Describe the feature request?
Highly privileged service applications (Super Admins) using this SDK and authenticating against Okta with public/private key pairs (JWKs) store their credentials (private keys) in text files, such as appsettings.json or okta.yml. Any malicious actor with read access to these files can compromise the Okta tenant.
I thus wonder if it would be possible to optionally store the keys in TPM chips. In Windows, this can be achieved by using the Key Storage Providers (KSPs). One of the built-in KSPs is the Microsoft Platform Key Storage Provider, which is backed by TPM. This is at least what Microsoft does with their .NET SDK and PowerShell module for the Microsoft Graph API, Azure Resource Manager, etc.
New or Affected Resource(s)
Okta.Sdk.Client.Configuration class
Provide a documentation link
No response
Additional Information?
No response
Describe the feature request?
Highly privileged service applications (Super Admins) using this SDK and authenticating against Okta with public/private key pairs (JWKs) store their credentials (private keys) in text files, such as
appsettings.jsonorokta.yml. Any malicious actor with read access to these files can compromise the Okta tenant.I thus wonder if it would be possible to optionally store the keys in TPM chips. In Windows, this can be achieved by using the Key Storage Providers (KSPs). One of the built-in KSPs is the Microsoft Platform Key Storage Provider, which is backed by TPM. This is at least what Microsoft does with their .NET SDK and PowerShell module for the Microsoft Graph API, Azure Resource Manager, etc.
New or Affected Resource(s)
Okta.Sdk.Client.ConfigurationclassProvide a documentation link
No response
Additional Information?
No response