PingGateway 2024.6

KeyStore (deprecated)

This object is deprecated; use KeyStoreSecretStore instead. For more information, refer to the Deprecated section of the Release Notes.

The configuration for a Java KeyStore, which stores cryptographic private keys and public key certificates.

Legacy keystore types such as JKS and JCEKS are supported but are not secure. Consider using the PKCS#12 keystore type.


  "name": name,
  "type": "KeyStore",
  "config": {
    "url": configuration expression<url>,
    "passwordSecretId": configuration expression<secret-id>,
    "type": configuration expression<string>,
    "secretsProvider": SecretsProvider reference


"url": configuration expression<url>, required

URL to the keystore file.

See also Expressions.

"passwordSecretId": configuration expression<secret-id>, optional

The secret ID of the password required to read private keys from the KeyStore.

This secret ID must point to a GenericSecret.

If the KeyStore is used as a truststore to store only public key certificates of peers and no password is required to do so, then you do not have to specify this field.

Default: No password is set.

See also Expressions.

"type": configuration expression<string>, optional

The secret store type.

"secretsProvider": SecretsProvider reference, required

The SecretsProvider to query for the keystore password.


The following example configures a KeyStore that references the Java KeyStore file $HOME/keystore.p12. The KeyStore password is provided by a Java system property or environment variable, and retrieved by the SystemAndEnvSecretStore. By default, the password value must be base64-encoded.

  "name": "MyKeyStore",
  "type": "KeyStore",
  "config": {
    "url": "file://${env['HOME']}/keystore.p12",
    "passwordSecretId": "",
    "secretsProvider": "SystemAndEnvSecretStore"
Copyright © 2010-2024 ForgeRock, all rights reserved.