Due to some GDPR rules required on our project we need to encrypt not only passwords or keys, but also other user data such as name, email, etc. Is there a possibility to define what user data should be encrypted in DB? If not what solution do you suggest?
1 Like
Is there any feedback for this question?
iâm looking for the same âproblemâ.
Iâd tried different way to implement it (without success):
- Create Custom SPI (it seems we havenât a factory to do thatâŚUserStoareProviderFactory seems not good for the goal or maybe i havenât an idea about his implementation
) - DB Level Encryption (it requires to make a lot of modifies on queries to use the correct function)
- Create an Extension to try to create a plugin to encrypt\decrypt user_entity datas any time a method call set\get methods. (i dunno how to to thisâŚif it can be do it XD).
Any ideas\suggestions? 
Thank you
Somebody managed to implement this feature?
Same thing, started with kc and now we are stuck at the encryption of data at rest⌠any Ideas?
Hi, is there any progress on this?
This is out of Keycloakâs scope, youâll have to use approaches/options your used database provides.
Per my slack message, this wonât/shouldnât happen in Keycloak. Use one of these options in the database, depending on your requirements PostgreSQL: Documentation: 16: 19.8. Encryption Options
1 Like
I made it, creating a custom JPA converter(implementing jakarta.persistence.AttributeConverter) + orml.xml
Also I created a custom JpaUserProvider to redefine the way to search in the database
@xalfonso how is your solution working for you? do you have any more information on how you achieved this and is there anyway you can share the code via github?