KeyStore (deprecated)
This object is deprecated. Use KeyStoreSecretStore instead. |
The configuration for a Java KeyStore, which stores cryptographic private keys and public key certificates.
Legacy keystore types such as JKS and JCEKS are supported but aren’t secure. Consider using the PKCS#12 keystore type. |
Usage
{
"name": name,
"type": "KeyStore",
"config": {
"url": configuration expression<url>,
"passwordSecretId": configuration expression<secret-id>,
"type": configuration expression<string>,
"secretsProvider": SecretsProvider reference
}
}
Properties
"url"
: configuration expression<url>, required-
URL to the keystore file.
Learn more in Expressions.
"passwordSecretId"
: configuration expression<secret-id>, optional-
The secret ID of the password required to read private keys from the KeyStore.
This secret ID must point to a GenericSecret.
If the KeyStore is used as a truststore to store only public key certificates of peers and no password is required to do so, then you don’t have to specify this field.
Default: No password is set.
Learn more in Expressions.
"type"
: configuration expression<string>, optional-
The secret store type.
"secretsProvider"
: SecretsProvider reference, required-
The SecretsProvider to query for the keystore password.
Example
The following example configures a KeyStore that references the Java KeyStore
file $HOME/keystore.p12
. The KeyStore password is provided by a Java
system property or environment variable, and retrieved by the
SystemAndEnvSecretStore. By default, the password value must be base64-encoded.
{
"name": "MyKeyStore",
"type": "KeyStore",
"config": {
"url": "file://${env['HOME']}/keystore.p12",
"passwordSecretId": "keystore.secret.id",
"secretsProvider": "SystemAndEnvSecretStore"
}
}