Class SecretsKeyManagerHeaplet

java.lang.Object
org.forgerock.openig.heap.GenericHeaplet
org.forgerock.openig.secrets.SecretsKeyManagerHeaplet
All Implemented Interfaces:
Heaplet

public class SecretsKeyManagerHeaplet extends GenericHeaplet
A SecretsKeyManagerHeaplet acts as a factory of SecretsKeyManager.

It is meant to be used when private keys, to be used in TLS handshakes, are available through the ForgeRock Secrets API (when using KeyStoreSecretStore for instance).

 {
       "type": "SecretsKeyManager",
       "config": {
         "signingSecretId":  secret-id               [ REQUIRED - Secret ID used to retrieve private key. ]
         "secretsProvider":  Secrets Provider        [ REQUIRED - Resolves private key. ]
       }
    }
 

Usage example with a keystore

Use a given private key found in a given keystore during TLS handshake.

 {
      "type": "SecretsKeyManager",
      "config": {
        "signingSecretId": "key.manager.secret.id",
        "secretsProvider": {
          "type": "KeyStoreSecretStore",
          "config": {
            "file": "&{ig.istance.dir}/certs/openig.example.com.p12",
            "storePassword": "keystore.pass",
            "secretsProvider": "SecretsPasswords",
            "mappings": [{
              "secretId": "key.manager.secret.id",
              "aliases": [ "openig.example.com" ]
            }]
          }
        }
      }
   }
 
See Also:
  • Constructor Details

    • SecretsKeyManagerHeaplet

      public SecretsKeyManagerHeaplet()
  • Method Details