jeap-truststore-maven-plugin
jeap-truststore-maven-plugin reads X.509 certificates from a Git repository or a local directory
tree, filters them by configurable criteria, and assembles them into environment-specific Java
truststores (JKS or PKCS12) at build time. This lets a microservice derive its truststores from a
centrally managed certificate repository, so expiring certificates can be rolled out across services
without touching each service's source.
- Single goal
build-truststoresbound to thegenerate-resourcesphase - Sources certificates from a Git repository (
certificateRepositoryUrl) or a local directory (certificateRepositoryDir) - Builds one truststore per configured environment, with shared and environment-specific certificates
- Authenticates Git clones via a personal-access-token environment variable, or falls back to the system Git client (SSH keys, credential helpers)
- Respects Maven offline mode (
-o,--offline)
Documentation
Start with Getting started, then follow the links below.
| Topic | File |
|---|---|
| Getting started (add the plugin, build a truststore) | docs/getting-started.md |
| Goal & configuration reference | docs/configuration.md |
| Certificate repository layout & filtering | docs/certificate-repository.md |
Modules
Group id for the plugin is ch.admin.bit.jeap. The version is managed by the jEAP Spring Boot parent.
| Module | Purpose |
|---|---|
truststore-maven-plugin | Maven plugin that assembles environment-specific truststores from X.509 certificates |