Secure the repository
Configuration data and, in most deployments, user data, are stored in the IDM repository. In production deployments, you must secure access to the repository, and encrypt sensitive stored data.
For JDBC repositories, use a strong password for the connection to the repository and change at least the password of the database user (openidm
by default). When you change the database username and/or password, update your database connection configuration file (conf/datasource.jdbc-default.json
).
For a DS repository, change the bindDN
and bindPassword
for the directory server user in the ldapConnectionFactories
property in the repo.ds.json
file.
In both cases, the password is encrypted on server startup, using the key specified in the idm.password.encryption
secret ID in conf/secrets.json
.