-
Notifications
You must be signed in to change notification settings - Fork 4
Example: Using a custom certificate with Lowkey Vault
Although Lowkey Vault ships with a certificate that supports multiple wildcard domains, it is not ideal in certain situations, such as:
- When you cannot turn off certificate verification even in case of your tests
- When you don't want to rely on self-signed certificates
- When you need to use a domain name that is not supported by the default certificate.
In these cases, you can supply your own certificate in a PKCS12 or JKS format keystore and configure Lowkey Vault to use your certificate for HTTPS communication. This can be done with the following properties:
server.ssl.key-store-type=JKS
server.ssl.key-store=/path/to/your/cert.jks
server.ssl.key-store-password=jks-password
Please see this document for more information about Spring SSL configuration.
Depending on whether you are using Jar or Docker, you can override these using slightly different ways. Please see the following sections for details.
This is the more simple way. In this case, you just need to pass the properties as arguments when you are starting the application. Please notice, that in this case, a -- prefix is added to each argument:
java -jar lowkey-vault-app-<version>.jar \
--server.ssl.key-store-type=JKS \
--server.ssl.key-store=/path/to/your/cert.jks \
--server.ssl.key-store-password=jks-passwordWhen using the Docker image, we can benefit from the fact that there is a mount point prepared for "importing" data. By simple attaching a volume to our container, then referencing the certificate using the container specific path, we can use the same three arguments to point to the certificate we want to use.
There is a difference though as we must pass every argument we want inside the LOWKEY_ARGS environment variable. There are two example projects prepared which are each attaching the folder where the certificate store is as a volume, then using it as a custom certificate. You can find these using the following links: