[midPoint] midPoint Keystore Encryption Key Alias and XML Cipher Configuration

Richard Richter virgo at evolveum.com
Fri May 28 22:20:38 CEST 2021 

Hi 

Yes, there are JVM args possible for this and they follow the same style as those you mentioned. There is a system for it, e.g.: 
-D midpoint.keystore.keyStorePassword =changeit 

This changes value for the element keyStorePassword under keystore under midpoint element. So you simply create the property following the path in XML elements, sans the top level config . 
This system works for most of this config.xml file except for cases where the path is not unique, e.g. I'd not recommend to override audit/auditService sections this way for obvious reasons. 

Regards 

Richard Richter 
midPoint developer 


From: "midPoint General Discussion" <midpoint at lists.evolveum.com> 
To: "midPoint General Discussion" <midpoint at lists.evolveum.com> 
Cc: "Haywood, Jeremiah" <jhaywo1 at ilstu.edu> 
Sent: Friday, May 28, 2021 8:36:48 PM 
Subject: [midPoint] midPoint Keystore Encryption Key Alias and XML Cipher Configuration 



Does anyone know if there is a jvm argument that allows the encryption key alias and xml cipher to be set? I haven't been able to find anything referencing it in the [ https://docs.evolveum.com/midpoint/install/docker/dockerized-midpoint/ | container docs ] . It is configurable in the config.xml under midpoint home but trying to pass all config options in the jvm arguments if possible. 



config.xml snippet: 

<keystore> 
<keyStorePath>${midpoint.home}/keystore.jceks</keyStorePath> 
<keyStorePassword>keystorepass</keyStorePassword> 
<encryptionKeyAlias>alias</encryptionKeyAlias> 
<xmlCipher>cipher</xmlCipher> 
</keystore> 



Current jvm command parameters used in startup script: 



-Dfile.encoding 

-Dmidpoint.home 

-Dloader.path 

-Dmidpoint.repository.database 

-Dmidpoint.repository.jdbcUsername 

-Dmidpoint.repository.jdbcPassword_FILE 

-Dmidpoint.repository.jdbcUrl 

-Dmidpoint.repository.hibernateHbm2ddl 

-Dmidpoint.repository.missingSchemaAction 

-Dmidpoint.repository.schemaVersionIfMissing 

-Dmidpoint.repository.schemaVariant 

-Dmidpoint.repository.initializationFailTimeout 

-Dmidpoint.keystore.keyStorePassword_FILE 

-Dspring.profiles.active 

-Dauth.logout.url 

-Dauth.sso.header 

-Dserver.tomcat.ajp.enabled 

-Dserver.tomcat.ajp.port 

-Dlogging.path 





Thank you, 



Jeremiah Haywood 

Identity and Access Management Administrator 

Office of Technology Solutions | Illinois State University 

Phone Number (309) 438-3829 



_______________________________________________ 
midPoint mailing list 
midPoint at lists.evolveum.com 
https://lists.evolveum.com/mailman/listinfo/midpoint 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20210528/51ad4264/attachment-0001.htm>

More information about the midPoint mailing list