salt.modules.keystore¶

Module to interact with keystores

salt.modules.keystore.add(name, keystore, passphrase, certificate, private_key=None)¶

Adds certificates to an existing keystore or creates a new one if necesssary.

Parameters:	name -- alias for the certificate keystore -- The path to the keystore file to query passphrase -- The passphrase to use to decode the keystore certificate -- The PEM public certificate to add to keystore. Can be a string for file. private_key -- (Optional for TrustedCert) The PEM private key to add to the keystore

CLI Example:

salt '*' keystore.add aliasname /tmp/test.store changeit /tmp/testcert.crt
salt '*' keystore.add aliasname /tmp/test.store changeit certificate="-----BEGIN CERTIFICATE-----SIb...BM=-----END CERTIFICATE-----"
salt '*' keystore.add keyname /tmp/test.store changeit /tmp/512.cert private_key=/tmp/512.key

salt.modules.keystore.list(keystore, passphrase, alias=None, return_cert=False)¶

Lists certificates in a keytool managed keystore.

Parameters:	keystore -- The path to the keystore file to query passphrase -- The passphrase to use to decode the keystore alias -- (Optional) If found, displays details on only this key return_certs -- (Optional) Also return certificate PEM.

Warning

There are security implications for using return_cert to return decrypted certificates.

CLI Example:

salt '*' keystore.list /usr/lib/jvm/java-8/jre/lib/security/cacerts changeit
salt '*' keystore.list /usr/lib/jvm/java-8/jre/lib/security/cacerts changeit debian:verisign_-_g5.pem

salt.modules.keystore.remove(name, keystore, passphrase)¶

Removes a certificate from an existing keystore. Returns True if remove was successful, otherwise False

Parameters:	name -- alias for the certificate keystore -- The path to the keystore file to query passphrase -- The passphrase to use to decode the keystore

CLI Example:

salt '*' keystore.remove aliasname /tmp/test.store changeit