1.3 SecretStore Functionality

The API in this document describes the Get and Set methods required to store user or application secrets (e.g., user name, password, identification number, pin, token or biometric authentication information, etc.) in a persistent storage location on eDirectory, as shown in Figure 1-3.

In essence, SecretStore consists of encrypted hidden user attributes that are contained on the user object. Encryption of these attributes in eDirectory using the Novell International Cryptographic Infrastructure (NICI) ensures that authentication information remains safe and secure from unauthorized access. Depending on your geographic location, credentials can be encrypted using either DES (64-bit) or Triple DES (128 bit) encryption strength.

Instead of making direct calls to eDirectory to obtain stored user credentials, the SecretStore API enables your applications' connectors to make the necessary Get and Set calls to facilitate passing of credentials between SecretStore and the application.