<html><body><div style="font-family: arial, helvetica, sans-serif; font-size: 12pt; color: #000000"><div><style>/*<![CDATA[*/p.MsoNormal, li.MsoNormal, div.MsoNormal {
        margin: 0.0in;
        font-size: 11.0pt;
        font-family: Calibri , sans-serif;
}
a:link, span.MsoHyperlink {
        color: rgb(5,99,193);
        text-decoration: underline;
}
span.EmailStyle19 {
        font-family: Calibri , sans-serif;
        color: windowtext;
}
*.MsoChpDefault {
}
div.WordSection1 {
        page: WordSection1;
}
/*]]>*/</style></div><div>Hi<br></div><div><br data-mce-bogus="1"></div><div>Yes, there are JVM args possible for this and they follow the same style as those you mentioned. There is a system for it, e.g.:<br data-mce-bogus="1"></div><div>-D<strong>midpoint.keystore.keyStorePassword</strong>=changeit<br data-mce-bogus="1"></div><div><br data-mce-bogus="1"></div><div>This changes value for the element <!--StartFragment--><strong>keyStorePassword</strong> <!--EndFragment--> under <!--StartFragment--><strong>keystore</strong><!--EndFragment--> under  <!--StartFragment--><strong>midpoint</strong> element. So you simply create the property following the path in XML elements, sans the top level <strong>config</strong>.<br data-mce-bogus="1"></div><div>This system works for most of this <strong>config.xml</strong> file except for cases where the path is not unique, e.g. I'd not recommend to override <strong>audit/auditService</strong> sections this way for obvious reasons.<br data-mce-bogus="1"></div><div><br data-mce-bogus="1"></div><div>Regards<br data-mce-bogus="1"></div><div><br data-mce-bogus="1"></div><div>Richard Richter<br data-mce-bogus="1"></div><div>midPoint developer<br data-mce-bogus="1"></div><div><br></div><hr id="zwchr" data-marker="__DIVIDER__"><div data-marker="__HEADERS__"><b>From: </b>"midPoint General Discussion" <midpoint@lists.evolveum.com><br><b>To: </b>"midPoint General Discussion" <midpoint@lists.evolveum.com><br><b>Cc: </b>"Haywood, Jeremiah" <jhaywo1@ilstu.edu><br><b>Sent: </b>Friday, May 28, 2021 8:36:48 PM<br><b>Subject: </b>[midPoint] midPoint Keystore Encryption Key Alias and XML Cipher Configuration<br></div><div><br></div><div data-marker="__QUOTED_TEXT__"><div class="WordSection1"><p class="MsoNormal">Does anyone know if there is a jvm argument that allows the encryption key alias and xml cipher to be set? I  haven't been able to find anything referencing it in the <a href="https://docs.evolveum.com/midpoint/install/docker/dockerized-midpoint/" target="_blank" rel="nofollow noopener noreferrer">container docs</a>. It is configurable in the config.xml under midpoint home but trying to pass all config options in the jvm arguments if possible.</p><p class="MsoNormal"> </p><p class="MsoNormal">config.xml snippet:</p><p class="MsoNormal" style="margin-right:0in;margin-bottom:3pt;margin-left:0in"><span style="font-size:9pt;font-family:'courier new';color:black"><keystore><br>    <keyStorePath>${midpoint.home}/keystore.jceks</keyStorePath><br>    <keyStorePassword>keystorepass</keyStorePassword><br>    <encryptionKeyAlias>alias</encryptionKeyAlias><br>    <xmlCipher>cipher</xmlCipher><br></keystore></span></p><p class="MsoNormal"> </p><p class="MsoNormal">Current jvm command parameters used in startup script:</p><p class="MsoNormal"> </p><p class="MsoNormal">-Dfile.encoding</p><p class="MsoNormal">-Dmidpoint.home</p><p class="MsoNormal">-Dloader.path</p><p class="MsoNormal">-Dmidpoint.repository.database</p><p class="MsoNormal">-Dmidpoint.repository.jdbcUsername</p><p class="MsoNormal">-Dmidpoint.repository.jdbcPassword_FILE</p><p class="MsoNormal">-Dmidpoint.repository.jdbcUrl</p><p class="MsoNormal">-Dmidpoint.repository.hibernateHbm2ddl</p><p class="MsoNormal">-Dmidpoint.repository.missingSchemaAction</p><p class="MsoNormal">-Dmidpoint.repository.schemaVersionIfMissing</p><p class="MsoNormal">-Dmidpoint.repository.schemaVariant</p><p class="MsoNormal">-Dmidpoint.repository.initializationFailTimeout</p><p class="MsoNormal">-Dmidpoint.keystore.keyStorePassword_FILE</p><p class="MsoNormal">-Dspring.profiles.active</p><p class="MsoNormal">-Dauth.logout.url</p><p class="MsoNormal">-Dauth.sso.header</p><p class="MsoNormal">-Dserver.tomcat.ajp.enabled</p><p class="MsoNormal">-Dserver.tomcat.ajp.port</p><p class="MsoNormal">-Dlogging.path</p><p class="MsoNormal"> </p><p class="MsoNormal"> </p><p class="MsoNormal">Thank you,</p><p class="MsoNormal"> </p><p class="MsoNormal">Jeremiah Haywood</p><p class="MsoNormal">Identity and Access Management Administrator </p><p class="MsoNormal">Office of Technology Solutions | Illinois State University</p><p class="MsoNormal">Phone Number (309) 438-3829</p><p class="MsoNormal"> </p></div><br>_______________________________________________<br>midPoint mailing list<br>midPoint@lists.evolveum.com<br>https://lists.evolveum.com/mailman/listinfo/midpoint<br></div></div></body></html>