I’m trying to figure out how Keycloak handles/stores passwords. I’m glad to look through documentation, but in my searching I haven’t found anything that addresses this yet.
I have two primary questions about how Keycloak password handling.
- Is Keycloak hashing passwords?
- Is Keycloak salting passwords?
And if Keycloak is not salting passwords, is there a recommended way to do our own salting? The only thing I can think to do currently would be to set up a database just to store salt, but that would be a lot of work just to store a salt.