Layer7 API Management

  • 1.  ENCRYPT Client_Secret

    Posted Apr 10, 2018 06:14 AM

    Hello

    We are on the reflection on the protection of sensitive data on DB (i.e. Client_secret).

    For this security requirement, we need to encrypt the data in DB by the GW API component with a reversible algorithm like AES-256 or RSA-256, in order to be able to display its on the API portal after decrypting.   

     

    What are your advices or recommendations to implement these requirements to respond to the need??

     

     

    Thank

    best regards,



  • 2.  Re: ENCRYPT Client_Secret

    Broadcom Employee
    Posted Apr 10, 2018 06:50 AM

    this has been posted to the wrong community



  • 3.  Re: ENCRYPT Client_Secret

    Posted Apr 10, 2018 08:32 AM

    Tell me please in which community I have to post it?  I need advice



  • 4.  Re: ENCRYPT Client_Secret

    Broadcom Employee
    Posted Apr 11, 2018 06:56 PM

    I have already moved it to the right community.



  • 5.  Re: ENCRYPT Client_Secret

    Broadcom Employee
    Posted Dec 27, 2018 12:00 PM

    Good Afternoon,

     

    The details posted here may help:

     

    Encryption used in OAuth toolkit for storing access tokens and client secret 

     

    Regards,

    Joe