Printing general help message: usage: java -jar wildfly-elytron-tool.jar credential-store [-a | -e | --export-secret-key | -g | --generate-secret-key | -ikp | --import-secret-key | -r | -v | -xp ] [-c] [-d] [-f] [-h] [-i ] [-j ] [-k ] [--key ] [-kp ] [-l ] [-n ] [-o ] [-p ] [-pbk | -pbl ] [-pvk | -pvl ] [-q ] [-s ] [--size ] [-t ] [-u ] [-x ] "credential-store" command is used to perform various operations on credential store. Some of the parameters below are mutually exclusive actions which are marked with (Action) in the description. -a,--add Add new alias to the credential store (Action) -c,--create Create credential store (Action) -d,--debug Print stack trace when error occurs. -e,--exists Check if alias exists within the credential store (Action) --export-secret-key Export existing SecretKey stored in the credential store. -f,--summary Print summary, especially command how to create this credential store -g,--generate-key-pair Generate private and public key pair and store them as a KeyPairCredential --generate-secret-key Generate a new SecretKey and store it in the credential store. -h,--help Get help with usage of this command (Action) -i,--iteration Iteration count for final masked password of the credential store -ikp,--import-key-pair Import a KeyPairCredential into the credential store. --import-secret-key Import an existing encoded SecretKey to the credential store. -j,--size Size (number of bytes) of the keys when generating a KeyPairCredential. -k,--algorithm Encryption algorithm to be used when generating a KeyPairCredential: RSA, DSA, or EC. Default RSA --key The encoded Key to import. -kp,--key-passphrase The passphrase used to decrypt the private key. -l,--location Location of credential store storage file -n,--entry-type Type of entry in credential store -o,--other-providers Comma separated list of JCA provider names. Providers will be supplied to the credential store instance. Each provider must be installed through java.security file or through service loader from properly packaged jar file on classpath. -p,--password Password for credential store -pbk,--public-key-string A public key specified as a String. -pbl,--public-key-location The location of a file containing a public key. -pvk,--private-key-string A private key specified as a String. -pvl,--private-key-location The location of a file containing a private key. -q,--credential-store-provider Provider name containing CredentialStoreSpi implementation. Provider must be installed through java.security file or through service loader from properly packaged jar file on classpath. -r,--remove Remove alias from the credential store (Action) -s,--salt Salt to apply for final masked password of the credential store --size Key size (bits). -t,--type Credential store type -u,--properties Implementation properties for credential store type in form of "prop1=value1; ... ;propN=valueN" . Supported properties are dependent on credential store type KeyStoreCredentialStore (default implementation) supports following additional properties (all are optional): keyStoreType - specifies the key store type to use (defaults to "JCEKS") keyAlias - specifies the secret key alias within the key store to use for encrypt/decrypt of data in external storage (defaults to "cs_key") external - specifies whether to store data to external storage and encrypted by keyAlias key (defaults to "false") cryptoAlg - cryptographic algorithm name to be used to encrypt/decrypt entries at external storage "external" has to be set to "true" -v,--aliases Display all aliases (Action) -x,--secret Password credential value -xp,--export-key-pair-public-key Prints the public key stored under a KeyPairCredential as Base64 encoded String, in OpenSSH format. usage: java -jar wildfly-elytron-tool.jar vault [-b ] [-d] [-e ] [-f] [-h] [-i ] [-k ] [-l ] [-o ] [-p ] [-q ] [-s ] [-t ] [-u ] [-v ] "vault" command is used convert PicketBox Security Vault to credential store using default implementation (KeyStoreCredentialStore) or custom implementation set with the "type" option. Some of the parameters below are mutually exclusive actions which are marked with (Action) in the description. -b,--bulk-convert Bulk conversion with options listed in description file. All options have no default value and should be set in the file. (Action) All options are required with the exceptions: - "properties" option - "type" option (defaults to "KeyStoreCredentialStore") - "credential-store-provider" option - "other-providers" option - "salt" and "iteration" options can be omitted when plain-text password is used Each set of options must start with the "keystore" option in the following format: keystore: keystore-password: enc-dir: salt: iteration: location: alias: properties:=; ... ;= type: credential-store-provider: other-providers: -d,--debug Print stack trace when error occurs. -e,--enc-dir Vault directory containing encrypted files (defaults to "vault") -f,--summary Print summary of conversion -h,--help Get help with usage of this command (Action) -i,--iteration Iteration count (defaults to "23") -k,--keystore Vault keystore URL (defaults to "vault.keystore") -l,--location Location of credential store storage file (defaults to "converted-vault.cr-store" in vault encryption directory) -o,--other-providers Comma separated list of JCA provider names. Providers will be supplied to the credential store instance. Each provider must be installed through java.security file or through service loader from properly packaged jar file on classpath. -p,--keystore-password Vault keystore password: - used to open original vault key store - used as password for new converted credential store -q,--credential-store-provider Provider name containing CredentialStoreSpi implementation. Provider must be installed through java.security file or through service loader from properly packaged jar file on classpath. -s,--salt 8 character salt (defaults to "12345678") -t,--type Converted credential store type (defaults to "KeyStoreCredentialStore") -u,--properties Configuration parameters for credential store in form of: "parameter1=value1; ... ;parameterN=valueN" Supported parameters are dependent on credential store type Generally supported parameters for default credential store implementation (all are optional): create - automatically creates credential store file (true/false) modifiable - is the credential modifiable (true/false) location - file location of credential store keyStoreType - specify the key store type to use -v,--alias Vault master key alias within key store (defaults to "vault") usage: java -jar wildfly-elytron-tool.jar filesystem-realm [-b ] [--debug] [-f ] [--help] [-o ] [-r ] [-s ] [--silent] [--summary] [-u ] 'FileSystemRealm' command is used to convert legacy properties files and scripts to an Elytron FileSystemRealm. Some of the parameters below are mutually exclusive actions which are marked with (Action) in the description. -b,--bulk-convert Bulk conversion with options listed in description file. Optional options have default values, required options do not. (Action) The options fileSystemRealmName and securityDomainName are optional. These optional options have default values of: converted-properties-filesystem-realm and converted-properties-security-domain. Values are required for the following options: users-file, roles-file, and output-location. If one or more these required values are not set, the corresponding block is skipped. Each option must be specified in the following format: