Securing the Repository

Configuration data and, in most deployments, user data, are stored in the IDM repository. In production deployments, you must secure access to the repository, and encrypt sensitive stored data.

For JDBC repositories, use a strong password for the connection to the repository and change at least the password of the database user (openidm by default). When you change the database username and/or password, update your database connection configuration file (conf/datasource.jdbc-default.json).

For a DS repository, change the bindDN and bindPassword for the directory server user in the ldapConnectionFactories property in the repo.ds.json file.

In both cases, the password is encrypted on server startup, using the key specified in the idm.password.encryption secret ID in conf/secrets.json.

Read a different version of :