·¬ÇÑÉçÇø

Brightspot CMS Developer Guide

Database Secret Service


The Database Secret Service provides in-database encrypted storage of secret values. The service leverages Advanced Encryption Standard (AES) in Galois/Counter Mode (GCM) with no padding for encryption. For key derivation, it uses a Password-Based Key Derivation Function 2 (PBKDF2) algorithm with the Hash-based Message Authentication Code (HMAC) using the Secure Hash Algorithm (SHA)-256.


Configuration of the Database Secret Service is done via environment variables, typically in your Tomcat context.xml file. The key and respective values are described in the table below:

Key Value
brightspot/cms/defaultSecretService The name of the default secret service. This is used in other keys below and is designated as {name}.
brightspot/cms/secretService/{name}/class com.psddev.cms.secret.DatabaseSecretService
brightspot/cms/secretService/{name}/key A secret key to be used for encryption. This could be any value, but should be treated as a password.
Previous Topic
Secure secrets configuration and usage
Next Topic
AWS Secret Service
Was this topic helpful?
Thanks for your feedback.
Our robust, flexible Design System provides hundreds of pre-built components you can use to build the presentation layer of your dreams.

•
•
•
Brightspot is packaged with content types that get you up and running in a matter of days, including assets, modules and landing pages.

• Content types
• Modules
• Landing pages
Everything you need to know when creating, managing, and administering content within Brightspot CMS.

• Dashboards
• Publishing
• Workflows
• Admin configurations
A guide for installing, supporting, extending, modifying and administering code on the Brightspot platform.

• Field types
• Content modeling
• Rich-text elements
• Images
A guide to configuring Brightspot's library of integrations, including pre-built options and developer-configured extensions.

• Google Analytics
• Shopify
• Apple News