LukeParke/developer.sailpoint.com
1
0
Fork 0
mirror of https://github.com/LukeHagar/developer.sailpoint.com.git synced 2025-12-06 12:27:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

updated with PR comments

Browse Source
This commit is contained in:
philip-ellis-sp
2023-04-24 13:46:06 -05:00
parent f8e9d17558
commit fe729dd1e3
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
products/idn/docs/identity-now/saas-connectivity/index.md
View File

@@ -40,8 +40,8 @@ With both SaaS connectivity and traditional VA connectivity in place, you can ha
## Connectivity Encryption
Any direct connectors that specify a Virtual Appliance use [Zero Knowledge Encryption](https://community.sailpoint.com/t5/Lighthouse/Protecting-Sensitive-Data-with-Zero-Knowledge-Encryption/ta-p/79657?attachment-id=452) schemes with a RSA 2048-bit asymmetric key pair, with private key on the VA for decryption and public key in the cloud (as part of the VA cluster) for encryption.
Any direct connectors that specify a virtual appliance (VA) use [Zero Knowledge Encryption](https://community.sailpoint.com/t5/Lighthouse/Protecting-Sensitive-Data-with-Zero-Knowledge-Encryption/ta-p/79657?attachment-id=452) schemes with an RSA 2048-bit asymmetric key pair: there is a private key on the VA for decryption and a public key in the cloud (as part of the VA cluster) for encryption.
SaaS connectors cannot operate in the same way as they do not communicate through a VA cluster. Despite this, the asymmetric keypair scheme is still leveraged for SaaS connectors - the keystore simply resides in the cloud instead of on the VA. This keystore is not accessible by any API or source code, and there is also regular rotation of those keypairs through our DevOps-owned processes to ensure that security is maintained to SailPoint standards. Whenever storing secret data, use the ```secret``` or ```secrettextarea``` field types.
SaaS connectors can't operate the same way because they don't communicate through VA clusters. Despite this, SaaS connectors can still leverage the asymmetric keypair scheme - the keystore simply resides in the cloud instead of on the VA. This keystore is not accessible by any API or source code, and there is regular rotation of those keypairs through SailPoint's DevOps-owned processes to ensure that security is maintained to SailPoint standards. Whenever you are storing secret data, use the ```secret``` or ```secrettextarea``` field types.