Structure of an Encrypted Object
Encrypted objects and properties, such as passwords, include a $crypto
object, that has the following structure:
"password": { "$crypto": { "type": "x-simple-encryption", "value": { "cipher": "AES/CBC/PKCS5Padding", "stableId": "openidm-sym-default", "salt": "Gwi+AGrn+VBOTmyq+TTuuw==", "data": "+9i7XAXpWZBXYTVEOBkM+w==", "keySize": 16, "purpose": "idm.password.encryption", "iv": "4xtI88eFu5tgfm8ooq+yqQ==", "mac": "N1zsYo71M/b/G6iLOhNohA==" } } }
Most of the properties in the encrypted object value
are self-explanatory and indicate how the property was encrypted. Specific IDM properties include the following:
The
stableId
indicates the key alias that was used to encrypt the property value.The
purpose
refers to the secret ID used to encrypt the property value. For more information about secret IDs, see "Configuring Secret Stores".