What is the best practice for storing a private key? | Community
Skip to main content
A
AndySh4
Level 3
September 11, 2021
Solved

What is the best practice for storing a private key?

  • September 11, 2021
  • 2 replies
  • 1680 views

I'm working on an AEM 6.5.9 servlet that needs to use a PKCS8 format private key to sign a JWT for a third-party application. This is not related to setting up SSL or other Adobe services. Can the private key file be stored in the crx-quickstart folder or is there a different preferred approach? And how do folks store private keys inside AEM as a Cloud Service?

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by rocks

I would prefer to store this key under your java project as a resource file, package it as bundle and load it as when needed. Storing it on crx-quickstart exposes the private key and it is not secure.

2 replies

R
rocksAccepted solution
Level 2
September 11, 2021

I would prefer to store this key under your java project as a resource file, package it as bundle and load it as when needed. Storing it on crx-quickstart exposes the private key and it is not secure.

    joerghoh
    Adobe Employee
    joerghohAdobe Employee
    Adobe Employee
    September 12, 2021

    I would store a private key as an OSGI secret. Please check the docs at [1] for details.

     

    [1] https://experienceleague.adobe.com/docs/experience-manager-cloud-service/implementing/deploying/configuring-osgi.html?lang=en#when-to-use-secret-environment-specific-configuration-values

      Terms & ConditionsAccessibility statement

      Loading footer...