Brightspot CMS Developer Guide

Database Secret Service

The Database Secret Service provides in-database encrypted storage of secret values. The service leverages Advanced Encryption Standard (AES) in Galois/Counter Mode (GCM) with no padding for encryption. For key derivation, it uses a Password-Based Key Derivation Function 2 (PBKDF2) algorithm with the Hash-based Message Authentication Code (HMAC) using the Secure Hash Algorithm (SHA)-256.

Configuration of the Database Secret Service is done via environment variables, typically in your Tomcat context.xml file. The key and respective values are described in the table below:

Key Value
brightspot/cms/defaultSecretService The name of the default secret service. This is used in other keys below and is designated as {name}.
brightspot/cms/secretService/{name}/class com.psddev.cms.secret.DatabaseSecretService
brightspot/cms/secretService/{name}/key A secret key to be used for encryption. This could be any value, but should be treated as a password.
Previous Topic
Secure secrets configuration and usage
Next Topic
AWS Secret Service
Was this topic helpful?
Thanks for your feedback.
Our robust, flexible Design System provides hundreds of pre-built components you can use to build the presentation layer of your dreams.

Asset types
Module types
Page types
Brightspot is packaged with content types that get you up and running in a matter of days, including assets, modules and landing pages.

Content types
Landing pages
Everything you need to know when creating, managing, and administering content within Brightspot CMS.

Admin configurations
A guide for installing, supporting, extending, modifying and administering code on the Brightspot platform.

Field types
Content modeling
Rich-text elements
A guide to configuring Brightspot's library of integrations, including pre-built options and developer-configured extensions.

Google Analytics
Apple News