4 Replies Latest reply on Nov 16, 2018 7:51 AM by Wolfgang Mayer

    Extracting a trustore credential reference

    Meissa Sakho Newbie

      Hello everyone,

      I would like to extract the credential reference value from an elytron truststore in order to reference in my Keycloak trsustore SPI.

      The extract below is my truststore:

      <key-stores>

           <key-store name="kcTrustStore">

                              <credential-reference clear-text="bWJD4xV9ylcfAHHm6S8VMviQ0Q8zpoQ/pwI02zsDQnQ="/>

                              <implementation type="JKS"/>

                              <file path="/opt/jboss/keycloak/standalone/configuration/keystores/truststore.jks"/>

                          </key-store>

          </key-stores>

       

      The cli command below let me get access to the credential-reference but not the value itself:

      /subsystem=elytron/key-store=kcTrustStore:read-attribute(name=credential-reference)

       

      The truststore SPI is configured like below:

      <spi name="truststore">

          <provider name="file" enabled="true">

              <properties>

                  <property name="file" value="path to your .jks file containing public certificates"/>

                  <property name="password" value="password"/>

                  <property name="hostname-verification-policy" value="WILDCARD"/>

                  <property name="disabled" value="false"/>

              </properties>

          </provider>

      </spi>

       

      The cli commands below let me configure the SPI parameters execpt for the password value (in bold)

      /subsystem=keycloak-server/spi=truststore:add

      /subsystem=keycloak-server/spi=truststore/provider=file:add(enabled=true)

      /subsystem=keycloak-server/spi=truststore/provider=file/:map-put(name=properties,key=file, value=/opt/jboss/keycloak/standalone/configuration/keystores/truststore.jks)

      /subsystem=keycloak-server/spi=truststore/provider=file/:map-put(name=properties,key=password, value={clear-text=$keycloak_tls_truststore_password})

      /subsystem=keycloak-server/spi=truststore/provider=file/:map-put(name=properties,key=hostname-verification-policy, value="WILDCARD")

       

      How could I extract the the credential-reference in order to put ii in my SPI?

      Can I put it in a cli system-property for example?

      Regards,

      Meissa