Hello everyone,

I would like to extract the credential reference value from an elytron truststore in order to reference in my Keycloak trsustore SPI.

The extract below is my truststore:

<key-stores>

     <key-store name="kcTrustStore">

                        <credential-reference clear-text="bWJD4xV9ylcfAHHm6S8VMviQ0Q8zpoQ/pwI02zsDQnQ="/>

                        <implementation type="JKS"/>

                        <file path="/opt/jboss/keycloak/standalone/configuration/keystores/truststore.jks"/>

                    </key-store>

    </key-stores>

The cli command below let me get access to the credential-reference but not the value itself:

/subsystem=elytron/key-store=kcTrustStore:read-attribute(name=credential-reference)

The truststore SPI is configured like below:

<spi name="truststore">

    <provider name="file" enabled="true">

        <properties>

            <property name="file" value="path to your .jks file containing public certificates"/>

            <property name="password" value="password"/>

            <property name="hostname-verification-policy" value="WILDCARD"/>

            <property name="disabled" value="false"/>

        </properties>

    </provider>

</spi>

The cli commands below let me configure the SPI parameters execpt for the password value (in bold)

/subsystem=keycloak-server/spi=truststore:add

/subsystem=keycloak-server/spi=truststore/provider=file:add(enabled=true)

/subsystem=keycloak-server/spi=truststore/provider=file/:map-put(name=properties,key=file, value=/opt/jboss/keycloak/standalone/configuration/keystores/truststore.jks)

/subsystem=keycloak-server/spi=truststore/provider=file/:map-put(name=properties,key=password, value={clear-text=$keycloak_tls_truststore_password})

/subsystem=keycloak-server/spi=truststore/provider=file/:map-put(name=properties,key=hostname-verification-policy, value="WILDCARD")

How could I extract the the credential-reference in order to put ii in my SPI?

Can I put it in a cli system-property for example?

Regards,

Meissa