Skip to main content

Step 2: Create the Java Keystore for the Vault

The password vault managed by Tomcat Vault requires a Java keystore in which to store encrypted passwords. Use the following procedure to create this keystore.

Creating the Java keystore is a one-time process when configuring the password vault.

To create Java keystore for the password vault, follow this procedure:

  1. Create a folder called tomcat-vault directly under the /tomcat folder in your Code Insight installation folder. This folder will be used to store the keystore and other vault files.
  2. Run the following command to create the keystore:

    • keytool -genseckey -keystore<CODE_INSIGHT_INSTALL_DIR>/tomcat/tomcat-vault/<KEYSTORE_NAME> -alias<alias>-storetype jceks -keyalg AES -keysize 256 -storepass<password> -keypass<password>-validity<days>

    • The following is a command using example values:

    • keytool -genseckey -keystoreD:\CodeInsight\tomcat\tomcat-vault\vault.keystore-aliasmy_vault
      -storetype jceks -keyalg AES -keysize 256 -storepasspassword123-keypasspassword123-validity730

    • Refer to the following table for a description of the parameters used in the keytool command used to create a keystore for the password vault. Unless specified otherwise in the table, you can use any value for a given parameter.

      ParameterDescription
      keystoreThe absolute path and name of the keystore: <CODE_INSIGHT_INSTALL_DIR>/tomcat/tomcat vault/<KEYSTORE_NAME> where <CODE\INSIGHT\INSTALL\DIR> is the directory in which Code Insight is installed. <KEYSTORE_NAME> is the name you give to the keystore. The example command below uses vault keystore as the name, but you can provide any name.
      alias <alias>The alias used to identify the keystore. You can specify any alias name.
      storetypeThe keystore type. The value must be jceks .
      keyalgThe name of the algorithm used for key encryption. The value must be AES .
      keysizeThe bit size used for key encryption. The value must be 256 .
      storepass <password>The password used to access the keystore. While you can specify any password, you must use the same password for the keypass parameter.
      keypass <password>The password used to access the generated key pair. Use the same password that you specified for the storepass parameter.
      validityThe number of days before the keystore will expire. The default is 90 days (as per Oracle JRE), but you change this value as needed. The command example below uses 730 .