Account Configuration Files
The generated account configuration files contain sensitive information (i.e. client credentials and the refresh token) and are therefore stored in an encrypted way.
There are two options to encrypt account configurations:
via
gpg-agent
password-based
All encryption (except gpg
-based) done in the oidc-agent
project is done through the libsodium library
, which is also used by software such as Discord
, RavenDB
, or Wire
.
The encryption uses an XSalsa20
stream cipher.
Last updated