Hi Ofbiz Security Experts, Requirement: I have an encryption key. Where should I keep it?
>From the various documentation and code review, I found that I can keep them >in the entity "EntityKeyStore". Ideally per my understanding, the encryption >key should be kept elsewhere so that in case the DB is compromised for any >reason, the keys are not. What are the production instructions for storing the keys? Is it possible that I can keep the encryption key(s) in another System (say S3) and then use it? That way I do not have to store the keys in the same database whose data is encrypted with it. I know this is not a new problem, so I am hopeful that there are some solutions to this. Best, Pratyush