Page History
...
Security Configuration File: private.conf
Anchor | ||||
---|---|---|---|---|
|
...
Directory for Trusted Certificates used to verify Signed Workflow Signatures
The Agent requires X.509 certificates and/or PGP public keys to be in place. These are used to verify the signatures of signed workflows. Unsigned workflows are not accepted by an Agent, therefore a minimum of one X.509 certificate file or PGP public key file has to be present in the directories that are specified with the following configuration item:
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
# Security configuration js7 { configuration { # Locations of certificates and public keys used for signature verification trusted-signature-keys { PGP=${js7.config-directory}"/private/trusted-pgp-keys" X509=${js7.config-directory}"/private/trusted-x509-keys" } } |
Explanation:
- The Agent verifies the signature of deployable objects such as workflows. This can be performed for PGP signatures and for X.509 signatures.
- The
trusted-signature-keys
setting specifies the location of PGP public keys and X.509 certificates. - If no PGP public keys are used or if no X.509 certificates are used then the respective setting should not be used as it expects the indicated directory to be populated with public keys or certificates respectively.
Anchor | ||||
---|---|---|---|---|
|
...
Script Execution from Signed Workflows
The default Agent configuration allows job scripts to be executed from any location. Without this setting scripts are restricted to being executed from the config/executables
directory only.
...
Overview
Content Tools