Page History
...
Jobs might require variables for parameterization that hold secrets. We find a number of requirements for management of such variables, see JS7 - How to encrypt and decrypt Variables
The preferred solution with JS7 is to use asymmetric keys, for details see JS7 - Encryption and Decryption.
...
Code Block | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
# navigate to the Agent's <agent-data>/config/private directory cd /var/sos-berlin.com/js7/agent/config/private # create the private key in pkcs#1 format # without passphrase # openssl ecparam -name secp256k1 -genkey -noout -out agent.key # with passphrase # openssl ecparam -genkey -name secp256k1 | openssl ec -aes256 -passout pass:"jobscheduler" -out agent.key # create certificate openssl req -new -x509 -key agent.key -out agent.crt -days 1825 # openssl req -new -x509 -key agent.key -passin pass:"jobscheduler" -out agent.crt -days 1825 # extract public key from private key (not required) # openssl ec -in agent.key -pubout > agent.pub # openssl ec -in agent.key -passin pass:"jobscheduler" -pubout > agent.pub |
Code Block | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
# navigate to the Agent's <agent-data>/config/private directory cd /var/sos-berlin.com/js7/agent/config/private # create the private key in pkcs#1 format # without passphrase # openssl req -x509 -sha256 -newkey rsa:2048 -keyout agent.key -out agent.crt # with passphrase # openssl req -x509 -sha256 -newkey rsa:2048 -passout pass:"jobscheduler" -keyout agent.key -out agent.crt # extract public key from certificate (not required) # openssl x509 -pubkey -noout -in agent.crt > agent.pub |
...
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
# assumes that prevous encryption created a "result" variable and encrypted output file # $result = Invoke-JS7Encrypt -File /tmp/secret.txt -OutFile /tmp/secret.txt.enc -CertificatePath agent.crt -JavaLib /js7/js7.encryption/lib Invoke-JS7Decrypt -Value $result -File /tmp/secret.txt.enc -OutFile /tmp/secret.txt.dec -KeyPath agent.key -JavaLib /js7/js7.encryption/lib Get-Content /tmp/secret.txt.dec -Raw # decrypts the given encrypted file using an Agent's private key # creates the decrypted output file |
Further Resources
- JS7 - How to encrypt and decrypt Variables
...
Overview
Content Tools