Support pkcs keystores [WIP] #1311

kavindasr · 2025-08-13T04:01:15Z

Purpose

Currently, we only support JKS keystores in apiclt secret commands. However, we identified an issue where, in the 4.4.0 and 4.5.0 packs, the default bundle keystore is PKCS12. As a result, if someone tries to use wso2carbon.jks to encrypt secrets, the operation will fail.

Goals

To resolve this issue, we need to update apictl to support both JKS and PKCS12 keystores.

Approach

Introduce methods to read PKCS12 keystores.
After reading the keystore, check its type and pass it to the appropriate function.

…error messages and improve file reading logic

…d maintain JKS compatibility

import-export-cli/utils/encryptionUtils.go

Copilot

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

npamudika · 2025-08-13T04:40:56Z

Generate the doc changes by running go run tools/gen.go and commit the changes as well.

import-export-cli/utils/encryptionUtils.go

…y error handling

kavindasr added 4 commits August 10, 2025 19:03

Add software.sslmate.com/src/go-pkcs12 v0.6.0 dependency

d6bf79d

Update Key Store initialization to support JKS and PKCS12 formats

e7ea1ad

Refactor keystore handling to support PKCS12 and JKS formats; update …

3f4b68b

…error messages and improve file reading logic

Enhance keystore type detection logic to improve PKCS12 validation an…

39771cc

…d maintain JKS compatibility

kavindasr requested review from CrowleyRajapakse, ashera96 and npamudika as code owners August 13, 2025 04:01

kavindasr requested a review from Copilot August 13, 2025 04:13

HeshanSudarshana reviewed Aug 13, 2025

View reviewed changes