[[_saml-keystore]]

====== KeyStore element

file::
  File path to the key store. _OPTIONAL._  The file or resource attribute must be set. 

resource::
  WAR resource path to the KeyStore.
  This is a path used in method call to ServletContext.getResourceAsStream(). _OPTIONAL._  The file or resource attribute must be set. 

password::
  The password of the KeyStore _REQUIRED._                                        

You can and must also specify references to your private keys and certificates within the Java KeyStore.
The `PrivateKey` and `Certificate` elements do this.
The `alias` attribute defines the alias within the KeyStore for the key.
For `PrivateKey`, a password is required to access this key specify that value in the `password` attribute.