Hi Pratyush,
There a many ways to be safe. Somehow related:
https://issues.apache.org/jira/browse/OFBIZ-11187HTH
Jacques
Le 31/08/2020 à 23:31, pratyush Giri a écrit :
> Hi Ofbiz Security Experts,
>
> Requirement: I have an encryption key. Where should I keep it?
>
> >From the various documentation and code review, I found that I can keep them in the entity "EntityKeyStore". Ideally per my understanding, the encryption key should be kept elsewhere so that in case the DB is compromised for any reason, the keys are not.
>
> What are the production instructions for storing the keys? Is it possible that I can keep the encryption key(s) in another System (say S3) and then use it? That way I do not have to store the keys in the same database whose data is encrypted with it.
>
> I know this is not a new problem, so I am hopeful that there are some solutions to this.
>
> Best,
> Pratyush