diff --git a/gateway-service/src/main/java/org/zowe/apiml/gateway/security/service/JwtSecurity.java b/gateway-service/src/main/java/org/zowe/apiml/gateway/security/service/JwtSecurity.java
index 000ac06932..8818b01b8e 100644
--- a/gateway-service/src/main/java/org/zowe/apiml/gateway/security/service/JwtSecurity.java
+++ b/gateway-service/src/main/java/org/zowe/apiml/gateway/security/service/JwtSecurity.java
@@ -98,17 +98,24 @@ public JwtSecurity(Providers providers, String keyAlias, String keyStore, char[]
     @InjectApimlLogger
     private ApimlLogger apimlLog = ApimlLogger.empty();
 
+    void updateStorePaths() {
+        if (SecurityUtils.isKeyring(keyStore)) {
+            keyStore = SecurityUtils.formatKeyringUrl(keyStore);
+            if (keyStorePassword == null) keyStorePassword = "password".toCharArray();
+        }
+    }
+
     /**
      * When the class is constructed and fully set, understand the zOSMF configuration and/or API ML configuration to
      * load the key used to sign the JWT token.
-     *
+     * <p>
      * In case the configuration is altogether invalid, stop the Gateway Service with the appropriate ERROR. This could
      * take a while as we are waiting in certain scenarios for the zOSMF to properly start.
      */
     @PostConstruct
     public void loadAppropriateJwtKeyOrFail() {
+        updateStorePaths();
         JwtProducer used = actualJwtProducer();
-
         loadJwtSecret();
         switch (used) {
             case ZOSMF:
@@ -282,7 +289,7 @@ private ZosmfListener(ApimlDiscoveryClient discoveryClient) {
         private final EurekaEventListener zosmfRegisteredListener = new EurekaEventListener() {
             @Override
             public void onEvent(EurekaEvent event) {
-                if (!(event instanceof  CacheRefreshedEvent)) {
+                if (!(event instanceof CacheRefreshedEvent)) {
                     return;
                 }
 
diff --git a/onboarding-enabler-java/src/main/java/org/zowe/apiml/eurekaservice/client/impl/ApiMediationClientImpl.java b/onboarding-enabler-java/src/main/java/org/zowe/apiml/eurekaservice/client/impl/ApiMediationClientImpl.java
index 8da865937f..d8a5235a8c 100644
--- a/onboarding-enabler-java/src/main/java/org/zowe/apiml/eurekaservice/client/impl/ApiMediationClientImpl.java
+++ b/onboarding-enabler-java/src/main/java/org/zowe/apiml/eurekaservice/client/impl/ApiMediationClientImpl.java
@@ -28,6 +28,7 @@
 import org.zowe.apiml.exception.ServiceDefinitionException;
 import org.zowe.apiml.security.HttpsConfig;
 import org.zowe.apiml.security.HttpsFactory;
+import org.zowe.apiml.security.SecurityUtils;
 
 
 /**
@@ -65,9 +66,9 @@ public ApiMediationClientImpl(
     }
 
     public ApiMediationClientImpl(
-            EurekaClientProvider eurekaClientProvider,
-            EurekaClientConfigProvider eurekaClientConfigProvider,
-            EurekaInstanceConfigCreator instanceConfigCreator
+        EurekaClientProvider eurekaClientProvider,
+        EurekaClientConfigProvider eurekaClientConfigProvider,
+        EurekaInstanceConfigCreator instanceConfigCreator
     ) {
         this(eurekaClientProvider, eurekaClientConfigProvider, instanceConfigCreator, new DefaultCustomMetadataHelper());
     }
@@ -131,6 +132,7 @@ private EurekaClient initializeEurekaClient(
 
         HttpsConfig.HttpsConfigBuilder builder = HttpsConfig.builder();
         if (sslConfig != null) {
+            updateStorePaths(sslConfig);
             builder.protocol(sslConfig.getProtocol());
             if (Boolean.TRUE.equals(sslConfig.getEnabled())) {
                 builder.keyAlias(sslConfig.getKeyAlias())
@@ -152,6 +154,7 @@ private EurekaClient initializeEurekaClient(
         HttpsConfig httpsConfig = builder.build();
 
         HttpsFactory factory = new HttpsFactory(httpsConfig);
+
         EurekaJerseyClient eurekaJerseyClient = factory.createEurekaJerseyClientBuilder(
             config.getDiscoveryServiceUrls().get(0), config.getServiceId()).build();
 
@@ -161,6 +164,17 @@ private EurekaClient initializeEurekaClient(
         return this.eurekaClientProvider.client(applicationInfoManager, clientConfig, args);
     }
 
+    void updateStorePaths(Ssl config) {
+        if (SecurityUtils.isKeyring(config.getKeyStore())) {
+            config.setKeyStore(SecurityUtils.formatKeyringUrl(config.getKeyStore()));
+            if (config.getKeyStorePassword() == null) config.setKeyStorePassword("password".toCharArray());
+        }
+        if (SecurityUtils.isKeyring(config.getTrustStore())) {
+            config.setTrustStore(SecurityUtils.formatKeyringUrl(config.getTrustStore()));
+            if (config.getTrustStorePassword() == null) config.setTrustStorePassword("password".toCharArray());
+        }
+    }
+
     private ApplicationInfoManager initializeApplicationInfoManager(ApiMediationServiceConfig config) throws ServiceDefinitionException {
         EurekaInstanceConfig eurekaInstanceConfig = eurekaInstanceConfigCreator.createEurekaInstanceConfig(config);
         InstanceInfo instanceInformation = new EurekaConfigBasedInstanceInfoProvider(eurekaInstanceConfig).get();