Skip to content
Creates Java KeyStore and TrustStore instances from environment variables
Branch: master
Clone or download
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.mvn/wrapper Moved to com.heroku for version 1.0.0 Aug 1, 2017
src expose BasicKeyStore for using without env vars Nov 19, 2018
.gitignore Add temp to ignore list Aug 8, 2018
.travis.yml
LICENSE Moved to com.heroku for version 1.0.0 Aug 1, 2017
README.md Updated readme [skip ci] Aug 8, 2018
mvnw Moved to com.heroku for version 1.0.0 Aug 1, 2017
mvnw.cmd Moved to com.heroku for version 1.0.0 Aug 1, 2017
pom.xml 1.62 Jun 7, 2019
release.sh Add MAVEN_CUSTOM_OPTS to release script Jun 9, 2019

README.md

EnvKeyStore Build Status Maven Central

A Java library to create KeyStore and TrustStore objects in memory from environment variables.

Usage

Include this library in your application as a Maven depenency:

<dependency>
  <groupId>com.heroku.sdk</groupId>
  <artifactId>env-keystore</artifactId>
</dependency>

Creating a TrustStore

Creating a TrustStore requires that the certificate PEM be set as an environment variable. You pass that environment variable name to the EnvKeyStore.create method:

KeyStore ts = EnvKeyStore.createWithRandomPassword("TRUSTED_CERT").keyStore();

You can use the KeyStore like any other. For example, you might invoke a service with the trusted cert:

String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
tmf.init(ts);

SSLContext sc = SSLContext.getInstance("TLS");
sc.init(null, tmf.getTrustManagers(), new SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());

String urlStr = "https://ssl.selfsigned.xyz";
URL url = new URL(urlStr);
HttpsURLConnection con = (HttpsURLConnection)url.openConnection();
con.setDoInput(true);
con.setRequestMethod("GET");
con.getInputStream().close();

Creating a KeyStore

Creating a KeyStore requires that the key, certificate and password are all set as environment variables. You pass the environment variable names to the EnvKeyStore.create method:

KeyStore ks = EnvKeyStore.create("KEYSTORE_KEY", "KEYSTORE_CERT", "KEYSTORE_PASSWORD").keyStore();

You can use the KeyStore like any other. But you might also want to convert it to an input stream. For example, you might start a Ratpack server:

EnvKeyStore eks = EnvKeyStore.create("KEYSTORE_KEY", "KEYSTORE_CERT", "KEYSTORE_PASSWORD");

RatpackServer.start(s -> s
  .serverConfig(c -> {
    c.ssl(SSLContexts.sslContext(eks.toInputStream(), eks.password()));
  })
  .handlers(chain -> chain
    .all(ctx -> ctx.render("Hello!"))
  )
);
You can’t perform that action at this time.