Expand my Community achievements bar.

SOLVED

What is the best practice for storing a private key?

Avatar

Level 4

I'm working on an AEM 6.5.9 servlet that needs to use a PKCS8 format private key to sign a JWT for a third-party application. This is not related to setting up SSL or other Adobe services. Can the private key file be stored in the crx-quickstart folder or is there a different preferred approach? And how do folks store private keys inside AEM as a Cloud Service?

1 Accepted Solution

Avatar

Correct answer by
Level 2

I would prefer to store this key under your java project as a resource file, package it as bundle and load it as when needed. Storing it on crx-quickstart exposes the private key and it is not secure.

View solution in original post

2 Replies

Avatar

Correct answer by
Level 2

I would prefer to store this key under your java project as a resource file, package it as bundle and load it as when needed. Storing it on crx-quickstart exposes the private key and it is not secure.