KeySetCommands

Use the Jython or Jacl scripting languages to configure security with the wsadmin tool. The commands in the KeySetCommands group can be used to create, delete, and query for key set settings in the configuration.

KeySetCommands include the following commands:

• createKeySet
• deleteKeySet
• generateKeyForKeySet
• getKeySet
• listKeySets
• modifyKeySet

createKeySet

The createKeySet command creates the key set settings in the configuration. Use this command to control key instances that have the same type.

Target object: None.

Required parameters:

-name

Name that uniquely identifies the key set. (String, required)

-aliasPrefix

Prefix for the key alias when a new key generates. (String, required)

-password

Password that protects the key in the keystore. (String, required)

-maxKeyReferences

Maximum number of key references from the returned keys in the key set of interest. (Integer, required)

-keyStoreName

Keystore containing the keys. (String, required)

Optional parameters:

-scopeName

Unique name of the management scope. (String, optional)

-deleteOldKeys

Set value to true to delete old keys when new keys are generated. Otherwise, set value to false. (Boolean, optional)

-keyGenerationClass

Class used to generate new keys in the key set. (String, optional)

-keyStoreScopeName

Management scope where the keystore is located. (String, optional)

-isKeyPair

Set value to true if the keys in the key set are key pairs. Otherwise, set the value of this parameter to false. (Boolean, optional)

Example output

The command returns the configuration object name of the key set object that we created.

Examples

Batch mode example usage:

• Jacl:
  $AdminTask createKeySet {-name testKeySet -aliasPrefix test -password pwd -maxKeyReferences 2 -deleteOldKeys true -keyStoreName testKeyStore -isKeyPair false}

• Jython string:
  AdminTask.createKeySet('[-name testKeySet -aliasPrefix test -password pwd -maxKeyReferences 2 -deleteOldKeys true -keyStoreName testKeyStore -isKeyPair false]')

• Jython list:
  AdminTask.createKeySet(['-name', 'testKeySet', '-aliasPrefix', 'test', '-password', 'pwd', '-maxKeyReferences', '2', '-deleteOldKeys', 'true', '-keyStoreName', 'testKeyStore', '-isKeyPair', 'false'])

Interactive mode example usage:

• Jacl:
  $AdminTask createKeySet {-interactive}

• Jython string:
  AdminTask.createKeySet ('[-interactive]')

• Jython list:
  AdminTask.createKeySet (['-interactive'])

deleteKeySet

The deleteKeySet command deletes the settings of a key set from the configuration.

Target object: None.

Required parameters:

-name

The name that uniquely identifies the key set. (String, required)

Optional parameters:

-scopeName

Unique name of the management scope. (String, optional)

Example output

The command does not return output.

Examples

Batch mode example usage:

• Jacl:
  $AdminTask deleteKeySet{ -name testKeySet}

• Jython string:
  AdminTask.deleteKeySet('[-name testKeySet]')

• Jython list:
  AdminTask.deleteKeySet(['-name', 'testKeySet'])

Interactive mode example usage:

• Jacl:
  $AdminTask deleteKeySet {-interactive}

• Jython string:
  AdminTask.deleteKeySet ('[-interactive]')

• Jython list:
  AdminTask.deleteKeySet (['-interactive'])

generateKeyForKeySet

The generateKeyForKeySet command generates keys for the keys in the key set.

Target object: None.

Required parameters:

-keySetName

Name of the key set. (String, required)

Optional parameters:

-keySetScope

Scope of the key set. (String, optional)

-keySetSaveConfig

Set value to true to save the configuration of the key set. Otherwise, set value to false. (Boolean, optional)

Example output

The command does not return output.

Examples

Batch mode example usage:

• Jacl:
  $AdminTask generateKeyForKeySet{ -keySetName testKeySet }

• Jython string:
  AdminTask.generateKeyForKeySet('[-keySetName testKeySet]')

• Jython list:
  AdminTask.generateKeyForKeySet(['-keySetName', 'testKeySet'])

Interactive mode example usage:

• Jacl:
  $AdminTask generateKeyForKeySet {-interactive}

• Jython string:
  AdminTask.generateKeyForKeySet ('[-interactive]')

• Jython list:
  AdminTask.generateKeyForKeySet (['-interactive'])

getKeySet

The getKeySet command displays the settings of a particular key set.

Target object: None.

Required parameters:

-name

Name that uniquely identifies the key set. (String, required)

Optional parameters:

-scopeName

Unique name of the management scope. (String, optional)

Example output

The command returns the settings of the specified key set group.

Examples

Batch mode example usage:

• Jacl:
  $AdminTask getKeySet {-name testKeySet}

• Jython string:
  AdminTask.getKeySet ('[-name testKeySet]')

• Jython list:
  AdminTask.getKeySet (['-name', 'testKeySet'])

Interactive mode example usage:

• Jacl:
  $AdminTask getKeySet {-interactive}

• Jython string:
  AdminTask.getKeySet ('[-interactive]')

• Jython list:
  AdminTask.getKeySet (['-interactive'])

listKeySets

The listKeySets command lists the key sets in a particular scope.

Target object: None.

Required parameters: None.

Optional parameters:

-scopeName

Unique name of the management scope. (String, optional)

-displayObjectName

Set value to true to list the key set configuration objects within the scope. Set value to false to list the strings that contain the key set group name and management scope. (Boolean, optional)

-all

Specify the value of this parameter as true to list all key sets. This parameter overrides the scopeName parameter. The default is false. (Boolean, optional)

Example output

The command returns the key sets for the scope specified.

Examples

Batch mode example usage:

• Jacl:
  $AdminTask listKeySets {-displayObjectName true}

• Jython string:
  AdminTask.listKeySets ('[-displayObjectName true]')

• Jython list:
  AdminTask.listKeySets (['-displayObjectName', 'true'])

Interactive mode example usage:

• Jacl:
  $AdminTask listKeySets {-interactive}

• Jython string:
  AdminTask.listKeySets ('[-interactive]')

• Jython list:
  AdminTask.listKeySets (['-interactive'])

modifyKeySet

The modifyKeySet command changes the settings of an existing key set.

Target object: None.

Required parameters:

-name

Name that uniquely identifies the key set. (String, required)

Optional parameters:

-scopeName

Unique name of the management scope. (String, optional)

-aliasPrefix

Prefix for the key alias when a new key generates. (String, optional)

-password

Password that protects the key in the keystore. (String, optional)

-maxKeyReferences

Maximum number of key references from the returned keys in the key set of interest. (Integer, optional)

-deleteOldKeys

Set value to true to delete old keys when new keys are generated. Otherwise, set value to false. (Boolean, optional)

-keyGenerationClass

Class used to generate new keys in the key set. (String, optional)

-keyStoreName

Keystore containing the keys. (String, optional)

-keyStoreScopeName

Management scope where the keystore is located. (String, optional)

-isKeyPair

Set value to true if the keys in the key set are key pairs. Otherwise, set the value of this parameter to false. (Boolean, optional)

Example output

The command does not return output.

Examples

Batch mode example usage:

• Jacl:
  $AdminTask modifyKeySet {-name testKeySet -maxKeyReferences 3 -deleteOldKeys false}

• Jython string:
  AdminTask.modifyKeySet ('[-name testKeySet -maxKeyReferences 3 -deleteOldKeys false]')

• Jython list:
  AdminTask.modifyKeySet (['-name', 'testKeySet', '-maxKeyReferences', '3', '-deleteOldKeys', 'false'])

Interactive mode example usage:

• Jacl:
  $AdminTask modifyKeySet {-interactive}

• Jython string:
  AdminTask.modifyKeySet ('[-interactive]')

• Jython list:
  AdminTask.modifyKeySet (['-interactive'])

Related:

Key management for cryptographic uses

wsadmin AdminTask

Create a key set configuration

Create an SSL configuration at the node scope using scripting

Key sets settings