JS7 JobScheduler

Space shortcuts

Page tree

Versions Compared

Old Version 10

changes.mady.by.user Andreas Püschel

Saved on

compared with

New Version Current

changes.mady.by.user Andreas Püschel

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • The js7_encrypt.sh | .cmd script is called with the --cert argument that specifies the path to the Certificate file or Public Key file. The --in argument specifies the plain text secret. Similar parameters are used if the Invoke-JS7Encrypt PowerShell cmdlet is used.
  • Consider that the Certificate/Public Key used for encryption has to match the Private Key used by the component that performs decryption:
    • for JOC Cockpit the Private Key is located in reach of JOC Cockpit, for example in its data directory.
    • for JS7 JITL Jobs that are executed with an Agent the Private Key is in reach of the related Agent, for example in its data directory.
  • For use with Unix Shell
    • the script writes output to the stdout channel that is assigned an environment variable.
    • the sed command is used to replace the related element value in the hibernate.cfg.xml configuration file.
  • For use with Windows Shell
    • the script writes output to the JS7_ENCRYPT_VALUE environment variable.
    • the powershell.exe command is used to replace the related element value in the hibernate.cfg.xml configuration file.
  • For use with PowerShell
    • the cmdlet returns the encryption result.
    • the related element value is replaced in the hibernate.cfg.xml configuration file.

Integration with

...

Secret Manager Products

The scripts or cmdlets can be integrated with Password Secret Manager products that are used to create, to modify and to rotate passwords. A number of Password Secret Manager products offer hooks that allow to call scripts after a password is changed which is the preferred integration scenario.

...

  • hibernate.sos.keystore_path: The keystore path can be specified from an absolute path or from a relative path. The relative path starts from the JETTY_BASE/resources/joc directory of the JOC Cockpit installation.
  • hibernate.sos.keystore_type: The PKCS12 keystore type should be used. Typically keystores with the file name extension .p12 or .pfx signal a PKCS12 compliant keystore.

  • hibernate.sos.keystore_password: The keystore should be be protected by a password. The password is not a secret, but aims to check checking integrity when reading/writing keystores.

  • hibernate.sos.keystore_keypassword: For use with the PKCS12 format the password for the key and the password for the keystore have to match.

  • hibernate.sos.keystore_keyalias: The Private Key's alias name is a unique identifier of the key in the keystore. An alias name has to be specified if more than one Private Key is available in the keystore. The property can be omitted for keystores that hold a single key.

...