I had to deal with this recently. After much trial and error, here’s the command that you can use to wipe your Java JKS Keystore of all its entries:
|
1 |
keytool -list -keystore ${KEYSTORE} -storepass ${KEYSTORE_PASS} -rfc | grep -Po "Alias name: \K([A-Za-z0-9\s_-]+)" | xargs -n 1 -I {} keytool -delete -alias {} -keystore ${KEYSTORE} -storepass ${KEYSTORE_PASS} |
Here, the variable KEYSTOREis the path to your Java keystore and the variable KEYSTORE_PASS is the keystore’s password. If you are not comfortable in using the keystore password plain text in command line, I’d suggest you use an alternative version using a file containing keystore password or name of an environment variable instead. This will hide the password from appearing in shell history. You can do this by suffixing the -storepass argument with :file or :env resulting in it effectively becoming -storepass:file <path/to/file> or -storepass:env <ENV_NAME_WITHOUT_$. Here are some examples:
|
1 |
keytool -list -keystore ${KEYSTORE} -storepass:file ${KEYSTORE_PASS_FILE} -rfc | grep -Po "Alias name: \K([A-Za-z0-9\s_-]+)" | xargs -n 1 -I {} keytool -delete -alias {} -keystore ${KEYSTORE} -storepass:file ${KEYSTORE_PASS_FILE} |
In the above, notice how the ${KEYSTORE_PASS} environment variable has changed to ${KEYSTORE_PASS_FILE}. Use this to provide a path to the file containing your keystore password.
|
1 |
keytool -list -keystore ${KEYSTORE} -storepass:env ${KEYSTORE_PASS_ENV} -rfc | grep -Po "Alias name: \K([A-Za-z0-9\s_-]+)" | xargs -n 1 -I {} keytool -delete -alias {} -keystore ${KEYSTORE} -storepass:env ${KEYSTORE_PASS_ENV} |
Similar to previous, this one has been slightly modified to use the -storepass:env flag with ${KEYSTORE_PASS_ENV} environment variable instead.