Encrypted objects
Encrypted objects and properties, such as passwords, include a $crypto
object, that has the following structure:
"password": {
"$crypto": {
"type": "x-simple-encryption",
"value": {
"cipher": "AES/CBC/PKCS5Padding",
"stableId": "openidm-sym-default",
"salt": "Gwi+AGrn+VBOTmyq+TTuuw==",
"data": "+9i7XAXpWZBXYTVEOBkM+w==",
"keySize": 16,
"purpose": "idm.password.encryption",
"iv": "4xtI88eFu5tgfm8ooq+yqQ==",
"mac": "N1zsYo71M/b/G6iLOhNohA=="
}
}
}
Most of the properties in the encrypted object value
are self-explanatory and indicate how the property was encrypted. Specific IDM properties include the following:
-
The
stableId
indicates the key alias that was used to encrypt the property value. -
The
purpose
refers to the secret ID used to encrypt the property value. For more information about secret IDs, refer to Secret stores.