Parameter:
DominoCredentialStoreShort description: Enables the Domino Credential Store (
credstore.nsf) for encrypted storage of secrets used by OAuth, REST, and integrations.Profile
Parameter | DominoCredentialStore |
Category | Security / TLS |
Component | Server |
Available since | 10.0 |
Supported versions | 10.0, 11.0, 12.0, 14.0, 14.5 |
GUI equivalent | notes.ini only (no GUI) |
Possible values | NSF file name of the credential store, typically credstore.nsf |
Description
The Credential Store is a specially encrypted database (
credstore.nsf) where Domino keeps secrets such as API keys, OAuth client secrets, OIDC issuer secrets, or ACME account data. DominoCredentialStore points to the path/name of this database – without this entry, Domino does not know where to look up secrets.For all modern integration features (REST API, IdP Catalog, Domino Backup with cloud targets), the Credential Store is mandatory.
Example configuration
DominoCredentialStore=credstore.nsf
Notes & pitfalls
- The database must exist (template
credstore.ntf).
- Encryption uses the server master key – ID Vault / key backup is mandatory.
- Backups of
credstore.nsfare sensitive; keep access rights minimal.
- For cluster setups, replicate it or run a separate
credstore.nsfper server.
- The change only takes effect after a server restart.