salt.states.keystore

State management of a java keystore

salt.states.keystore.managed(name, passphrase, entries, force_remove=False)

Create or manage a java keystore.

Parameters:
  • name -- The path to the keystore file

  • passphrase -- The password to the keystore

  • entries --

    A list containing an alias, certificate, and optional private_key. The certificate and private_key can be a file or a string

    - entries:
      - alias: hostname2
        certificate: /path/to/cert.crt
        private_key: /path/to/key.key
      - alias: stringhost
        certificate: |
          -----BEGIN CERTIFICATE-----
          MIICEjCCAXsCAg36MA0GCSqGSIb3DQEBBQUAMIGbMQswCQYDVQQGEwJKUDEOMAwG
          2VguKv4SWjRFoRkIfIlHX0qVviMhSlNy2ioFLy7JcPZb+v3ftDGywUqcBiVDoea0
          -----END CERTIFICATE-----
    

  • force_remove --

    If True will cause the state to remove any entries found in the keystore which are not defined in the state. The default is False. Example:

    define_keystore:
      keystore.managed:
        - name: /path/to/keystore
        - passphrase: changeit
        - force_remove: True
        - entries:
          - alias: hostname1
            certificate: /path/to/cert.crt
          - alias: remotehost
            certificate: /path/to/cert2.crt
            private_key: /path/to/key2.key
          - alias: pillarhost
            certificate: {{ salt.pillar.get('path:to:cert') }}