SecretsTrustManager
Uses the Commons Secrets API to manage trust material that verifies the credentials presented by a peer. Trust material is usually public key certificates. The configuration references the secrets store that holds the trust material.
Usage
{
"name": string,
"type": "SecretsTrustManager",
"config": {
"verificationSecretId": configuration expression<secret-id>,
"secretsProvider": SecretsProvider reference,
"checkRevocation": configuration expression<boolean>
}
}
Properties
"verificationSecretId"
: configuration expression<secret-id>, required-
The secret ID to retrieve trusted certificates.
This secret ID must point to a
CryptoKey
. "secretsProvider"
: SecretsProvider reference, required-
The SecretsProvider to query for secrets to resolve trusted certificates. For more information, refer to SecretsProvider.
"checkRevocation"
: configuration expression<boolean>, optional-
Specifies whether to check for certificate revocation.
Default:
true
Example
The following example trusts a list of certificates found in a given keystore:
{
"name": "SecretsTrustManager-1",
"type": "SecretsTrustManager",
"config": {
"verificationSecretId": "trust.manager.secret.id",
"secretsProvider": {
"type": "KeyStoreSecretStore",
"config": {
"file": "path/to/certs/truststore.p12",
"storePasswordSecretId": "keystore.pass",
"secretsProvider": "SecretsPasswords",
"mappings": [{
"secretId": "trust.manager.secret.id",
"aliases": [ "alias-of-trusted-cert-1", "alias-of-trusted-cert-2" ]
}]
}
}
}
}