Configuring ACP encryption keys
Instructions on configuring ACP encryption keys
ACP encrypts sensitive data, such as client secrets or identity provider credentials, and stores it as JWE in the database.
There are two ways to configure encryption keys in ACP.
This way you can configure a single key only.
--secret-id to set the secret ID and
--secret-key to set the key in ACP start command.
Follow this way if you need to rotate a key.
--secret-key flags and add the following code to your config:
secrets: - id: "2" key: "FmIQrzqf7dT57SjVH3g52SEVx45WH9pE" - id: "1" key: "ExsrFU9usNyaUbLlIRZE8Zygw1Lq14nn"
Master key vs rotated key
The first key is a master key used for encryption. The other keys are the rotated keys and are used to decrypt data encrypted using the old master key.
To rotate the encryption key, add a new key to the list of secrets keys in config.
The new encryption key needs to be the first key on the list.
Make sure that all keys have unique IDs.