Storage format, location and key

The application secrets are stored in a Java™ JCEKS keystore.

The following files are relevant, which are in the /crypt/keyvault directory by default.

File Purpose
keyvault The Java JCEKS keystore that contains all application secrets. Each entry represents a single secret, and is encrypted with the KeyVault password.
.keyvaultpassword Holds the randomly generated KeyVault password. The permissions are set to minimize who on the system has access to the file.
.keyvaultpassword.gpg

Optional encrypted KeyVault password. If this file exists, the system requires that the user decrypt it when the system starts, and in other cases where it is needed (such as resutil command or system upgrades). If present, the .keyvaultpassword file is not used and can be removed from the system. The SOAR Platform allows only the .keyvaultpassword.gpg or .keyvaultpassword file.

The system uses the gpg command to decrypt this file. For more information, see Encrypting the KeyVault Password.

keys.properties Configuration file for the KeyVault, if you are using a keystore other than the default KeyVault. It is empty by default. For more information, see Configuration Options.