salt.modules.keystore¶
Module to interact with keystores
-
salt.modules.keystore.add(name, keystore, passphrase, certificate, private_key=None)¶ Adds certificates to an existing keystore or creates a new one if necesssary.
- Parameters
name -- alias for the certificate
keystore -- The path to the keystore file to query
passphrase -- The passphrase to use to decode the keystore
certificate -- The PEM public certificate to add to keystore. Can be a string for file.
private_key -- (Optional for TrustedCert) The PEM private key to add to the keystore
CLI Example:
salt '*' keystore.add aliasname /tmp/test.store changeit /tmp/testcert.crt salt '*' keystore.add aliasname /tmp/test.store changeit certificate="-----BEGIN CERTIFICATE-----SIb...BM=-----END CERTIFICATE-----" salt '*' keystore.add keyname /tmp/test.store changeit /tmp/512.cert private_key=/tmp/512.key
-
salt.modules.keystore.list(keystore, passphrase, alias=None, return_cert=False)¶ Lists certificates in a keytool managed keystore.
- Parameters
keystore -- The path to the keystore file to query
passphrase -- The passphrase to use to decode the keystore
alias -- (Optional) If found, displays details on only this key
return_certs -- (Optional) Also return certificate PEM.
Warning
There are security implications for using return_cert to return decrypted certificates.
CLI Example:
salt '*' keystore.list /usr/lib/jvm/java-8/jre/lib/security/cacerts changeit salt '*' keystore.list /usr/lib/jvm/java-8/jre/lib/security/cacerts changeit debian:verisign_-_g5.pem
-
salt.modules.keystore.remove(name, keystore, passphrase)¶ Removes a certificate from an existing keystore. Returns True if remove was successful, otherwise False
- Parameters
name -- alias for the certificate
keystore -- The path to the keystore file to query
passphrase -- The passphrase to use to decode the keystore
CLI Example:
salt '*' keystore.remove aliasname /tmp/test.store changeit
