Database Secret Service

The Database Secret Service provides in-database encrypted storage of secret values. The service leverages Advanced Encryption Standard (AES) in Galois/Counter Mode (GCM) with no padding for encryption. For key derivation, it uses a Password-Based Key Derivation Function 2 (PBKDF2) algorithm with the Hash-based Message Authentication Code (HMAC) using the Secure Hash Algorithm (SHA)-256.

Configuration

Configuration of the Database Secret Service is done via environment variables, typically in your Tomcat context.xml file. The key and respective values are described in the table below:

Key	Value
`brightspot/cms/defaultSecretService`	The name of the default secret service. This is used in other keys below and is designated as `{name}`.
`brightspot/cms/secretService/{name}/class`	`com.psddev.cms.secret.DatabaseSecretService`
`brightspot/cms/secretService/{name}/key`	A secret key to be used for encryption. This could be any value, but should be treated as a password.

Previous Topic

Secure secrets configuration and usage

Next Topic

AWS Secret Service

Was this topic helpful?

Thanks for your feedback.

Brightspot Content Types Guide

The elements that get you up and running in a matter of days, from pre-built content types, to modules, to landing pages.

• Content types
• Modules
• Landing pages

Brightspot CMS User Guide

Everything you need to manage and administer content within Brightspot CMS, including plug-and-play integrations.

• Dashboards
• Publishing
• Workflows
• Admin configurations

Brightspot Developer Guide

A guide for installing, supporting and administering code on the Brightspot platform, including integrations requiring developer support to use.

• Field types
• Content modeling
• Rich-text elements
• Images