Keystore tools
9.3.3. Using standard keystore tools

By default, Airlock IAM uses JCEKS key stores. Standard tools can be used to manage secrets in such key stores.

Example listing key store entries using standard keytool:

keytool -keystore sensitive-values.jceks -storetype JCEKS -list

We do not recommend writing values to a key store using external tools, due to the following reasons:

  • If IAM updates e.g. the encoding of secrets, then the manual management would have to be adapted as well.
  • If IAM at some point switches to a different key store type or employs better encryption algorithms, manual management may not benefit from these improvements.