Keystore type
Use the Keystore
type to create configurations that
reference a keystore, which the integration runtime can use for
encrypting or decrypting.
Summary of key details for the configuration type
File name or type | Contains secrets | Path extracted/imported to | Maximum allowed per integration runtime |
---|---|---|---|
JKS, RDB, STH, KDB, PKCS12 | Yes | /home/aceuser/keystores/configurationName | Multiple |
About the Keystore file
The Keystore
type requires a keystore or key repository for use by the integration runtime, and must be a password-protected truststore in a
JKS, PKCS12, or RDB format. The keystore is placed as it
is in the directory /home/aceuser/keystores with the same name as its
configuration object's name. For example, if you called the configuration
my-keystore.jks, the keystore is copied to
/home/aceuser/keystores/my-keystore.jks. This path can then be referenced from
the server.conf.yaml file wherever a keystore can be referenced, or from other
configuration files like odbc.ini.
For IBM® MQ key repositories, several files are needed for a key repository: an RDB, a KDB, and an STH file. Create these files as separate keystore configurations and apply each of them to the integration runtime. For example, create my-mqcerts.kdb, my-mqcerts.rdb, and my-mqcerts.slt, and then reference these files from the server.conf.yaml file by using /home/aceuser/keystores/my-mqcerts.
Creating a configuration for the Keystore type by using the configuration panel
You can create a Keystore
-type configuration while creating an integration runtime, or independently, as follows:
- Open the Configuration page by clicking the
Configuration icon
in the navigation pane, or go to the Configuration view of an integration runtime that you are creating. Then, click Create configuration. For more information, see Managing configuration objects from the Configuration tab.
- From the
Create configuration
panel, select Keystore from the Type list. - In the Name field, specify a name for this
configuration.Note: This name is used as the file name of the configuration that needs to be applied to the BAR file. Therefore, you must provide a name that is suffixed with a supported file extension; for example, name.jks. If a file extension is not included as part of the configuration name, the integration runtime doesn't recognize this configuration and error messages are generated during the deployment.
- In the Description field, specify text that will help you identify the
integration runtime that will use this keystore, or identify the
type of keystore.
- To import the keystore file, click within the boxed area to select the file from a file browser,
or drag-and-drop the file. The name of the imported file is displayed.
- Click Create. The configuration is added to the configurations table and can be selected for use with an integration runtime.
Updating or deleting a configuration
If you need to update the content or settings in a configuration, or delete a configuration that's no longer needed, see Managing configuration objects from the Configuration tab.