Storage format, location and key
The application secrets are stored in a Java™ JCEKS keystore.
The following files are relevant, which are in the /crypt/keyvault directory by default.
File | Purpose |
keyvault |
The Java JCEKS keystore that contains all application secrets. Each entry represents a single secret, and is encrypted with the KeyVault password. |
.keyvaultpassword |
Holds the randomly generated KeyVault password. The permissions are set to minimize who on the system has access to the file. |
.keyvaultpassword.gpg |
Optional encrypted KeyVault password. If this file exists, the system requires that the user
decrypt it when the system starts, and in other cases where it is needed (such as
The system uses the |
keys.properties |
Configuration file for the KeyVault, if you are using a keystore other than the default KeyVault. It is empty by default. For more information, see Configuration Options. |