From 3c46703ada3a97b3ec17ff8ec8325f79225bf5ed Mon Sep 17 00:00:00 2001
From: SSUday <udayagirishivasai@gmail.com>
Date: Fri, 5 Sep 2025 14:42:26 -0400
Subject: [PATCH] k8s: generate trustStore password instead of hardcoding
 (fixes #27051)

---
 generators/kubernetes/templates/deployment.yml.ejs          | 2 +-
 .../kubernetes/templates/registry/jhipster-registry.yml.ejs | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/generators/kubernetes/templates/deployment.yml.ejs b/generators/kubernetes/templates/deployment.yml.ejs
index 9200ba532976..d861e0f6f666 100644
--- a/generators/kubernetes/templates/deployment.yml.ejs
+++ b/generators/kubernetes/templates/deployment.yml.ejs
@@ -218,7 +218,7 @@ spec:
       <%_ if (ingressTypeGke) { _%>
         # Custom trustStore required when using Let's Encrypt staging
         - name: JAVA_OPTS
-          value: "-Djavax.net.ssl.trustStore=/etc/pki/java/cacerts -Djavax.net.ssl.trustStorePassword=123456 -Xmx256m -Xms256m"
+          value: "-Djavax.net.ssl.trustStore=/etc/pki/java/cacerts -Djavax.net.ssl.trustStorePassword=<%= baseName %> -Xmx256m -Xms256m"
         - name: SPRING_SECURITY_OAUTH2_CLIENT_PROVIDER_OIDC_ISSUER_URI
           value: https://keycloak.<%= kubernetesNamespace %>.<%= ingressDomain %>/realms/jhipster
       <%_ } else { _%>
diff --git a/generators/kubernetes/templates/registry/jhipster-registry.yml.ejs b/generators/kubernetes/templates/registry/jhipster-registry.yml.ejs
index 8fbad02e38bc..3c3e5af366d6 100644
--- a/generators/kubernetes/templates/registry/jhipster-registry.yml.ejs
+++ b/generators/kubernetes/templates/registry/jhipster-registry.yml.ejs
@@ -131,7 +131,7 @@ spec:
           value: https://keycloak.<%= kubernetesNamespace %>.<%= ingressDomain %>/realms/jhipster
         # Custom trustStore required when using Let's Encrypt staging
         - name: JAVA_OPTS
-          value: "-Djavax.net.ssl.trustStore=/etc/pki/java/cacerts -Djavax.net.ssl.trustStorePassword=123456"
+          value: "-Djavax.net.ssl.trustStore=/etc/pki/java/cacerts -Djavax.net.ssl.trustStorePassword=<%= baseName %>"
         <%_ } else { _%>
         - name: SPRING_SECURITY_OAUTH2_CLIENT_PROVIDER_OIDC_ISSUER_URI
           value: http://keycloak.<%= kubernetesNamespace %>.<%= ingressDomain %>/realms/jhipster
@@ -157,7 +157,7 @@ spec:
           name: application-config
   <%_ if (useKeycloak) { _%>
       <%_ if (ingressTypeGke) { _%>
-      # When using Let's Encrypt staging certificates, for a successful start, add CAs to java truststore 
+      # When using Let's Encrypt staging certificates, for a successful start, add CAs to java truststore
       - name: java-truststore
         secret:
           secretName: letsencrypt-ca-secret
@@ -165,4 +165,4 @@ spec:
           - key: truststore.jks
             path: cacerts
       <%_ } _%>
-  <%_ } _%>
\ No newline at end of file
+  <%_ } _%>