Keystore type

Use the Keystore type to create configurations that reference a keystore, which the integration runtime can use for encrypting or decrypting.


Summary of key details for the configuration type

File name or type Contains secrets Path extracted/imported to Maximum allowed per integration runtime
JKS, RDB, STH, KDB, PKCS12 Yes /home/aceuser/keystores/configurationName Multiple

About the Keystore file

The Keystore type requires a keystore or key repository for use by the integration runtime, and must be a password-protected truststore in a JKS, PKCS12, or RDB format. The keystore is placed as it is in the directory /home/aceuser/keystores with the same name as its configuration object's name. For example, if you called the configuration my-keystore.jks, the keystore is copied to /home/aceuser/keystores/my-keystore.jks. This path can then be referenced from the server.conf.yaml file wherever a keystore can be referenced, or from other configuration files like odbc.ini.

For IBM® MQ key repositories, several files are needed for a key repository: an RDB, a KDB, and an STH file. Create these files as separate keystore configurations and apply each of them to the integration runtime. For example, create my-mqcerts.kdb, my-mqcerts.rdb, and my-mqcerts.slt, and then reference these files from the server.conf.yaml file by using /home/aceuser/keystores/my-mqcerts.

Note: The password is not set on this configuration object, so instead use mqsisetdbparms to define security identities that contain the necessary password. These identities can be used to supply the password to use in configuration files like server.conf.yaml.

Creating a configuration for the Keystore type by using the configuration panel

You can create a Keystore-type configuration while creating an integration runtime, or independently, as follows:

  1. Open the Configuration page by clicking the Configuration icon Configuration icon in the navigation pane, or go to the Configuration view of an integration runtime that you are creating. Then, click Create configuration. For more information, see Managing configuration objects from the Configuration tab.
  2. From the Create configuration panel, select Keystore from the Type list.
  3. In the Name field, specify a name for this configuration.
    Note: This name is used as the file name of the configuration that needs to be applied to the BAR file. Therefore, you must provide a name that is suffixed with a supported file extension; for example, name.jks. If a file extension is not included as part of the configuration name, the integration runtime doesn't recognize this configuration and error messages are generated during the deployment.
  4. In the Description field, specify text that will help you identify the integration runtime that will use this keystore, or identify the type of keystore.
    Create configuration panel
  5. To import the keystore file, click within the boxed area to select the file from a file browser, or drag-and-drop the file. The name of the imported file is displayed.
    Imported keystore file
  6. Click Create. The configuration is added to the configurations table and can be selected for use with an integration runtime.

Updating or deleting a configuration

If you need to update the content or settings in a configuration, or delete a configuration that's no longer needed, see Managing configuration objects from the Configuration tab.