Page History
...
Digitally signs JS7 workflows and related files for secure deployment in a JS7 environment operated for security level "high"
...
Sign-JS7Workflow.ps1 [[-File] <String>] [[-Dir] <String>] [-Recurse] [[-Keystore] <String>] [[-Key] <String>] [[-Cert] <String>] [[-Credentials] <PSCredential>] [-AskForCredentials] [[-Thumbprint] <String>] [[-LogDir] <String>] [-ShowLogs] [-WhatIf] [-Confirm] [<CommonParameters>]
...
JS7 can be operated in environments for security level "high". This includes to have workflows digitally signed outside of JOC Cockpit in order not to have the private key within reach of JOC Cockpit.
Digital signing includes
* to export workflows scheduling objects with the option "for signing". This will create a .tar.gz/.zip archive file holding workflows
and related scheduling objects which is available with the user's computer that connected to JOC Cockpit
** to optionally transfer the export .tar.gz/.zip archive file to a secure machine
* to digitally sign exported workflowsworkflow files and job resouce filess
** to extract the .tar.gz/.zip archive file
** to create signature files (, for example *.workflow.json.sig ) for workflow files ( *.workflow.json)
* to create or update a .tar.gz/.zip archive file that includes both the original workflow files and newly created signature files
* to import and to deploy the .tar.gz/.zip archive file that holds the original workflows and the signature files
** JOC Cockpit offers the operation to "Import and Deploy" .tar.gz/.zip archives from a single step
The Sign-JS7Workflow.ps1 script can be used with PowerShell 5.1, 7.x on Liux and Windows.
...
-File <String>
Specifies the path to a *.workflow.json or *.jobresource.json file to be signed.
If this argument is omitted then the -Dir argument will be used to look up workflow files.
...
-Dir <String>
Specifies the path to a directory holding *.workflow.json or *.jobresource.json files to be signed. Any sub-directories will be traversed recursively.
By default the current directory is used.
| Required? | false |
| Position? | 2 |
| Default value | . |
| Accept pipeline input? | true (ByValue, ByPropertyName) |
| Accept wildcard characters? | false |
Recurse
...
...
| Required? | false |
| Position? | named |
| Default value | False |
| Accept pipeline input? | true (ByPropertyName) |
| Accept wildcard characters? | false |
Keystore
-Keystore <String>
Specifies the path to a keystore file that holds the private key and certificate used for signing.
The argument can be populated from the JS7_SIGN_KEYSTORE environment variable.
Only one of the -Keystore and -Key arguments can be used. If both arguments are omitted then the Windows Certificate Store will be used.
...
PS > ./Sign-JS7Workflow.ps1 -Keystore /mnt/releases/certificates/release-signing/release-signing.p12 -P
Signs all *.workflow.json and *.jobresource.json files in the current directory and sub-directories using the code signing certificate from the indicated keystore asking for its password
...
PS > ./Sign-JS7Workflow.ps1 -Key ./js7.key -Cert ./js7.crt
Signs all *.workflow.json and *.jobresource.json files in the current directory and sub-directories using the code signing certificate from the indicated keystore
...
Signs all *.workflow.json and *.jobresource.json files in the current directory and sub-directories using the code signing certificate available with the Windows Certificate Store
...
PS > ./Sign-JS7Workflow.ps1 -Dir C:\some\folder -Recurse
Signs the all *.workflow.json and *.jobresource.json files in the indicated directory and any sub-directories using the code signing certificate available with the Windows Certificate Store
...
Overview
Content Tools