Connector Security

Advanced protection for your connector credentials through encryption and IDHub's best practices. Our approach guarantees that your data remains secure at every stage. We continuously update our security measures to adapt to emerging threats and ensure the highest level of protection.

Password Manager.png

Overview

At IDHub, we prioritize the security of your connector credentials, implementing rigorous measures to safeguard them. These credentials are securely stored, with their values encrypted to prevent unauthorized access. We utilize advanced encryption techniques and follow industry best practices to ensure that your data remains protected. Our security approach also includes regular updates and assessments to address emerging threats and vulnerabilities.

Encryption Methodology

We employ Encryptors.stronger to create a BytesEncryptor with the following specifications: See Spring Security Crypto Module :: Spring Security for more details.

Encryption Algorithm

256-bit AES in Galois Counter Mode (GCM)

Key Derivation

PBKDF2 (Password-Based Key Derivation Function #2)

Initialization Vector(IV)

A 16-byte random value applied to ensure uniqueness

Encryption and Decryption Process

Encryption

  • The encryption key is derived using the 256-bit AES encryption with GCM algorithm.
  • The sensitive value is encrypted using this key and a randomly generated IV.
  • The encrypted value is securely stored within the application's file system.

Decryption

  • The encrypted value is retrieved from secure storage.
  • It is decrypted using the 256-bit AES encryption with GCM algorithm and the passphrase.
  • This process ensures that only authorized parties with the correct passphrase can access the original sensitive data.


Encryption in Transit
To protect sensitive data during network transmission, we implement HTTPS using the SSL/TLS protocol:

  • SSL/TLS Protocol:
    HTTPS encrypts data in transit, preventing eavesdropping and tampering.
     
  • Certificate Management:
    We use SSL/TLS certificates issued by trusted Certificate Authorities (CAs) to establish secure connections, regularly updating them to maintain security.

 

Securing Credential/Secrets

Service Accounts

Workloads utilize the least-privileged service accounts necessary for their tasks.

Network Policies

We define network policies to control traffic flow between different services and external resources.

Audit Logging

Audit logging is enabled to track all actions performed, aiding in security monitoring and incident response.

Securing Data in Containers

  • Volume Abstraction:
    Containers use volumes to manage persistent data storage, allowing for better control, encryption, backup, and restoration independently of the container.
     
  • Network Isolation:
    Containers are isolated at the network level, preventing unauthorized access and lateral movement within the environment.
     
  • Image Scanning and Vulnerability Management:
    We proactively scan container images for known vulnerabilities before deploying them to production environments.

Security Considerations

  • Passphrase Security: The passphrase used for encryption is kept secure and not shared.
     
  • Salt Security: The salt is essential for preventing dictionary attacks. We ensure that the salt is generated randomly and kept secure.

Conclusion

By leveraging 256-bit AES encryption with Galois Counter Mode (GCM), we provide a high level of security for storing and managing sensitive data within our containers. This approach, combined with secure network transmission using HTTPS, ensures the protection of confidential information against unauthorized access and potential breaches.

Learn more...

IDHub Extras

https://media.sath.com/Screenshot_from_2023_06_16_12_44_24_1aa1286c8f/Screenshot_from_2023_06_16_12_44_24_1aa1286c8f.png

Workflow Basics

Learn Workflow Basics, see our most common workflow scenarios, and brush up on your workflow skills for your own business workflows.

https://media.sath.com/featured_access_control_policy_template_2_ecd665465b/featured_access_control_policy_template_2_ecd665465b.jpg

Access Control

Learn more about Access Control and utilize our free Access Control Policy Template, to help establish a healthy framework for your organizations access control.

https://media.sath.com/shutterstock_2254102897_07fc7b1f33/shutterstock_2254102897_07fc7b1f33.jpg

The Cost Of IAM

Learn why IAM is so expensive and how the benefits outweigh the initial price tag in our blog post: Why is Identity Management so expensive?