Configure the Domino credential store
AppDev Pack components use the Domino credential store to store the credentials needed to make
to the IAM service. Introspection is the call that the Domino server makes to the IAM service to authenticate and retrieve
the user details. When an application acts on behalf of a user it obtains an
- Proton makes introspection calls to the IAM service when it receives an AccessToken from an application using the domino-db Node.js module.
- the Domino web server, through the use of a DSAPI filter, makes introspection calls to the IAM service when a HTTP request contains a bearer token.
Create the encryption key
A named encryption key (NEK) is stored in the Domino
server's ID file. The Domino server uses this key to encrypt the documents in the credential store.
Execute the following command on the Domino server console to create a NEK called
> keymgmt create nek mycredstorekey 12/10/2019 11:20:44.36 AM NEK > NEK mycredstorekey - Fingerprint 0681 4C0E C230 7CD1 3833 49DC 2ADD 7976 DE38 2577 NEK mycredstorekey created successfully >
Make a record of the NEK Fingerprint to use to verify the key with the credential store.
Create the credential store database
The credential store is a special Domino database. Use the following command on the Domino server to create it on the Domino server. Provide the NEK created above for encrypting the data in this database. Verify the NEK Fingerprint in the command output.
> keymgmt create credstore mycredstorekey Credential Store Name : IBM_CredStore\credstore.nsf NEK Fingerprint : 0681 4C0E C230 7CD1 3833 49DC 2ADD 7976 DE38 2577 Credential Store created successfully. The credential store was NOT created in a cluster. If you wish to cluster the current server or move the credential store to another server, see the product documentation Nonce Fingerprint : 7480 4100 55B5 A403 77EF CF7D 9AB0 0484 C45D 4B3E >
Use the HCL Domino Administrator client to confirm that your Domino server has the credential store database as shown below: