JS7 JobScheduler

Space shortcuts

Page tree

Versions Compared

Old Version 7

changes.mady.by.user Andreas Püschel

Saved on

compared with

New Version 8

changes.mady.by.user Andreas Püschel

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...


Code Block
languagebash
titleEncryption using Unix Shell
# encrypt secret and return result
result=$(./js7_encrypt.sh --cert="joc.crt" --in='jobscheduler')

# update hibernate.cfg.xml
sed -i'' -e "s@property[ ]*name[ ]*=[ ]*\"hibernate.connection.password\".*@property name=\"hibernate.connection.password\"\>enc://${result}\</property\>@g" hibernate.cfg.xml
Code Block
languagebash
titleEncryption using Windows Shell
@rem encrypt secret and return result from JS7_ENCRYPT_VALUE environment variable
call .\js7_encrypt.cmd "--cert=joc.crt" "--in=jobscheduler"

@rem update hibernate.cfg.xml
powershell.exe -Command "((Get-Content hibernate.cfg.xml) -replace 'property[ ]*name[ ]*=[ ]*\"hibernate.connection.password\".*', ('property name=\"hibernate.connection.password\">' + $env:JS7_ENCRYPT_VALUE + '</property>')) | Set-Content -Path hibernate.cfg.xml"
Code Block
languagepowershell
titleEncryption using PowerShell Shell
# encrypt secret and return result
$result = Invoke-JS7Encrypt -CertificatePath joc.crt -Value 'jobscheduler' -JavaLib /js7/js7.encryption/lib

# update Hibernate connection password in configuration file
((Get-Content hibernate.cfg.xml) -replace 'property[ ]*name[ ]*=[ ]*\"hibernate.connection.password\".*', ('property name=\"hibernate.connection.password\">' + $result + '</property>')) | Set-Content -Path hibernate.cfg.xml

Explanation:

  • The js7_encrypt.sh | .cmd script is called with the --cert argument that specifies the path to the Certificate file or Public Key file. The --in argument specifies the plain text secret. Similar parameters are used if the Invoke-JS7Encrypt PowerShell cmdlet is used.
  • Consider that the Certificate/Public Key used for encryption has to match the Private Key used by the component that performs decryption:
    • for JOC Cockpit the Private Key is located in reach of JOC Cockpit, for example in its data directory.
    • for JS7 JITL Jobs that are executed with an Agent the Private Key is in reach of the related Agent, for example in its data directory.
  • For use with Unix Shell
    • the script writes output to the stdout channel that is assigned an environment variable.
    • the sed command is used to replace the related element value in the hibernate.cfg.xml configuration file.
  • For use with Windows Shell
    • the script writes output to the JS7_ENCRYPT_VALUE environment variable.
    • the powershell.exe command is used to replace the related element value in the hibernate.cfg.xml configuration file.
  • For use with PowerShell
    • the cmdlet returns the encryption result.
    • the related element value is replaced in the hibernate.cfg.xml configuration file.

Integration with Password Manager Products

The scripts or cmdlets can be integrated with Password Manager products that are used to create, to modify and to rotate passwords. A number of Password Manager products offer hooks that allow to call scripts after a password is changed which is the preferred integration scenario.

...