Skip to main content

Obfuscation Key

Description

Specifies an obfuscation key which is used to decrypt the 'OBF:' type entries.
The obfuscation key is a passphrase which can be used to perform key derivation to generate the key used to decrypt obfuscated entries.

Properties

The following table(s) describe the configuration properties for this component:

Name Type Constraints
obf_key string

Example

An obfuscated entry can be generated with the following command which requires OpenSSL 1.1.1 or newer:

echo -n "<configuration entry>" | openssl enc -aes256 \
    -pbkdf2 -pass pass:"<obfuscation key>" -md sha512 \
    -base64 

U2FsdGVkX19iBhlwc53+QkybjO6RjFHhSbz4VRudYHA=

This obfuscation key and obfuscated entry can be provided in the 
configuration YAML:

secrets:
  obf_key: "<obfuscation key>"
...
identity:
  oidc:
    client_secret: "OBF:U2FsdGVkX19iBhlwc53+QkybjO6RjFHhSbz4VRudYHA="