oidc-agent
  • Introduction
  • Quickstart
  • Migrating to oidc-agent 5
  • Installation
    • Linux
    • MacOS
    • Windows
  • Configuration
    • oidc-agent Directory
    • General Configuration
    • Custom Request Parameter
    • Configuration of Providers
    • oidc-agent Integration
    • Agent Forwarding
  • Usage
    • oidc-agent
      • Starting oidc-agent
      • General Usage
      • Detailed Information About All Options
    • oidc-agent-service
    • oidc-keychain
      • General Usage
      • Detailed Information About All Options
    • oidc-gen
      • General Usage
      • Detailed Information About All Options
      • Integrate With Different Providers
        • B2Access
        • EGI
        • Elixir
        • Google
        • HBP
        • Helmholtz AAI
        • IAM (INDIGO/DEEP)
        • KIT
        • Any Other Provider
        • Known Issues
        • Client Configuration Values
    • oidc-add
      • General Usage
      • Detailed Information About All Options
    • oidc-token
      • General Usage
      • Detailed Information About All Options
    • oidc-tokensh
      • General Usage
      • Detailed Information About All Options
    • Other Applications Using oidc-agent
    • Tips
    • oidc-agent-server
  • Windows
    • Installation
  • MAC OS
    • State of Feature Support
    • Installation
  • Security
    • Privilege Separation & Architecture
    • Account Configuration Files
    • Credentials
    • Memory
    • Agent Locking
    • Communication
    • Encryption Passwords
    • Autounload (Lifetime)
    • User Confirmation
    • Tracing
    • seccomp
    • Final Note
  • API
    • liboidc-agent4
    • liboidcagent-go
    • liboidcagent-py
    • IPC-API
Powered by GitBook
On this page
  1. Security

Account Configuration Files

PreviousPrivilege Separation & ArchitectureNextCredentials

Last updated 1 year ago

The generated account configuration files contain sensitive information (i.e. client credentials and the refresh token) and are therefore stored in an encrypted way.

There are two options to encrypt account configurations:

  • via gpg-agent

  • password-based

All encryption (except gpg-based) done in the oidc-agent project is done through the , which is also used by software such as Discord, RavenDB, or Wire.

The encryption uses an XSalsa20 stream cipher.

libsodium library