Page History
...
- JS7 - How to encrypt and decrypt using Unix Shell
- JS7 - How to encrypt and decrypt using Windows Shell
- JS7 - How to encrypt and decrypt using PowerShell
Code Block | ||||
---|---|---|---|---|
| ||||
# encrypt secret and return result
result=$(./js7_encrypt.sh --cert="joc.crt" --in='jobscheduler')
# update hibernate.cfg.xml
sed -i'' -e "s@property[ ]*name[ ]*=[ ]*\"hibernate.connection.password\".*@property name=\"hibernate.connection.password\"\>enc://${result}\</property\>@g" hibernate.cfg.xml |
Code Block | ||||
---|---|---|---|---|
| ||||
@rem encrypt secret and return result from JS7_ENCRYPT_VALUE environment variable
call .\js7_encrypt.cmd "--cert=joc.crt" "--in=jobscheduler"
@rem update hibernate.cfg.xml
powershell.exe -Command "((Get-Content hibernate.cfg.xml) -replace 'property[ ]*name[ ]*=[ ]*\"hibernate.connection.password\".*', ('property name=\"hibernate.connection.password\">' + $env:JS7_ENCRYPT_VALUE + '</property>')) | Set-Content -Path hibernate.cfg.xml" |
Code Block | ||||
---|---|---|---|---|
| ||||
# encrypt secret and return result
$result = Invoke-JS7Encrypt -CertificatePath joc.crt -Value 'jobscheduler' -JavaLib /js7/js7.encryption/lib
# update Hibernate connection password in configuration file
((Get-Content hibernate.cfg.xml) -replace 'property[ ]*name[ ]*=[ ]*\"hibernate.connection.password\".*', ('property name=\"hibernate.connection.password\">' + $result + '</property>')) | Set-Content -Path hibernate.cfg.xml |
Explanation:
- The
js7_encrypt.sh | .cmd
script is called with the--cert
argument that specifies the path to the Certificate file or Public Key file. The--in
argument specifies the plain text secret. Similar parameters are used if theInvoke-JS7Encrypt
PowerShell cmdlet is used. - Consider that the Certificate/Public Key used for encryption has to match the Private Key used by the component that performs decryption:
- for JOC Cockpit the Private Key is located in reach of JOC Cockpit, for example in its data directory.
- for JS7 JITL Jobs that are executed with an Agent the Private Key is in reach of the related Agent, for example in its data directory.
- For use with Unix Shell
- the script writes output to the stdout channel that is assigned an environment variable.
- the
sed
command is used to replace the related element value in thehibernate.cfg.xml
configuration file.
- For use with Windows Shell
- the script writes output to the
JS7_ENCRYPT_VALUE
environment variable. - the powershell.exe command is used to replace the related element value in the
hibernate.cfg.xml
configuration file.
- the script writes output to the
- For use with PowerShell
- the cmdlet returns the encryption result.
- the related element value is replaced in the
hibernate.cfg.xml
configuration file.
Integration with Password Manager Products
The scripts or cmdlets can be integrated with Password Manager products that are used to create, to modify and to rotate passwords. A number of Password Manager products offer hooks that allow to call scripts after a password is changed which is the preferred integration scenario.
...
Overview
Content Tools