I work with a tool that creates system backup. The backup contains passwords as well. The backup tool uses a secret key stored in a JCEKS keystore to decrypt/encrypt the passwords saved in the backup file.
I know that I can generate secret key and add it to JCEKS keystore with keytool this way:
$ keytool -genseckey -alias "key-alias" -keyalg AES -keysize 128 \
-storetype jceks -keystore "/path/to/keystore.jceks" \
-storepass:file "/path/to/.storepass" \
-keypass:file "/path/to/.keypass"
Before I run the backup tool, I need to generate my own secret key. That part works fine, I am able to create a backup file with encrypted passwords.
I have a docker environment and the image I use contains a default installation of an app. During the first container start, I need to add the same secret key to the JCEKS keystore in the docker container that I used when I created the backup, and then I can run my restore process that configures the app running in the container.
I would like to have a tool to export/import the secret key from bash. I have found some solutions on StackOverflow and other places, but they suggest using a Java program, like this.
But I would like to have a ready for use tool without java. Is there any?
Finally, I have created a command-line tool that I can use. That tool I have cleated is an open-source tool so everyone can use and improve.
This is the URL of the CLI tool: jceks-tool