Usually, for security reasons, production SSL certificates and other secrets are controlled by very limited group of people in a company, while staging certificates can be self-signed and used by all developers and DevOps. As I can see in Boxfuse documentation, keystore is supposed to be included in application build artifacts and production and dev VM images are identical, which is against the mentioned DevOps practice. Does Boxfuse support this scenario (probably undocumented) or there are workarounds for production deployments?
One solution is to include one key store per environment (you can select the correct one at runtime based on the BOXFUSE_ENV environment variable) and pass the keystore password as an environment variable on instance startup. See https://cloudcaptain.sh/docs/commandline/run#envvars