...

The JOC Cockpit can be used for JS7 - Encryption - Management of Encryption Keys.:

• Centrally managing Certificates/Public Keys.
• Providing JS7 - Job Resources that hold the related Certificate/Public Key. Such Job Resources can be assigned workflows and jobs that should decrypt secrets.

...

A workflow can be assigned variables that can hold encrypted values.

To encrypt a variable uses users can proceed like this from the Configuration->Inventory view:

...

• The encrypted_variable workflow variable can hold holds an encrypted value.
• For encryption of values users click the icon that invokes the following popup window:
  
  Image Modified
  
  
  • The first input field accepts the plain text value for the related variable.
  • Users can select a Certificate
    • from the list of Certificate Alias names that are centrally managed, see JS7 - Encryption - Management of Encryption Keys,
    • by pasting an individual Certificate.
  • Hitting the Submit button will encrypt the plain text value and will assign the variable the encrypted value that looks like this:
    • enc:BGlzj4sQ5ea0D6UdZTOP0oF0hkKN9Ca1ecMeQfi8y4cEx/rweM9MpNquU2q5lint0lY6yvoYspLhlV7rhKIAEooFh2Ohca0wBZ4InjvrAI0r0xGa/fmpxCKgfuzNHBqZdsoTVQo= OD6HmuRRmpLKPLYN5urJlw== dQH6taVBtH2jaX4+ig+5ig==
    • The enc: prefix indicates an encrypted value that holds the following parts separated by spaces:
      • encrypted symmetric key,
      • initialization vector,
      • encrypted secret.
  • When selecting a Certificate, then the Use of Certificate by Agents link can be used to check which Agents are assigned the Certificate. Users should consider that the Agent assigned the job that needs to decrypt the variable's value has to be assigned the Certificate used for encryption . In addition, and the Agent must have access to the matching Private Key.

...

Encrypting Order Variables from Schedules

JS7 - Schedules are used to add orders to the JS7 - Daily Plan.

Schedules can encrypt order variables as from the following example:

Image Added

Clicking the Image Added icon invokes a popup window for encryption as explained with chapter Encrypting Workflow Variables.

Encrypting Order Variables from Ad hoc Orders

When adding ad hoc orders to a workflow using the Workflows view users can encrypt values of workflow variables like this:

Image Added

Clicking the Image Added icon invokes a popup window for encryption as explained with chapter Encrypting Workflow Variables.

Decryption

Decryption can be performed from Shell jobs and vom JS7 - JITL Job Templates.

Decrypting from Shell Jobs

Shell jobs can make use of the JS7 scripts provided for decryption, see JS7 - Encryption - Integration with Shell CLI.

Decrypting from JITL Jobs

JS7 - JITL Job Templates provide a built-in mechanism to decrypt any encrypted argument values.

Prerequisites for decryption include that

• the related job is assigned the Job Resource that holds the Certificate used for encryption, see JS7 - Encryption - Management of Encryption Keys,
• the Agent has access to the Private Key that is specified by the Job Resource.

Further Resources

• JS7 - Encryption and Decryption
• JS7 - Encryption - Management of Encryption Keys