Is it possible to set data encryption in DB in Keycloak settings

Due to some GDPR rules required on our project we need to encrypt not only passwords or keys, but also other user data such as name, email, etc. Is there a possibility to define what user data should be encrypted in DB? If not what solution do you suggest?

1 Like

Is there any feedback for this question?

i’m looking for the same “problem”.
I’d tried different way to implement it (without success):

  1. Create Custom SPI (it seems we haven’t a factory to do that…UserStoareProviderFactory seems not good for the goal or maybe i haven’t an idea about his implementation :smiley: )
  2. DB Level Encryption (it requires to make a lot of modifies on queries to use the correct function)
  3. Create an Extension to try to create a plugin to encrypt\decrypt user_entity datas any time a method call set\get methods. (i dunno how to to this…if it can be do it XD).

Any ideas\suggestions? :slight_smile:

Thank you

Somebody managed to implement this feature?

Same thing, started with kc and now we are stuck at the encryption of data at rest… any Ideas?

Hi, is there any progress on this?

This is out of Keycloak‘s scope, you‘ll have to use approaches/options your used database provides.

Per my slack message, this won’t/shouldn’t happen in Keycloak. Use one of these options in the database, depending on your requirements PostgreSQL: Documentation: 16: 19.8. Encryption Options

1 Like

I made it, creating a custom JPA converter(implementing jakarta.persistence.AttributeConverter) + orml.xml

Also I created a custom JpaUserProvider to redefine the way to search in the database

@xalfonso how is your solution working for you? do you have any more information on how you achieved this and is there anyway you can share the code via github?