Protect IDM Data
Beyond relying on end-to-end availability of TLS/SSL to protect data, IDM also supports explicit encryption of data that goes on the network. This can be important if the TLS/SSL termination happens prior to the final endpoint.
IDM also supports encryption of data stored in the repository, using the symmetric keys specified in conf/secrets.json
. This protects against some attacks on the data store. Explicit table mapping is supported for encrypted string values.
IDM automatically encrypts sensitive data (such as passwords) in configuration files, and replaces clear text values when the system first reads the configuration file. Take care with configuration files that contain clear text values that IDM has not yet read and encrypted.