Obfuscation Key

secrets/obf_key

Specifies an obfuscation key which is used to decrypt the OBF:<data> type entries.

The obfuscation key is a passphrase which can be used to perform key derivation to generate the key used to decrypt obfuscated entries.

Example Steps:

An obfuscated entry can be generated with the following command which requires OpenSSL 1.1.1 or newer:

echo -n "<configuration entry>" | openssl enc -aes256
    -pbkdf2 -pass pass:"<obfuscation key>" -md sha512
    -base64

U2FsdGVkX19iBhlwc53+QkybjO6RjFHhSbz4VRudYHA=

This obfuscation key and obfuscated entry can be provided in the configuration YAML.

Property

NameTypeConstraints
obf_keystring

Example

secrets:
  obf_key: "<obfuscation key>"
  # ...
identity:
  oidc:
    client_secret: "OBF:U2FsdGVkX19iBhlwc53+QkybjO6RjFHhSbz4VRudYHA="

Did this page help you?