PKCS12ToTemporaryKeystoreValve
This valve is useful if you have a PKCS#12 that you need to temporarily add to the system's keystore, for example in order to use a temporarly generated certificate in order to sign a PDF.
Note
Please note, the PKCS#12 is added temporarily to the keystore of the current server, and will not be known to other servers in a cluster. However, it's usually used from within a single pipe, and all valves in a pipe will be executed on the same node.
Remarks
Per item
This will execute once per item - you must have at least one item inte the flow before executing this valve. You can create an item if needed, for example with the ItemCreateValve or ItemCreateFromRequestValve (place the valve that creates the item before this valve in the pipe).
Secrets
This valve utilizes secrets to avoid accidentally leaking secrets into, for example, logs or similar by accident.
Properties
| Name | Description | Default value | Mandatory | Supports property expansion |
|---|---|---|---|---|
| pkcs12 | The PKCS#12, as base64. | Yes | Yes | |
| pkcs12PasswordSecretId | Id of the secret where the password for the PKCS#12 resides. | Yes | ||
| keystoreAliasPropertyName | Name of the property in each item where the temporary keystore alias will be stored. | Yes |
Example configuration
{
"name": "PKCS12ToTemporaryKeystoreValve",
"enabled": "true",
"config": {
"pkcs12": "{{item.pkcs12}}",
"pkcs12PasswordSecretId": "{{item.passwordSecretId}}",
"keystoreAliasPropertyName": "temporaryAlias"
}
}
In the example above, the assumption is that we have an item with the properties:
pkcs12 - A PKCS#12, base64-encoded
passwordSecretId - id of a secret where the password for the provided PKCS#12 can be found
After executing this, the item will then get this new propery:
- temporaryAlias - the temporary alias (randomly generated) of the newly create, and temporary, keystore
Requirements
- If the PKCS#12 keystore has been encrypted, the password must be provided in a secret to the valve