public abstract class ConfidentialKey extends Object
The actual value is persisted via
ConfidentialStore, but each use case that requires
a secret like this should use a separate
ConfidentialKey instance so that one compromised
ConfidentialKey (say through incorrect usage and failure to protect it) shouldn't compromise
all the others.
ConfidentialKey is ultimately a sequence of bytes,
but for convenience, a family of subclasses are provided to represent the secret in different formats.
HMACConfidentialKey for example. In addition to the programming
ease, these use case specific subtypes make it harder for vulnerability to creep in by making it harder
for the secret to leak.
ConfidentialKey subtypes are expected to be used as a singleton, like
For code that relies on XStream for persistence (such as
SCMs, and other fragment objects
around builds and jobs),
Secret provides more convenient way of storing secrets.
|Modifier||Constructor and Description|
|Modifier and Type||Method and Description|
Copyright © 2004–2022. All rights reserved.