Update Keystore
Endpoint
PUT /apiops/projects/{projectName}/keystores/{keystoreName}/
Authentication
Requires a Personal API Access Token.
Header
Authorization: Bearer YOUR_TOKEN
Request
Headers
| Header | Value | Required |
|---|---|---|
| Authorization | Bearer {token} | Yes |
| Content-Type | application/json | Yes |
Path Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| projectName | string | Yes | Project name |
| keystoreName | string | Yes | Name of the keystore to update |
Query Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| jwkUpdateAction | string | No | Action to take on referenced JWKs: NULLIFY (clear references) or UPDATE (re-parse and update JWKs). Defaults to NULLIFY if not provided. |
| updateScope | string | No | Scope for updating JWKs: SAME_PROJECT or ALL_PROJECTS (used when jwkUpdateAction is UPDATE) |
Request Body
The request body should contain a KeystoreUpdateDTO object with the following structure:
{
"name": "updated-keystore",
"description": "Updated keystore description",
"keyStoreEnvironmentList": [
{
"environmentName": "production",
"file": "base64-encoded-updated-keystore-file-content",
"password": "updated-password",
"alias": "updated-alias",
"keyStoreType": "JKS"
}
]
}
Request Body Fields
| Field | Type | Required | Description |
|---|---|---|---|
| name | string | No | Keystore name (can be changed) |
| description | string | No | Keystore description |
| keyStoreEnvironmentList | array[object] | No | List of keystore environments |
Keystore Environment Object
| Field | Type | Required | Description |
|---|---|---|---|
| environmentName | string | Yes | Environment name where keystore will be deployed |
| file | string (base64) | Yes | Base64-encoded keystore file content |
| password | string | Yes | Keystore password |
| alias | string | No | Default alias for the keystore |
| keyStoreType | string | Yes | Keystore type: JKS or PKCS12 |
Notes
- Request Format: This API uses
application/jsoncontent type. Keystore file content must be base64-encoded and included in the JSON body (not uploaded as a file). - All fields are optional - only provided fields will be updated
namecan be changed, but must remain unique within the projectenvironmentNameis used to identify the environment (notenvironmentId)- Keystore file content must be base64-encoded if provided
Response
Same as Create Keystore response format.
cURL Example
Example 1: Update Keystore with JWK Updates
curl -X PUT \
"https://demo.apinizer.com/apiops/projects/MyProject/keystores/my-keystore/?jwkUpdateAction=UPDATE&updateScope=SAME_PROJECT" \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"name": "updated-keystore",
"description": "Updated keystore description",
"keyStoreEnvironmentList": [
{
"environmentName": "production",
"file": "base64-encoded-updated-keystore-file-content",
"password": "updated-password",
"alias": "updated-alias",
"keyStoreType": "JKS"
}
]
}'
Example 2: Update Keystore and Clear JWK References
curl -X PUT \
"https://demo.apinizer.com/apiops/projects/MyProject/keystores/my-keystore/?jwkUpdateAction=NULLIFY" \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"description": "Updated description only",
"keyStoreEnvironmentList": [
{
"environmentName": "production",
"file": "base64-encoded-updated-keystore-file-content",
"password": "updated-password",
"alias": "updated-alias",
"keyStoreType": "PKCS12"
}
]
}'
Example 3: Update Keystore Name Only
curl -X PUT \
"https://demo.apinizer.com/apiops/projects/MyProject/keystores/my-keystore/" \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"name": "new-keystore-name"
}'
Notes and Warnings
-
Keystore Name:
- Can be changed during update
- New name must be unique within the project
- If name is changed, the keystore will be accessible by the new name
-
Referenced JWKs:
- If
jwkUpdateAction=UPDATE, JWKs created from this keystore will be re-parsed and updated - If
jwkUpdateAction=NULLIFYor not provided (default), JWK references will be cleared updateScopedetermines which JWKs to update whenjwkUpdateAction=UPDATE:SAME_PROJECTorALL_PROJECTS- Default behavior (
NULLIFY) ensures JWKs don't reference deleted or updated keystores
- If
-
Environment Name:
- Use
environmentName(notenvironmentId) to specify the environment - Environment name must exist and be accessible
- Use
-
Keystore Type:
keyStoreTypemust match the actual keystore file formatJKS: Java KeyStore formatPKCS12: PKCS#12 format (also known as .p12 or .pfx)
-
Partial Updates:
- Only provided fields will be updated
- Omitted fields will remain unchanged
-
Automatic Deployment:
- Keystore is automatically deployed to all specified environments after update
- Deployment results are returned in the response
Permissions
User must have SECRETS + MANAGE permission in the project. For deployment operations (when deploying keystores to environments), user must also have SECRETS + DEPLOY_UNDEPLOY permission.
Related Documentation
- List Keystores - List all keystores
- Create Keystore - Create a new keystore