Class KeyStoreCredentialStore


  • public final class KeyStoreCredentialStore
    extends CredentialStoreSpi
    A flexible credential store which is backed by a key store. The key store holds the credentials, encoding identifying information into the alias to allow multiple credentials to be stored under each alias (something keystores generally do not support).

    This credential store cannot convert an arbitrary key store into a credential store; it can only understand entries that it itself has added. Entries not understood by this credential store will be ignored (and a log message will be generated indicating the presence of unknown credentials).

    The following configuration parameters are supported:

    • location: specifies the location of the key store (none means, use an in-memory store and do not store changes)
    • modifiable: specifies whether the credential store should be modifiable
    • create: specifies to automatically create storage file for this credential store (defaults to false).

      If external is true, the storage file will be created calling the flush() method. If external is false and the storage file does not exist yet, then an empty credential store is created when initialize(java.util.Map<java.lang.String, java.lang.String>, org.wildfly.security.credential.store.CredentialStore.ProtectionParameter, java.security.Provider[]) method is invoked.

    • keyStoreType: specifies the key store type to use (defaults to KeyStore.getDefaultType())
    • keyAlias: specifies the secret key alias within the key store to use for encrypt/decrypt of data in external storage (defaults to cs_key)
    • external: specifies whether to store data to external storage and encrypted by keyAlias key (defaults to false)
    • externalPath: specifies path to the external storage. It has to be used in conjunction with external=true
    • cryptoAlg: cryptographic algorithm name to be used to encrypt decrypt entries at external storage (external has to be set to true)