Skip to main content

Encryption Key

Description

Specifies an encryption key which is used to decrypt the 'ENC:' type entries.
The encryption key is an RSA private key which can be used to decrypt entries which were encrypted using the corresponding RSA public key.
This entry must be a PEM representation of an RSA private key, beginning with '-----BEGIN RSA PRIVATE KEY-----' and ending with '-----END RSA PRIVATE KEY-----'.

Properties

The following table(s) describe the configuration properties for this component:

Name Type Constraints
enc_key string

Example

An RSA key pair can be created with the following commands:

Generate the RSA private key:

openssl genrsa -out private.pem 2048

Generate the corresponding public key:

openssl rsa -pubout -in private.pem -out public.pem

An encrypted entry can be generated with the following command using
the public key:

echo -n "<configuration entry>" | openssl rsautl \
    -encrypt -inkey public.pem -pubin | base64

oYpkxULIexyLR2wUl+mz6Nfki8Pd23Fv0buZZxAuh+Cq1A677NTZwmcWcWN9+MBBVJaISNM0uIVd33/n83Awf77Q/LXtjtzsk41Ux690YVsagh75n/BPk7Ca+4txzwB48yOrTKtIRVbNC2H+Rpa/7LMNSc1Zjez9PqNO4WIa323NzKA4y3Cx1h3DTKANrgsJgXDHNWNs/Ar9pPXxSeFNGmgnYRVtEZtN73IAMs8TzNJKNGkBkmr6vdZvlkjI6ebezJS1kawDvaKQ/C5GXdbpoaJE+JYgYsHDEZLpiasn0Ii4yt3HHNKpsX0UUBSIMO3di0brjJPoJFccVPHLDYgPlw==

This encryption key and encrypted entry can be provided in the 
configuration YAML:

secrets:
  enc_key: "<the RSA private key>"
...
identity:
  oidc:
    client_secret: "ENC:oYpkxULIexyLR2wUl+mz6Nfki8Pd23Fv0buZZxAuh+Cq1A677NTZwmcWcWN9+MBBVJaISNM0uIVd33/n83Awf77Q/LXtjtzsk41Ux690YVsagh75n/BPk7Ca+4txzwB48yOrTKtIRVbNC2H+Rpa/7LMNSc1Zjez9PqNO4WIa323NzKA4y3Cx1h3DTKANrgsJgXDHNWNs/Ar9pPXxSeFNGmgnYRVtEZtN73IAMs8TzNJKNGkBkmr6vdZvlkjI6ebezJS1kawDvaKQ/C5GXdbpoaJE+JYgYsHDEZLpiasn0Ii4yt3HHNKpsX0UUBSIMO3di0brjJPoJFccVPHLDYgPlw=="