java_ks::config: java_ks configuration
java_ks: Manages the entries in a java keystore, and uses composite namevars to accomplish the same alias spread across multiple target keystores.
java_ks configuration
The following parameters are available in the java_ks::config class:
Data type: Any
Default value: {}
Manages the entries in a java keystore, and uses composite namevars to accomplish the same alias spread across multiple target keystores.
The following properties are available in the java_ks type.
Valid values: present, absent, latest
Has three states: present, absent, and latest. Latest will compare the on disk SHA1 fingerprint of the certificate to that in keytool to determine if insync? returns true or false. We redefine insync? for this parameter to accomplish this.
Default value: present
The password used to protect the keystore. If private keys are subsequently also protected this password will be used to attempt unlocking. Must be six or more characters in length. Cannot be used together with :password_file, but you must pass at least one of these parameters.
The following parameters are available in the java_ks type.
certificatecertificate_contentchaindestkeypasskeytool_timeoutnamepassword_fail_resetpassword_filepathprivate_keyprivate_key_contentprivate_key_typeprovidersource_aliassource_passwordstoretypetargettrustcacerts
A file containing a server certificate, followed by zero or more intermediate certificate authorities. All certificates will be placed in the keystore. This will autorequire the specified file.
A string containing a server certificate, followed by zero or more intermediate certificate authorities. All certificates will be placed in the keystore.
The intermediate certificate authorities, if they are to be taken from a file separate from the server certificate. This will autorequire the specified file.
The password used to protect the key in keystore.
Timeout for the keytool command in seconds.
Default value: 120
namevar
The alias that is used to identify the entry in the keystore. This will be converted to lowercase.
Valid values: true, false
If the supplied password does not succeed in unlocking the keystore file, then delete the keystore file and create a new one. Default: false.
Default value: false
The path to a file containing the password used to protect the keystore. This cannot be used together with :password, but you must pass at least one of these parameters.
The search path used for command (keytool, openssl) execution. Paths can be specified as an array or as a '
If you want an application to be a server and encrypt traffic, you will need a private key. Private key entries in a keystore must be accompanied by a signed certificate for the keytool provider. This parameter allows you to specify the file name containing the private key. This will autorequire the specified file.
If you want an application to be a server and encrypt traffic, you will need a private key. Private key entries in a keystore must be accompanied by a signed certificate for the keytool provider. This parameter allows you to specify the content of the private key.
Valid values: rsa, dsa, ec
The type of the private key. Usually the private key is of type RSA key but it can also be an Elliptic Curve key (EC) or DSA. Valid options: , , . Defaults to
Default value: rsa
The specific backend to use for this java_ks resource. You will seldom need to specify this --- Puppet will usually
discover the appropriate provider for your platform.
The source certificate alias
The source keystore password
Valid values: jceks, pkcs12, jks
Optional storetype Valid options: , ,
namevar
Destination file for the keystore. This will autorequire the parent directory of the file.
Valid values: true, false
Certificate authorities aren't by default trusted so if you are adding a CA you need to set this to true. Defaults to :false.
Default value: false