[
https://issues.apache.org/jira/browse/SYNCOPE-1510?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16973386#comment-16973386
]
ASF subversion and git services commented on SYNCOPE-1510:
----------------------------------------------------------
Commit 8fcf318829ece1f077424815c4c3687a38a01ab5 in syncope's branch
refs/heads/2_1_X from Francesco Chicchiriccò
[ https://gitbox.apache.org/repos/asf?p=syncope.git;h=8fcf318 ]
[SYNCOPE-1510] Secret key can now also be referenced as Spring property +
option to store encrypted and read cleartext
> Allow to store encrypted schema's secret key externally
> -------------------------------------------------------
>
> Key: SYNCOPE-1510
> URL: https://issues.apache.org/jira/browse/SYNCOPE-1510
> Project: Syncope
> Issue Type: Improvement
> Components: console, core, enduser
> Reporter: Francesco Chicchiriccò
> Assignee: Francesco Chicchiriccò
> Priority: Major
> Fix For: 2.1.6, 3.0.0
>
>
> Encrypted plain schema's secret key is used to encrypt the related attribute
> values.
> Currently, such key is stored alongside with other plain schema's definition
> items, as cipher algorithm for example.
> While functional, such approach breaks some security compliance rules, as (1)
> algorithm (2) secret key and (3) encrypted value are all in the same place
> (Syncope's internal storage).
> We should introduce the possibility to store at least the secret key in
> another place.
> Moreover, we could also consider, in the schema definition, a conversion
> pattern which allows, when set, to decrypt the values (if algorithm is
> compatible) for REST access; among other use cases, this would allow to
> transparently edit via Admin Console / Enduser UI the related attributes.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
