salt.states.keystore

State management of a java keystore

salt.states.keystore.managed(name, passphrase, entries, force_remove=False)

Create or manage a java keystore.

name

The path to the keystore file

passphrase

The password to the keystore

entries

A list containing an alias, certificate, and optional private_key. The certificate and private_key can be a file or a string

- entries:
  - alias: hostname2
    certificate: /path/to/cert.crt
    private_key: /path/to/key.key
  - alias: stringhost
    certificate: |
      -----BEGIN CERTIFICATE-----
      MIICEjCCAXsCAg36MA0GCSqGSIb3DQEBBQUAMIGbMQswCQYDVQQGEwJKUDEOMAwG
      ...
      2VguKv4SWjRFoRkIfIlHX0qVviMhSlNy2ioFLy7JcPZb+v3ftDGywUqcBiVDoea0
      -----END CERTIFICATE-----
force_remove

If True will cause the state to remove any entries found in the keystore which are not defined in the state. The default is False.

Example

define_keystore:
  keystore.managed:
    - name: /path/to/keystore
    - passphrase: changeit
    - force_remove: True
    - entries:
      - alias: hostname1
        certificate: /path/to/cert.crt
      - alias: remotehost
        certificate: /path/to/cert2.crt
        private_key: /path/to/key2.key
      - alias: pillarhost
        certificate: {{ salt.pillar.get('path:to:cert') }}