Package org.forgerock.openam.secrets.config

Enum PropertyFormat

    • Enum Constant Detail

      • PLAIN

        public static final PropertyFormat PLAIN
        A plain text value. The UTF-8 bytes of the value are used as the secret.

      • BASE64

        public static final PropertyFormat BASE64
        A base64-encoded binary value.

      • ENCRYPTED_PLAIN

        public static final PropertyFormat ENCRYPTED_PLAIN
        A text value encrypted with AM's server encryption key. The value will be decrypted with DecodeAction and the UTF-8 bytes used as the secret.

      • ENCRYPTED_BASE64

        public static final PropertyFormat ENCRYPTED_BASE64
        A base64-encoded binary value encrypted with AM's server key. The value is decrypted with DecodeAction and then base64-decoded.

      • GOOGLE_KMS_ENCRYPTED

        public static final PropertyFormat GOOGLE_KMS_ENCRYPTED
        A base64-encoded value that has been encrypted with Google Cloud Platform Key Management Service. The secret will be decrypted using the KMS key named by the org.forgerock.openam.secrets.googlekms.decryptionkey system property. The GCP SDK will automatically load KMS credentials from the environment.

      • GOOGLE_KMS_ENCRYPTED_HMAC_KEY

        @Deprecated
public static final PropertyFormat GOOGLE_KMS_ENCRYPTED_HMAC_KEY
        Deprecated.
        Prefer GOOGLE_KMS_ENCRYPTED_PEM for keys.
        A base64-encoded value that has been encrypted with Google Cloud Platform Key Management Service. The secret will be decrypted using the KMS key named by the org.forgerock.openam.secrets.googlekms.decryptionkey system property. The GCP SDK will automatically load KMS credentials from the environment. The decrypted value will be interpreted as a HMAC key.

      • PEM

        public static final PropertyFormat PEM
        Certificates, keys, and passwords in Privacy Enhanced Mail (PEM) format. This format is widely supported by tools such as OpenSSL. Encrypted private keys can be decrypted using passwords configured for the Labels.PEM_PRIVATE_KEY_DECRYPTION secret ID. This currently only supports loading passwords from global secret stores.

      • ENCRYPTED_PEM

        public static final PropertyFormat ENCRYPTED_PEM
        Certificates, keys, and passwords in Privacy Enhanced Mail (PEM) format that have then been encrypted with AM's password-based encryption. The value is decrypted with ENCRYPTED_PLAIN and then passed to the PEM decoder.

      • GOOGLE_KMS_ENCRYPTED_PEM

        public static final PropertyFormat GOOGLE_KMS_ENCRYPTED_PEM
        Certificates, keys, and passwords in Privacy Enhanced Mail (PEM) format that have then been encrypted with Google KMS. The value is decrypted with GOOGLE_KMS_ENCRYPTED and then passed to the PEM decoder.

    • Method Detail

      • values

        public static PropertyFormat[] values()
        Returns an array containing the constants of this enum type, in the order they are declared. This method may be used to iterate over the constants as follows: 
        for (PropertyFormat c : PropertyFormat.values())
    System.out.println(c);
        Returns:
        an array containing the constants of this enum type, in the order they are declared

      • valueOf

        public static PropertyFormat valueOf​(String name)
        Returns the enum constant of this type with the specified name. The string must match exactly an identifier used to declare an enum constant in this type. (Extraneous whitespace characters are not permitted.)
        Parameters:
        name - the name of the enum constant to be returned.
        Returns:
        the enum constant with the specified name
        Throws:
        IllegalArgumentException - if this enum type has no constant with the specified name
        NullPointerException - if the argument is null