Expand my Community achievements bar.

SOLVED

What is the best practice for storing a private key?

Avatar

Level 4
Level 4
9/10/21 5:02:46 PM

I'm working on an AEM 6.5.9 servlet that needs to use a PKCS8 format private key to sign a JWT for a third-party application. This is not related to setting up SSL or other Adobe services. Can the private key file be stored in the crx-quickstart folder or is there a different preferred approach? And how do folks store private keys inside AEM as a Cloud Service?

Views

1.1K

Replies

2
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Level 2
Level 2
9/10/21 5:09:20 PM

I would prefer to store this key under your java project as a resource file, package it as bundle and load it as when needed. Storing it on crx-quickstart exposes the private key and it is not secure.

View solution in original post

Views

1.1K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
2 Replies

Avatar

Correct answer by
Level 2
Level 2
9/10/21 5:09:20 PM

I would prefer to store this key under your java project as a resource file, package it as bundle and load it as when needed. Storing it on crx-quickstart exposes the private key and it is not secure.

Views

1.1K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
Related Conversations
MockSlingHttpServletRequest how to set a selector Solved

Views

124

Likes

0

Replies

2
Clarification for the DispatcherUseProcessedURL attribute Solved

Views

142

Likes

0

Replies

4
can somebody please explain the use of the workflow model in /var? Solved

Views

154

Likes

0

Replies

3
I'm encountering an error when adding my component to a page and trying to view it in publish mode Solved

Views

208

Likes

0

Replies

7
Something wrong with <Private-Package>or <Import-Package> when trying to add PDFBox

Views

54

Likes

0

Replies

1