Stores, certificates, and keys
Encryption makes it possible to protect sensitive data. IDM depends on encryption to negotiate secure network connections and to keep sensitive data confidential. Encryption in turn depends on keys which must be stored and secured. IDM stores keys in secret stores, and supports the following secret store types:
-
File secret stores, which have one file that stores many secrets
-
Filesystem secret stores, which have many files that each store one secret
-
Property secret stores, which store secrets in properties
-
Hardware Security Modules (HSM) secret stores, which involve security devices (for example, a YubiKey)
Filesystem and property secret stores may be in the following formats:
-
PEM
-
PLAIN
-
BASE64
-
BASE64URL
| In production environments, avoid using self-signed certificates and certificates associated with insecure ciphers. |