Class HsmSecretStoreHeaplet

java.lang.Object
org.forgerock.openig.heap.GenericHeaplet
org.forgerock.openig.secrets.HsmSecretStoreHeaplet
All Implemented Interfaces:
Heaplet

public class HsmSecretStoreHeaplet extends GenericHeaplet
This heaplet represents an instance of a HsmSecretStoreHeaplet.
 {
       "type": "HsmSecretStore",
       "config": {
         "providerName":          string                  [ REQUIRED - Pre-installed PKCS#11 Provider name. ]
         "storePasswordSecretId": secret ID               [ OPTIONAL - Secret ID used to retrieve the store password.]
         "secretsProvider":       Secrets Provider        [ REQUIRED - resolve HSM password.]
         "leaseExpiry":           expression<duration>    [ OPTIONAL - defaults to 5 minutes.]
         "mappings": [                                    [ REQUIRED - array of object.]
             {
              "secretId":              expression                 [ REQUIRED - ID of the secret.]
              "aliases":             [ expression  ]              [ REQUIRED - list of aliases corresponding to the
                                                                   above secret. Order matter here and the first is
                                                                   the active secret.]
            }
       }
    }
 

* One of file or providerName is required.

Example:

 {
       "type": "HsmSecretStore",
       "config": {
           "providerName": "SunPKCS11-SoftHSM",
           "storePasswordSecretId": "keystore.password.id",
           "secretsProvider": "mySecretsProvider",
           "mappings": [{
               "secretId": "global.pcookie.crypt",
               "aliases": [ "rsapair72", "rsapair72-inactive" ]
           }]
        }
    }
 
See Also: