Stash File

Stash file stores the password of the keystore and the password of the key itself. Learn to work with a stash file through the information provided here.

The stash file contains the Server keystore password values encrypted with AES128 with a fixed key. The Server stash file is named "idisrv.sth" (the name is not configurable) and it is loaded by the Server from the Solution Folder. A command line utility for creating a stash file is available in the IBM® Security Directory Integrator bin folder: createstash.bat or createstash.sh:

createstash <keyStorePassword> [<keyPassword>] [<securityProviderClass>]]

where keyStorePassword is the password of the keystore file specified by the api.keystore system property and <keyPassword> is the password of the Server's private key specified by the api.key.alias system property.

keyPassword is an optional parameter if no <securityProviderClass> parameter is specified. If <keyPassword> is not specified it is assumed that the Server's private key password is the same as the keystore's password. To use the utility with the <securityProviderClass> parameter, you must specify both previous parameters: keyStorePassword and keyPassword. If a security provider is specified then this provider is used for the cryptography.

The utility creates a stash file named "idisrv.sth" with the specified password(s) in the current directory.

Attention: IBM Security Directory Integrator comes bundled with a sample stash file, with a password of "server". For improved security, we strongly advise you to generate your own stash file using the aforementioned utility. Also, the stash file must be kept inaccessible, except for the actual IBM Security Directory Integrator Server that needs it.