Web Policy Agents 2023.11

Keys and secrets

Web Agent uses cryptographic keys for encryption, signing, and securing network connections, and passwords. The following sections discuss how to secure keys and secrets in your deployment.

Use strong keys

Small keys are easily compromised. Use at least the recommended key size.

For more information about strong encryption, refer to the documentation for the web server where the agent runs. For NGINX, for example, refer to Security controls.

Rotate keys

Rotate keys regularly to:

  • Limit the amount of data protected by a single key.

  • Reduce dependence on specific keys, making it easier to migrate to stronger algorithms.

  • Prepare for when a key is compromised. The first time you try key rotation shouldn’t be during a real-time recovery.

  • Conform to internal business compliance requirements.

Copyright © 2010-2023 ForgeRock, all rights reserved.