Package org.forgerock.openig.secrets
Class KeyStoreSecretStoreHeaplet
- java.lang.Object
-
- org.forgerock.openig.heap.GenericHeaplet
-
- org.forgerock.openig.secrets.KeyStoreSecretStoreHeaplet
-
- All Implemented Interfaces:
Heaplet
public class KeyStoreSecretStoreHeaplet extends GenericHeaplet
This heaplet represents an instance of aKeyStoreSecretStore
.{ "type": "KeyStoreSecretStore", "config": { "file": expression [REQUIRED - location of the KeyStore.] "storeType": expression [OPTIONAL - type of the store, default: "PKCS12". ] "storePasswordSecretId": expression [OPTIONAL - Secret ID referring to the KeyStore password. when not set expect unprotected KeyStore] "entryPasswordSecretId": expression [OPTIONAL - Secret ID referring to the entries' password. default to storePasswordSecretId. (1)] "secretsProvider": Secrets Provider [OPTIONAL - resolve keystore passwords. defaults to route's secret service] "leaseExpiry": expression<duration> [OPTIONAL - defaults to 5 minutes.] "mappings": [ array [REQUIRED - array of object.] { object "secretId": expression [REQUIRED - ID of the secret.] "aliases": [ expression ] [REQUIRED - list of aliases corresponding to the above secret. Order matters here and the first is the active secret.] } ] "autoRefresh": { object [OPTIONAL - indicate if this KeyStoreSecretStore should be refreshed on keystore change (edit and delete).] "enabled": expression<boolean> [OPTIONAL - Configure with boolean expression resolving to 'true' to enable, or 'false' to disable. Default is enabled.] "executor": executor [OPTIONAL - Executor to use in monitoring the keystore, defaults to heap-configured {@literal SCHEDULED_EXECUTOR_SERVICE_HEAP_KEY}.] } } }
Example:
{ "type": "KeyStoreSecretStore", "config": { "file": "/path/to/keystore.file", "storePasswordSecretId": "keystore.pass", "entryPasswordSecretId": "keystore.entries.pass", "mappings": [{ "secretId": "global.pcookie.crypt", "aliases": [ "rsapair72", "rsapair72-inactive" ] }] } }
{ "type": "KeyStoreSecretStore", "config": { "file": "/path/to/keystore.file", "storePasswordSecretId": "keystore.pass", "entryPasswordSecretId": "keystore.entries.pass", "mappings": [{ "secretId": "global.pcookie.crypt", "aliases": [ "rsapair72", "rsapair72-inactive" ] }] "autoRefresh": { "enabled": "${my.boolean.property}", "executor": "#refreshExecutor" } } }
- See Also:
KeyStoreSecretStore
-
-
Constructor Summary
Constructors Constructor Description KeyStoreSecretStoreHeaplet()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description Object
create()
Called to request the heaplet create an object.void
destroy()
Called to indicate that the object created by the heaplet is going to be dereferenced.-
Methods inherited from class org.forgerock.openig.heap.GenericHeaplet
create, endpointRegistry, evaluatedWithHeapProperties, expression, getConfig, getHeap, getSecretService, getSecretsProvider, getType, initialBindings, meterRegistryHolder, start
-
-
-
-
Method Detail
-
create
public Object create() throws HeapException
Description copied from class:GenericHeaplet
Called to request the heaplet create an object. Called byHeaplet.create(Name, JsonValue, Heap)
after initializing the protected field members. Implementations should parse configuration but not acquire resources, start threads, or log any initialization messages. These tasks should be performed by theGenericHeaplet.start()
method.- Specified by:
create
in classGenericHeaplet
- Returns:
- The created object.
- Throws:
HeapException
- if an exception occurred during creation of the heap object or any of its dependencies.
-
destroy
public void destroy()
Description copied from interface:Heaplet
Called to indicate that the object created by the heaplet is going to be dereferenced. This gives the heaplet an opportunity to free any resources that are being held prior to its dereference.- Specified by:
destroy
in interfaceHeaplet
- Overrides:
destroy
in classGenericHeaplet
-
-