Package org.forgerock.openig.secrets

Class KeyStoreSecretStoreHeaplet

java.lang.Object

org.forgerock.openig.heap.GenericHeaplet

org.forgerock.openig.secrets.KeyStoreSecretStoreHeaplet

All Implemented Interfaces:

Heaplet

public class KeyStoreSecretStoreHeaplet
extends GenericHeaplet

This heaplet represents an instance of a KeyStoreSecretStore.

 {
       "type": "KeyStoreSecretStore",
       "config": {
         "file":                 expression                  [ REQUIRED - location of the KeyStore.]
         "storeType":            expression                  [ OPTIONAL - type of the store, default: "PKCS12". ]
         "storePassword":        expression                  [ REQUIRED - password to access the KeyStore.]
         "keyEntryPassword":     expression                  [ OPTIONAL - password to access the entries.
                                                                          default to storePassword. (1)]
         "secretsProvider":      Secrets Provider            [ OPTIONAL - resolve keystore passwords.
                                                                          defaults to route's secret service]
         "leaseExpiry":          expression<duration>        [ OPTIONAL - defaults to 5 minutes.]
         "mappings": [                                       [ REQUIRED - array of object.]
           {
             "secretId":              expression                 [ REQUIRED - ID of the secret.]
             "aliases":             [ expression  ]              [ REQUIRED - list of aliases corresponding to the
                                                                  above secret. Order matter here and the first is
                                                                  the active secret.]
           }
         ]
       }
    }
 

Example:

 {
       "type": "KeyStoreSecretStore",
       "config": {
           "file": "/path/to/keystore.file",
           "storeType": "JCEKS",
           "storePassword": "keystore.pass",
           "keyEntryPassword": "keystore.entries.pass",
           "mappings": [{
               "secretId": "global.pcookie.crypt",
               "aliases": [ "rsapair72", "rsapair72-inactive" ]
           }]
        }
    }
 

(1) Note that if the keyEntryPassword is used, it must be the same for all entries in the keystore. This said, it will not work with JKS having different password for their entries.

See Also:

KeyStoreSecretStore

Field Summary

Fields inherited from class org.forgerock.openig.heap.GenericHeaplet

config, heap, name, object, qualified

Constructor Summary

Constructors

Constructor	Description
KeyStoreSecretStoreHeaplet()

Method Summary

Modifier and Type	Method	Description
Object	create()	Called to request the heaplet create an object.

Methods inherited from class org.forgerock.openig.heap.GenericHeaplet

create, destroy, endpointRegistry, evaluatedWithHeapProperties, expression, getConfig, getHeap, getSecretService, getType, meterRegistryHolder, start

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

KeyStoreSecretStoreHeaplet

public KeyStoreSecretStoreHeaplet()

Method Detail

create

public Object create()
              throws HeapException

Description copied from class: GenericHeaplet

Called to request the heaplet create an object. Called by Heaplet.create(Name, JsonValue, Heap) after initializing the protected field members. Implementations should parse configuration but not acquire resources, start threads, or log any initialization messages. These tasks should be performed by the GenericHeaplet.start() method.

Specified by:

create in class GenericHeaplet

Returns:

The created object.

Throws:

HeapException - if an exception occurred during creation of the heap object or any of its dependencies.