JS7 JobScheduler

Space shortcuts

Page tree

Versions Compared

Old Version 2

changes.mady.by.user Andreas Püschel

Saved on

compared with

New Version Current

changes.mady.by.user Andreas Püschel

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

JOC Cockpit offers to centrally store manage Certificates while Private Keys remain with the Agent's.

...

with Agents. For creation of Encryption Keys see JS7 - How to create X.509 Encryption Keys.

Certificates can be used to encrypt and to decrypt values of variables assigned workflows, jobs or orders, see JS7 - Encryption - Integration with Workflows - Jobs - Orders.

Display feature availability
StartingFromRelease2.7.1

Managing Encryption Keys

The administrative menu of JOC Cockpit offers to Manage Encryption Keys:

...

  • Certificates can be imported from files.
  • Certificates can be manually added by copy/paste.
  • Certificate entries can be updated by clicking the alias name of the Certificate.
  • A Certificate's action menu offers the operations to update and to delete a Certificate entry.

Adding

...

and Updating Certificates

When adding or /updating a Certificate, the following popup window is displayed:

...

  • The following input fields are offered:
    • Certificate Alias:  The The Certificate is assigned an Alias name that can be freely chosen by the user. The Alias name must be unique for any Certificates managed.
    • Certificate: The Certificate or Public Key can be added to the related input field by copy/paste. The PEM format of a Certificate/Public Key is used:
      • Certificate
        • The first line of a Certificate looks like this: -----BEGIN CERTIFICATE-----
        • The last line of a Certificate looks like this: -----END CERTIFICATE-----
      • Public Key
        • The first line of a Public Key looks like this: -----BEGIN PUBLIC KEY-----
        • The last line of a Public Key looks like this: -----END PUBLIC KEY-----
      • Between the first line and the last line a number of base64 encoded lines indicate the Certificate's or Public Key's content.
    • Path to Private Key File: Specifies the path to the location of the Private Key file with Agent that holds the Private Key. Frequently the <AGENT-DATA>/config/private directory is used. However, any directory can be used that is in reach of the Agent. 
      • Users have to store the Private Key to the indicated location.
      • Note: Private Keys must not be protected by a passphrase. The passphrase acts as a second factor when a human user will access the key: while the Private Key is in the file system, the passphrase is in the user's brains. However, this does not improve security for unattended processing : it's pointless to store a passphrase side-by-side with the Private Key in scripts or configuration files on the same media. . Therefore,, use of passphrace-protected Private Keys is denied.
    • Job Resource Folder: The indicated Certificate and Path to Private Key File will be made available to jobs from a JS7 - Job Resource. The name of the Job Resource will be created from the Certificate Alias, the folder of the Job Resource is indicated with the input field, see chapter Job Resource for Certificate
  • The Use of Certificates by Agents link displays the list of Agents that are assigned the given Certificate Alias, see chapter Managing Certificates for Agents.

...

  • The Job Resource makes use of the Certificate Alias name. Users should consider that object names in the JS7 inventory are unique.
  • The Job Resource holds the following variables:
    • encipherment_certificate: holds the Certificate/Public Key.
    • encipherment_private_key_path: holds the Path to Private Key File. The Private Key file must be available for the Agent(s) that which perform decryption.
  • The Job Resource can be assigned any jobs that use encrypted secrets. It will be deployed by the Controller to any Agents assigned the Job Resource. The Agent will make use of the Job Resource to identify the path to the Private Key used to decrypt secrets.

Anchor
assigning_certificates_to_agents
assigning_certificates_to_agents
Managing Certificates for Agents

The administrative menu of JOC Cockpit offers to Manage Controllers/Agents from the following page:

Assigning Certificates to Agents

...

The list of Standalone Agents and Cluster Agents includes displays the Certificates column  column.

Users can click the icon to make the list of Certificate Aliases available that are assigned the given Agent:

...

...