KeyManager (deprecated)
This object is deprecated; use SecretsKeyManager instead. For more information, refer to the Deprecated section of the Release Notes. |
The configuration of a Java Secure Socket Extension KeyManager to manage private keys for IG. The configuration references the keystore that holds the keys.
When IG acts as a server, it uses a KeyManager to prove its identity to the client. When IG acts as a client, it uses a KeyManager to prove its identity to the server.
Usage
{
"name": string,
"type": "KeyManager",
"config": {
"keystore": KeyStore reference,
"passwordSecretId": configuration expression<secret-id>,
"alg": configuration expression<string>,
"secretsProvider": SecretsProvider reference,
"password": string //deprecated
}
}
Properties
"keystore"
: KeyStore reference, required-
The KeyStore (deprecated) object that references the store for key certificates. When
keystore
is used in a KeyManager, it queries for private keys; whenkeystore
is used in a TrustManager, it queries for certificates.Provide either the name of the keystore object defined in the heap or an inline keystore configuration object.
"passwordSecretId"
: configuration expression<secret-id>, required-
The secret ID of the password required to read private keys from the keystore.
This secret ID must point to a GenericSecret.
"alg"
: configuration expression<string>, optional-
The certificate algorithm to use.
Default: the default for the platform, such as
SunX509
.See also Expressions.
"secretsProvider"
: SecretsProvider reference, optional-
The SecretsProvider to query for the keystore password. For more information, refer to SecretsProvider.
Default: The route’s default secret service. For more information, refer to Default secrets object.
"password"
: string, required-
The use of this property is deprecated; use passwordSecretId
instead. For more information, refer to the Deprecated section of the Release Notes.The password to read private keys from the keystore.
Example
The following example configures a KeyManager that depends on a KeyStore (deprecated) configuration. The KeyManager and KeyStore passwords are provided by Java system properties or environment variables, and retrieved by the SystemAndEnvSecretStore. By default, the password values must be base64-encoded.
{
"name": "MyKeyManager",
"type": "KeyManager",
"config": {
"keystore": {
"type": "KeyStore",
"config": {
"url": "file://${env['HOME']}/keystore.p12",
"passwordSecretId": "keymanager.keystore.secret.id",
"secretsProvider": "SystemAndEnvSecretStore"
}
},
"passwordSecretId": "keymanager.secret.id",
"secretsProvider": "SystemAndEnvSecretStore"
}
}