Resource Type: java_ks

Defined in:
lib/puppet/type/java_ks.rb
Providers:
keytool

Overview

Manages the entries in a java keystore, and uses composite namevars to accomplish the same alias spread across multiple target keystores.

Properties

  • ensure (defaults to: present)

    Has three states: present, absent, and latest. Latest will compare the on disk SHA1 fingerprint of the certificate to that in keytool to determine if insync? returns true or false. We redefine insync? for this parameter to accomplish this.

    Supported values:
    • present
    • absent
    • latest
  • password

    The password used to protect the keystore. If private keys are subsequently also protected this password will be used to attempt unlocking. Must be six or more characters in length. Cannot be used together with :password_file, but you must pass at least one of these parameters.

Parameters

  • certificate

    A file containing a server certificate, followed by zero or more intermediate certificate authorities. All certificates will be placed in the keystore. This will autorequire the specified file.

  • certificate_content

    A string containing a server certificate, followed by zero or more intermediate certificate authorities. All certificates will be placed in the keystore.

  • chain

    The intermediate certificate authorities, if they are to be taken from a file separate from the server certificate. This will autorequire the specified file.

  • destkeypass

    The password used to protect the key in keystore.

  • keytool_timeout (defaults to: 120)

    Timeout for the keytool command in seconds.

  • name (namevar)

    The alias that is used to identify the entry in the keystore. This will be converted to lowercase.

  • password_fail_reset (defaults to: false)

    If the supplied password does not succeed in unlocking the keystore file, then delete the keystore file and create a new one. Default: false.

    Supported values:
    • true
    • false
  • password_file

    The path to a file containing the password used to protect the keystore. This cannot be used together with :password, but you must pass at least one of these parameters.

  • path

    The search path used for command (keytool, openssl) execution. Paths can be specified as an array or as a ‘

  • private_key

    If you want an application to be a server and encrypt traffic, you will need a private key. Private key entries in a keystore must be accompanied by a signed certificate for the keytool provider. This parameter allows you to specify the file name containing the private key. This will autorequire the specified file.

  • private_key_content

    If you want an application to be a server and encrypt traffic, you will need a private key. Private key entries in a keystore must be accompanied by a signed certificate for the keytool provider. This parameter allows you to specify the content of the private key.

  • private_key_type (defaults to: rsa)

    The type of the private key. Usually the private key is of type RSA key but it can also be an Elliptic Curve key (EC) or DSA. Valid options: <rsa>, <dsa>, <ec>. Defaults to <rsa>

    Supported values:
    • rsa
    • dsa
    • ec
  • provider

    The specific backend to use for this ‘java_ks` resource. You will seldom need to specify this — Puppet will usually discover the appropriate provider for your platform.

  • source_alias

    The source certificate alias

  • source_password

    The source keystore password

  • storetype

    Optional storetype Valid options: <jceks>, <pkcs12>, <jks>

    Supported values:
    • jceks
    • pkcs12
    • jks
  • target (namevar)

    Destination file for the keystore. This will autorequire the parent directory of the file.

  • trustcacerts (defaults to: false)

    Certificate authorities aren’t by default trusted so if you are adding a CA you need to set this to true. Defaults to :false.

    Supported values:
    • true
    • false