{"id":15022586,"url":"https://github.com/puppetlabs/puppetlabs-java_ks","last_synced_at":"2025-05-15T08:06:04.061Z","repository":{"id":3111764,"uuid":"4138213","full_name":"puppetlabs/puppetlabs-java_ks","owner":"puppetlabs","description":" Uses a combination of keytool and openssl to manage entries in a Java keystore","archived":false,"fork":false,"pushed_at":"2025-03-17T15:25:22.000Z","size":846,"stargazers_count":34,"open_issues_count":6,"forks_count":98,"subscribers_count":164,"default_branch":"main","last_synced_at":"2025-04-07T03:11:19.092Z","etag":null,"topics":["hacktoberfest","module","supported"],"latest_commit_sha":null,"homepage":"","language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/puppetlabs.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2012-04-25T15:40:34.000Z","updated_at":"2025-03-17T15:25:47.000Z","dependencies_parsed_at":"2023-11-28T07:25:50.177Z","dependency_job_id":"6a3b6acd-8b6e-436d-bbe3-5fb366f828b2","html_url":"https://github.com/puppetlabs/puppetlabs-java_ks","commit_stats":{"total_commits":508,"total_committers":92,"mean_commits":5.521739130434782,"dds":0.8661417322834646,"last_synced_commit":"5dc91d72f772235c82e04231b80484efad56b8aa"},"previous_names":[],"tags_count":42,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/puppetlabs%2Fpuppetlabs-java_ks","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/puppetlabs%2Fpuppetlabs-java_ks/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/puppetlabs%2Fpuppetlabs-java_ks/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/puppetlabs%2Fpuppetlabs-java_ks/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/puppetlabs","download_url":"https://codeload.github.com/puppetlabs/puppetlabs-java_ks/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248870586,"owners_count":21175068,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["hacktoberfest","module","supported"],"created_at":"2024-09-24T19:58:08.932Z","updated_at":"2025-04-14T11:26:35.477Z","avatar_url":"https://github.com/puppetlabs.png","language":"Ruby","funding_links":[],"categories":[],"sub_categories":[],"readme":"# java_ks\n\n#### Table of Contents\n\n1. [Overview](#overview)\n2. [Module Description](#module-description)\n * [Beginning with the module](#beginning-with-the-module)\n3. [Setup](#setup)\n4. [Usage](#usage)\n * [Certificates](#certificates)\n * [Namevars](#namevars)\n * [Windows task](#windows-task)\n5. [Reference](#reference)\n6. [Limitations](#limitations)\n7. [License](#license)\n8. [Development](#development)\n\n## Overview\n\nThe java_ks module uses a combination of keytool and openssl to manage entries in a Java keystore.\n\n## Module Description\n\nThe java_ks module contains a type called `java_ks` and a single provider named `keytool`. Their purpose is to enable importation of arbitrary, already generated and signed certificates into a Java keystore for use by various applications.\n\n## Setup\n\n### Beginning with the module\n\nTo get started with java_ks, declare each `java_ks` resource you need.\n\n```puppet\njava_ks { 'puppetca:truststore':\n ensure =\u003e latest,\n certificate =\u003e '/etc/puppet/ssl/certs/ca.pem',\n target =\u003e '/etc/activemq/broker.ts',\n password =\u003e 'puppet',\n trustcacerts =\u003e true,\n}\n```\n\n\n## Usage\n\nYou must specify a target in some way. You can specify `target` after the colon in the title or by using the target attribute in the resource. If you declare both, it will prefer the attribute.\n\n```puppet\njava_ks { 'puppetca:keystore':\n ensure =\u003e latest,\n certificate =\u003e '/etc/puppet/ssl/certs/ca.pem',\n target =\u003e '/etc/activemq/broker.ks',\n password =\u003e 'puppet',\n trustcacerts =\u003e true,\n}\n\njava_ks { 'broker.example.com:/etc/activemq/broker.ks':\n ensure =\u003e latest,\n certificate =\u003e '/etc/puppet/ssl/certs/broker.example.com.pe-internal-broker.pem',\n private_key =\u003e '/etc/puppet/ssl/private_keys/broker.example.com.pe-internal-broker.pem',\n password =\u003e 'albatros',\n password_fail_reset =\u003e true,\n}\n```\n\nFor use cases where you want to fetch the certificate data from a secure store, like vault, you can use the `_content` attributes. Here is an example:\n\n```puppet\njava_ks { 'broker.example.com:/etc/activemq/broker.ks':\n ensure =\u003e latest,\n certificate_content =\u003e $certificate_data_fetched_from_secure_store,\n private_key_content =\u003e $private_key_data_fetched_from_secure_store,\n password =\u003e 'albatros',\n password_fail_reset =\u003e true,\n}\n```\n\n**NOTE:** Sensitive fields like `password`, `certificate_content` and `private_key_content` can be deferred using the [Deferred](https://www.puppet.com/docs/puppet/7/template_with_deferred_values.html) function. This will ensure sensitive values are not present in the Catalog.\n\nYou can see an example of its use below.\n\n~~~ puppet\njava_ks { 'broker.example.com:/etc/activemq/broker.ks':\n ensure =\u003e latest,\n certificate_content =\u003e Deferred('sprintf', [$certificate_data_fetched_from_secure_store],\n private_key_content =\u003e Deferred('sprintf', [$private_key_data_fetched_from_secure_store],\n password =\u003e Deferred('sprint', ['albatros']),\n password_fail_reset =\u003e true,\n}\n~~~\n\nWe recommend using the data type `Senstive` for the attributes `certificate_content` and `private_key_content`. But These attributes also support a regular `String` data type. The `_content` attributes are mutual exclusive with their file-based variants.\n\n\nYou can also use Hiera by passing params to the java_ks::config class:\n\n```yaml\njava_ks::config::params:\n 'broker.example.com:/etc/activemq/broker.ks':\n ensure: latest\n certificate: '/etc/puppet/ssl/certs/broker.example.com.pe-internal-broker.pem'\n private_key: '/etc/puppet/ssl/private_keys/broker.example.com.pe-internal-broker.pem'\n password: true\n```\n\n### Certificates\nTo have a Java application server use a specific certificate for incoming connections, use the certificate parameter. You will need to simultaneously import the private key accompanying the signed certificate you want to use. As long as you provide the path to the key and the certificate, the provider will do the conversion for you.\n\n\n### Namevars\n\nThe java_ks module supports multiple certificates with different keystores but the same alias by implementing Puppet's composite namevar functionality. Titles map to namevars via `$alias:$target` (alias of certificate, colon, on-disk path to the keystore). If you create dependencies on these resources you need to remember to use the same title syntax outlined for generating the composite namevars.\n\n*Note about composite namevars:*\nThe way composite namevars currently work, you must have the colon in the title. This is true *even if you define name and target parameters.* The title can be `foo:bar`, but the name and target parameters must be `broker.example.com` and `/etc/activemq/broker.ks`. If you follow convention, it will do as you expect and correctly create an entry in the\nbroker.ks keystore with the alias of broker.example.com.\n\n## Reference\n\nFor information on the classes and types, see the [REFERENCE.md](https://github.com/puppetlabs/puppetlabs-java_ks/blob/main/REFERENCE.md).\n\n## Limitations\n\nThe java_ks module uses the `keytool` and `openssl` commands. It should work on all systems with these commands.\n\nJava 7 is supported as of 1.0.0.\n\nDeveloped against IBM Java 6 on AIX. Other versions may be unsupported.\n\nFor an extensive list of supported operating systems, see [metadata.json](https://github.com/puppetlabs/puppetlabs-java_ks/blob/main/metadata.json)\n\n## License\n\nThis codebase is licensed under the Apache2.0 licensing, however due to the nature of the codebase the open source dependencies may also use a combination of [AGPL](https://opensource.org/license/agpl-v3/), [BSD-2](https://opensource.org/license/bsd-2-clause/), [BSD-3](https://opensource.org/license/bsd-3-clause/), [GPL2.0](https://opensource.org/license/gpl-2-0/), [LGPL](https://opensource.org/license/lgpl-3-0/), [MIT](https://opensource.org/license/mit/) and [MPL](https://opensource.org/license/mpl-2-0/) Licensing.\n\n## Development\n\nPuppet modules on the Puppet Forge are open projects, and community contributions are essential for keeping them great. We can’t access the huge number of platforms and myriad hardware, software, and deployment configurations that Puppet is intended to serve.\n\nWe want to keep it as easy as possible to contribute changes so that our modules work in your environment. There are a few guidelines that we need contributors to follow so that we can have a chance of keeping on top of things. For more information, see our [module contribution guide.](https://puppet.com/docs/puppet/latest/contributing.html)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpuppetlabs%2Fpuppetlabs-java_ks","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpuppetlabs%2Fpuppetlabs-java_ks","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpuppetlabs%2Fpuppetlabs-java_ks/lists"}