KeyStore

This represents the configuration for a Java KeyStore, which stores cryptographic private keys and public key certificates.

Usage

{
  "name": name,
  "type": "KeyStore",
  "config": {
    "url": configuration expression<uri string>,
    "passwordSecretId": configuration expression<secret-id>,
    "type": configuration expression<string>,
    "secretsProvider": SecretsProvider reference
  }
}

Properties

"url": configuration expression<uri string>, required

URL to the keystore file.

See also "Expressions".

"passwordSecretId": configuration expression<secret-id>, optional

The secret ID of the password required to read private keys from the KeyStore.

For information about supported formats for secret-id, see secret-id.

If the KeyStore is used as a truststore to store only public key certificates of peers and no password is required to do so, then you do not have to specify this field.

Default: No password is set.

See also "Expressions".

"type": configuration expression<string>, optional

The KeyStore type. For a list of types, see KeyStore Types.

Default: When this property is not configured, the type is given by the keystore extension, as follows:

ExtensionType

.jks

JKS

.jceks

JCEKS

.p12, .pfx, .pkcs12, and all other extensions

PKCS12

"secretsProvider": SecretsProvider reference, optional

The SecretsProvider to query for the keystore password. For more information, see "SecretsProvider".

Default: The route's default secret service. For more information, see "Default Secrets Object".

Example

The following example configures a KeyStore that references the Java KeyStore file, $HOME/keystore.jks. The KeyStore takes a password that you supply as a Java system property when you start IG, for example -Dkeypass=password. 

{
  "name": "MyKeyStore",
  "type": "KeyStore",
  "config": {
    "url": "file://${env['HOME']}/keystore.jks",
    "passwordSecretId": "${system['keypass']}",
    "secretsProvider": "SystemAndEnvSecretStore"
  }
}
Read a different version of :