9AxF5bhUDYYyNWVpQTgB26W7rtcyKvtN
instances/auth/sensitive-values.jceks
sensitive-values-provider
" you can store the secrets differently (e.g. in an HSM).Example: Password for DB connection referenced in XML
<plugin class="com.airlock.iam.core.misc.impl.persistency.db.HikariCpDataSource" id="H2 Database Connection (Default Config)" uuid="f0d2a309-8eb4-4574-a622-503d6e5f47be"> <property name="driverClass">org.h2.Driver</property> <property name="password" secureExternalStorageId="db-password"/> <property name="url">jdbc:h2:tcp://localhost:9001/medusadb</property> <property name="user">medusa</property> </plugin>