Uploading keystore file as truststore via REST or SPI

Hi guys,
Im working on project that needs to dynamically import CA certificates in keycloak and my question is:
Are there any other ways to upload a CA certificate or a java-keystore? Current way is only to modify standalone.xml.
My problem is that keycloak will be in docker image and certificates could change a lot.

Current Idea is to put an empty Java Keystore file to standalone.xml and load it, create a SPI that modify that keystore file (add/remove CA certificates). Commnication will be docker containers/network.

How do you find my idea?

1 Like