Link Search Menu Expand Document Documentation Menu

Lucenia keystore

lucenia-keystore is a utility script used to manage an Lucenia keystore. A Lucenia keystore provides a secure method of storing sensitive information, such as passwords and keys, used in a Lucenia cluster. The script allows you to securely create, list, add, and remove settings. It is included in the Lucenia distribution.

This keystore is separate from the keystore and truststore used to store TLS certificates in JKS or PKCS12/PFX format in order to secure the transport and HTTP layers. For information about those keystores, refer to Keystore and truststore files.

Usage

In order to use the lucenia-keystore script, you must have access to the file system containing the Lucenia installation and the ability to execute Lucenia scripts.

To use lucenia-keystore, open a terminal and use the following command syntax:

lucenia-keystore [command] [options]

Commands

The lucenia-keystore script supports the following the commands:

  • create: Initializes a new keystore. If a keystore already exists, this command will overwrite the existing keystore.
  • list: Lists all settings in the keystore.
  • add <setting-name>: Adds a new setting to the current keystore. When a new setting is added, the script prompts you for the value of that setting. After adding the setting and value, both are securely stored in the keystore.
  • add-file <file-name>: Adds a new file to the keystore.
  • remove <setting-name>: Removes an existing setting from the keystore.
  • upgrade <setting-name>: Upgrades an existing setting in the keystore.
  • passwd: Sets a password for the keystore.
  • has-passwd: Prints whether the keystore is password protected.
  • help: Displays help information about all lucenia-keystore commands.

Options

You can append each command with the following options:

  • -h, --help: Displays help information about the script and its options.
  • -s, --silent: Provides minimal output when the script responds to a command.
  • -v, --verbose: Provides a verbose output for debugging purposes.

Examples

The following examples provide the basic syntax for common lucenia-keystore commands:

Creating a new keystore

The following command creates a new keystore:

./bin/lucenia-keystore create

If a keystore already exists, the script will ask whether you would like to overwrite the existing keystore.

The script responds with a confirmation that the keystore was created:

Created lucenia keystore in $LUCENIA_HOME/config/lucenia.keystore

Setting a keystore password

The following command sets a new keystore password:

./bin/lucenia-keystore passwd

If a keystore password already exists, the script will ask for the current keystore password before you can reset the password.

Response

The script responds with a confirmation that the keystore password was set successfully:

Lucenia keystore password changed successfully.

When starting Lucenia you will be prompted to enter the keystore password. Alternatively, you can set the environment variable KEYSTORE_PASSWORD to avoid being prompted for password on startup.

Listing settings in the keystore

The following commands list all setting currently in the keystore:

./bin/lucenia-keystore list

The script responds with a list of settings in the keystore:

keystore.seed
plugins.security.ssl.http.pemkey_password_secure

Adding a new setting

The following command adds a new keystore setting:

./bin/lucenia-keystore add plugins.security.ssl.http.pemkey_password_secure

After this command, you will be prompted to enter the secret key securely.

Removing a setting

The following command removes a keystore setting:

./bin/lucenia-keystore remove plugins.security.ssl.http.pemkey_password_secure

No response exists for this command. To confirm that the setting was deleted, use lucenia-keystore list.

For a complete list of secure settings that can be configured using lucenia-keystore, refer to (Advanced) Using encrypted password settings for SSL.

Keystore entries as Lucenia settings

After a setting has been added to a keystore, it is implicitly added to the Lucenia configuration as if it were another entry in lucenia.yml. To modify a keystore entry use ./bin/lucenia-keystore upgrade <setting>. To remove an entry, use ./bin/lucenia-keystore remove <setting>.