...
This is used to store the secret values. Currently, there is only one secret repository implemented within secure vault and it is called the FileBaseSecretRepository. It uses the <GREG_HOME>/repository/conf/security/cipher-text.properties
file, and stores aliases vs. their actual secrets in encrypted format (encrypted via a key in keystore). Any secret repositories can be written by implementing the SecretRepository and SecretRepositoryProvider classes.
...
- A file-base secret repository is used. (<
GREG_HOME>/repository/conf/security/cipher-text.properties
file). - Carbon Server's primary keystore is used for encrypting and decrypting passwords, which can be found in the <
GREG_HOME>/repository/resourcesconf/security/
folder. - DefaultSecretCallbackHandler (org.wso2.carbon.securevault.DefaultSecretCallbackHandler) is used as the password resolver for the keystore and the private key passwords of the Carbon server's primary Keystore.
- SecretManagerSecretCallbackHandler (org.wso2.securevault.secret.handler.SecretManagerSecretCallbackHandler) is used as the password resolver for all the secret values which are defined in the carbon configuration files.
...