---
title: Encrypted objects
description: Encrypted objects and properties, such as passwords, include a $crypto object, that has the following structure:
component: pingidm
version: 8.1
page_id: pingidm:security-guide:encrypted-objects
canonical_url: https://docs.pingidentity.com/pingidm/8.1/security-guide/encrypted-objects.html
keywords: ["Security", "Encryption", "Objects"]
---

# Encrypted objects

|   |                                                                                                                                                                                                               |
| - | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|   | The `$crypto` blob is classified as an [IDM internal object](../release-notes/appendix-interface-stability.html#table-interface-stability) and is subject to change. Don't rely on the format of this object. |

Encrypted objects and properties, such as passwords, include a `$crypto` object, that has the following structure:

```json
"password": {
  "$crypto": {
    "type": "x-simple-encryption",
    "value": {
      "cipher": "AES/CBC/PKCS5Padding",
      "stableId": "openidm-sym-default",
      "salt": "Gwi+AGrn+VBOTmyq+TTuuw==",
      "data": "+9i7XAXpWZBXYTVEOBkM+w==",
      "keySize": 16,
      "purpose": "idm.password.encryption",
      "iv": "4xtI88eFu5tgfm8ooq+yqQ==",
      "mac": "N1zsYo71M/b/G6iLOhNohA=="
    }
  }
}
```

Most of the properties in the encrypted object `value` are self-explanatory and indicate how the property was encrypted. Specific IDM properties include the following:

* The `stableId` indicates the key alias that was used to encrypt the property value.

* The `purpose` refers to the secret ID used to encrypt the property value. For more information about secret IDs, refer to [Secret stores](secret-stores.html).