keycloak_quarkus: allow setting "sensitive options" using a Java KeyStore file
Closed this issue · 0 comments
hwo-wd commented
SUMMARY
As per https://www.keycloak.org/server/configuration#_setting_sensitive_options_using_a_java_keystore_file the idea is to set these three configuration properties/env variables:
KC_CONFIG_KEYSTORE
KC_CONFIG_KEYSTORE_PASSWORD
KC_CONFIG_KEYSTORE_TYPE
The idea is to set sensitive fields1 in the key store instead; for the time being, the PCI-DSS4 auditor wants to have
keycloak_quarkus_db_pass
in the keystore, to "provide an additional layer of obstruction"...
Note that this item is different to #172 as this one is about the configuration options, while the former is about a vault provider for client secrets etc.
ISSUE TYPE
- Feature Idea
Footnotes
-
these need to be in
keycloak.conf
though, since Quarkus doesn't seem to provide a similar option as of now. ↩