Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-14241

Using keycloak with Transparent Database Encryption (TDE)

    Details

    • Type: Feature Request
    • Status: Triage (View Workflow)
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: RH-SSO-7.4.0
    • Fix Version/s: None
    • Component/s: Database
    • Labels:
      None
    • Docs QE Status:
      NEW
    • QE Status:
      NEW

      Description

      Currently Keycloak is storing information in database, accessible in clear-text mode (apart from password).

      Some legal constraints require some of the critical database data to be encrypted at rest.

      Transparent Data Encryption (TDE) protects your critical data by enabling data-at-rest encryption in the database. It protects the privacy of your information, prevents data breaches and helps meet regulatory requirements including:
      -Payment Card Industry Data Security Standard (PCI DSS)
      -Health Insurance Portability and Accountability Act (HIPAA)
      -General Data Protection Regulation (GDPR)

      For example, Mysql is providing TDE encryption, like many other DB vendors
      https://www.mysql.com/products/enterprise/tde.html

      The requirement is to have keycloak working with Transparent Data Encryption (TDE) , in the same way as it is working with database is in clear-text

      It would good to provide documentation examples with explaining how to encrypt some of the attributes like username/password/email/last name/first name for some database providers.

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                misowa Michael Sowa
                Reporter:
                orivat_redhat Olivier Rivat
              • Votes:
                1 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated: