Chapter 3. Reference

providers

The list of providers to aggregate. Elytron uses the first suitable provider found on the list.

create

Specifies whether the credential store should create storage when it does not exist. The default values is false.

credential-reference

The reference to the credential used to create protection parameter. This can be in clear text or as a reference to a credential stored in a credential-store.

implementation-properties

Map of credentials store implementation-specific properties.

modifiable

Whether you can modify the credential store. The default value is true.

other-providers

The name of the providers to obtain the providers to search for the one that can create the required Jakarta Connectors objects within the credential store. This is valid only for keystore-based credential store. If this is not specified, then the global list of providers is used instead.

path

The file name of the credential store.

provider-name

The name of the provider to use to instantiate the CredentialStoreSpi. If the provider is not specified, then the first provider found that can create an instance of the specified type will be used.

providers

The name of the providers to obtain the providers to search for the one that can create the required credential store type. If this is not specified, then the global list of providers is used instead.

relative-to

The base path this credential store path is relative to.

type

Type of the credential store, for example, KeyStoreCredentialStore.

cryptoAlg

Cryptographic algorithm name to be used to encrypt decrypt entries at external storage. This attribute is only valid if external is enabled. Defaults to AES.

external

Whether data is stored to external storage and encrypted by the keyAlias. Defaults to false.

externalPath

Specifies path to external storage. This attribute is only valid if external is enabled.

keyAlias

The secret key alias within the credential store that is used to encrypt or decrypt data to the external storage.

keyStoreType

The keystore type, such as PKCS11. Defaults to KeyStore.getDefaultType().

default-resolver

Optional attribute. The resolver to use when an encrypted expression is defined without one. For example if you set "exampleResolver" as the default-resolver and you create an encrypted expression with the command /subsystem=elytron/expression=encryption:create-expression(clear-text=TestPassword), Elytron uses "exampleResolver" as the resolver for this encrypted expression.

prefix

The prefix to use within an encrypted expression. Default is ENC. This attribute is provided for those cases where ENC might already be defined. You shouldn’t change this value unless it conflicts with an already defined ENC prefix.

resolvers

A list of defined resolvers. A resolver has the following attributes:

create

Set the value to false if you do not want Elytron to create one if it doesn’t already exist. Defaults to true.

default-alias

The alias name for a key generated by default. The default value is key.

key-size

The size of a generated key. The default size is 256 bits. You can set the value to one of the following:

path

The path to the credential store.

populate

If a credential store does not contain a default-alias, this attribute indicates whether Elytron should create one. The default is true.

relative-to

A reference to a previously defined path that the attribute path is relative to.