September 13, 2019 at 7:06 pm #26505
I have a quick question about our JCEKS keystore that we get when we install AM
This keystore comes with store-password and key-password stored in 2 different plain text-files.
What is the interpretation of “.keypass” file ?
If I create a few new secrets or RSA key-pairs in this keystore through keytool, do I have to always give the SAME key-password for every such new key ?
Basically is it necessary that all the keys have same password and that SINGLE password has to be in the .keypass file ?
Thanks.September 26, 2019 at 4:38 pm #26572Rick521Participant
I don’t think you need to have same keypass for all keys and you can have different keypass for different keys and save it to the .keypass file.
Even if you want to have the same keypass for all keys it’s upto you.
RickSeptember 27, 2019 at 4:00 pm #26579
Yes, what you said is very logical.
The only question is, if I have different key-passwords for different keys, what would be the format of the .keypass file ?
When AM wants to use any private-key OR any secret like config-store-password, it will look into this .keypass file to first get the password of that private-key or secret.
Right now, the default .keypass file that we get by installing AM has only one word in it i.e., changeit which is the password of all the keys.
Thanks.September 28, 2019 at 4:00 pm #26581Peter MajorModerator
Some features in AM allow you to set different key passwords than what you have in the .keypass file. My understanding is that PKCS12 keystore format works best when the key password is the same as the keystore password.September 30, 2019 at 4:10 pm #26585
I believe keystore-password is in totally separate file and that part is very neat and clear.
My concern is how to store multiple keys and their passwords in the .keypass file.
Would the format be like
For eg., if I want to have different password for config-store-password key and the RSA-key used for signing the OAuth tokens., how do I put these two keys’ password in the .keypass file ?
Thanks.September 30, 2019 at 4:41 pm #26586Peter MajorModerator
The .keypass file can only contain one password.
If a feature in AM supports a key specific key password, then that feature would have an extra setting where that key password can be provided. If you don’t see such field for the service you are configuring, then assume that it will use the default password from the .keypass file.October 1, 2019 at 3:15 pm #26600
Got it and fully clarified.
Thanks Peter !!!
You must be logged in to reply to this topic.