JS7 JobScheduler

Space shortcuts

Page tree

Versions Compared

Old Version 2

changes.mady.by.user Andreas Püschel

Saved on

compared with

New Version 3

changes.mady.by.user Andreas Püschel

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Certificates can be imported from files.
  • Certificates can be manually added by copy/paste.
  • Certificate entries can be updated by clicking the alias name of the Certificate.
  • A Certificate's action menu offers the operations to update and to delete a Certificate entry.

Adding

...

and Updating Certificates

When adding or /updating a Certificate, the following popup window is displayed:

...

  • The following input fields are offered:
    • Certificate Alias:  The The Certificate is assigned an Alias name that can be freely chosen by the user. The Alias name must be unique for any Certificates managed.
    • Certificate: The Certificate or Public Key can be added to the related input field by copy/paste. The PEM format of a Certificate/Public Key is used:
      • Certificate
        • The first line of a Certificate looks like this: -----BEGIN CERTIFICATE-----
        • The last line of a Certificate looks like this: -----END CERTIFICATE-----
      • Public Key
        • The first line of a Public Key looks like this: -----BEGIN PUBLIC KEY-----
        • The last line of a Public Key looks like this: -----END PUBLIC KEY-----
      • Between the first line and the last line a number of base64 encoded lines indicate the Certificate's or Public Key's content.
    • Path to Private Key File: Specifies the path to the location of the Private Key file with Agent that holds the Private Key. Frequently the <AGENT-DATA>/config/private directory is used. However, any directory can be used that is in reach of the Agent. 
      • Users have to store the Private Key to the indicated location.
      • Note: Private Keys must not be protected by a passphrase. The passphrase acts as a second factor when a human user will access the key: while the Private Key is in the file system, the passphrase is in the user's brains. However, this does not improve security for unattended processing : it's pointless to store a passphrase side-by-side with the Private Key in scripts or configuration files on the same media.  Therefore,, use of passphrace-protected Private Keys is denied.
    • Job Resource Folder: The indicated Certificate and Path to Private Key File will be made available to jobs from a JS7 - Job Resource. The name of the Job Resource will be created from the Certificate Alias, the folder of the Job Resource is indicated with the input field, see chapter Job Resource for Certificate
  • The Use of Certificates by Agents link displays the list of Agents that are assigned the given Certificate Alias, see chapter Managing Certificates for Agents.

...

  • The Job Resource makes use of the Certificate Alias name. Users should consider that object names in the JS7 inventory are unique.
  • The Job Resource holds the following variables:
    • encipherment_certificate: holds the Certificate/Public Key.
    • encipherment_private_key_path: holds the Path to Private Key File. The Private Key file must be available for the Agent(s) that perform decryption.
  • The Job Resource can be assigned any jobs that use encrypted secrets. It will be deployed by the Controller to any Agents assigned the Job Resource. The Agent will make use of the Job Resource to decrypt secrets for example from variables.

Anchor
assigning_certificates_to_agents
assigning_certificates_to_agents
Managing Certificates for Agents

...

Users can click the icon to make the list of Certificate Aliases available that are assigned the given Agent:

...