Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-61421

Use the Java KeyStore API instead of home grown solution

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      Introduced long ago as a way to manage secrets, ConfidentialStore and ConfidentialKey largely duplicate the API provided by Java's KeyStore class. Jenkins should migrate toward using a proper keystore for storing secret keys, private keys, and certificates. This would allow for the use of a standardized file format (PKCS12), pluggable key store implementations (e.g., on macOS, there's a KeyStore provider that uses the macOS Keychain), and more secure management of keys (allows for third party tools to be used to easily rotate keys and other manipulations).

      Implementing this would go well with JENKINS-61406, though the features can be implemented separately.

        Attachments

          Issue Links

            Activity

            There are no comments yet on this issue.

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              jvz Matt Sicker
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated: