[JIRA] (JENKINS-61421) Use the Java KeyStore API instead of home grown solution

[msicker@cloudbees.com (JIRA)]

Matt Sicker created an issue

Jenkins / JENKINS-61421 Use the Java KeyStore API instead of home grown solution Issue Type: Improvement Assignee: Unassigned Components: core Created: 2020-03-10 18:17 Priority: Minor Reporter: Matt Sicker Introduced long ago as a way to manage secrets, ConfidentialStore and ConfidentialKey largely duplicate the API provided by Java's KeyStore class. Jenkins should migrate toward using a proper keystore for storing secret keys, private keys, and certificates. This would allow for the use of a standardized file format (PKCS12), pluggable key store implementations (e.g., on macOS, there's a KeyStore provider that uses the macOS Keychain), and more secure management of keys (allows for third party tools to be used to easily rotate keys and other manipulations). Implementing this would go well with JENKINS-61406, though the features can be implemented separately. Add Comment

This message was sent by Atlassian Jira (v7.13.12#713012-sha1:6e07c38)

[dbeck@cloudbees.com (JIRA)]

Daniel Beck updated an issue

Jenkins / JENKINS-61421 Use the Java KeyStore API instead of home grown solution

Change By: Daniel Beck Labels: security

Add Comment