JS7 JobScheduler

Space shortcuts

Page tree

Versions Compared

Old Version 23

changes.mady.by.user Andreas Püschel

Saved on

compared with

New Version 24

changes.mady.by.user Santiago Aucejo Petzoldt

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • The job encrypts a secret using the target AgentAgents' s certificate.
  • A new variable is added to the workflow that holds the encrypted secret.

  • Examples:

    • For details see JS7 - How to encrypt and decrypt using Unix Shell

      Code Block
      languagebash
      titleExample for Encryption using Unix Shell
      collapsetrue
      # encrypt secret
result=$($JS7_AGENT_HOME/bin/js7_encrypt.sh --cert=$JS7_AGENT_CONFIG_DIR/foobar.crt --in="12345678")

# forward "new_var" workflow variable holding the encrypted result
echo "new_var=$result" >> $JS7_RETURN_VALUES

    • For details see JS7 - How to encrypt and decrypt using Windows Shell

      Code Block
      languagepowershell
      titleExample for Encryption using Windows Shell
      collapsetrue
      @rem encrypt secret and return result with JS7_ENCRYPT_VALUE environment variable
call "%JS7_AGENT_HOME%\bin\js7_encrypt.cmd" "--cert=%JS7_AGENT_CONFIG_DIR%\foobar.crt" "--in=12345678"

@rem forward "new_var" workflow variable holding the encrypted result
echo new_var=%JS7_ENCRYPT_VALUE% >> %JS7_RETURN_VALUES%

    • For details see JS7 - How to encrypt and decrypt using PowerShell

      Code Block
      languagepowershell
      titleExample for Encryption using PowerShell
      collapsetrue
      # encrypt secret and return result with JS7_ENCRYPT_VALUE environment variable
$result = Invoke-JS7Encrypt -CertificatePath $env:JS7_AGENT_CONFIG_DIR/foobar.crt -Value '12345678' -JavaLib $env:JS7_AGENT_HOME/lib

# forward "new_var" workflow variable holding the encrypted result
"new_var=$result" | Out-File $env:JS7_RETURN_VALUES -Append

...

  • Workflow variables are provided from environment variables for shell jobs, see JS7 - Job Instruction.
  • The job decrypts a secret using the current AgentAgents' s Private Key.

  • Examples:

    • Code Block
      languagebash
      titleExample for Decryption using Unix Shell
      collapsetrue
      # encrypted result is assumed being available from NEW_VAR environment variable
secret=$($JS7_AGENT_HOME/bin/js7_decrypt.sh \
    --key=$JS7_AGENT_CONFIG_DIR/private/foobar.key \
    --in="$NEW_VAR")
echo $secret
    • Code Block
      languagepowershell
      titleExample for Decryption using Windows Shell
      collapsetrue
      @rem encrypted result is assumed being available from NEW_VAR environment variable

call "%JS7_AGENT_HOME%\bin\js7_decrypt.cmd" ^
    "--key=%JS7_AGENT_CONFIG_DIR%\private\foobar.key" ^
    "--in=%NEW_VAR%"
@echo %JS7_DECRYPT_VALUE%
    • Code Block
      languagepowershell
      titleExample for Decryption using PowerShell
      collapsetrue
      # encrypted result is assumed being available from NEW_VAR environment variable
$secret = Invoke-JS7Decrypt -Value $env:NEW_VAR -KeyPath $env:JS7_AGENT_CONFIG_DIR/private/foobar.key -JavaLib $env:JS7_AGENT_HOME/lib
Write-Output $secret

...

  • The job encrypts a secret using the target AgentAgents' s certificate and stores the encrypted result to a Job Resource variable.

  • Examples:

    • For details see  JS7 - How to update a Job Resource using Unix Shell

      Code Block
      languagebash
      titleExample for Encryption using Unix Shell
      collapsetrue
      $JS7_AGENT_HOME/bin/js7_set_job_resource.sh \
    --url=http://joc-2-0-primary:7446 \
    --controller-id=controller \
    --user=root \
    --password=root \
    --job-resource=/ProductDemo/Variables/pdBusinessSecret \
    --key=businessSecret \
    --value='12345678' \
    --env-var=BUSINESS_SECRET \
    --encrypt-cert=$JS7_AGENT_CONFIG_DIR/foobar.crt

    • For details see JS7 - How to update a Job Resource using PowerShell

      Code Block
      languagebash
      titleExample for Encryption using PowerShell
      collapsetrue
      Set-JS7JobResource `
    -Path /ProductDemo/Variables/pdBusinessSecret `
    -Key 'businessSecret' `
    -Value '12345678' `
    -EnvVar 'BUSINESS_SECRET' `
    -EncryptCertificatePath $env:JS7_AGENT_CONFIG_DIR/foobar.crt `
    -JavaLib $env:JS7_AGENT_HOME/lib

...

  • An external application encrypts a configuration file using the target AgentAgents' s certificate. The encrypted configuration file is added to a Job Resource.
  • When the Job Resource is assigned a workflow or job then JS7 takes care to transfer the Job Resource to all Agents that operate related jobs.

  • Examples:

    • For details see JS7 - How to update a Job Resource using Unix Shell

      Code Block
      languagebash
      titleExample for Encryption using Unix Shell
      collapsetrue
      ./js7_set_job_resource.sh \
    --url=http://joc-2-0-primary:7446 \
    --controller-id=controller \
    --user=root \
    --password=root \
    --job-resource=/ProductDemo/Variables/pdConfigurationData \
    --key=configurationData \
    --file=application.conf \
    --env-var=CONFIGURATION_DATA \
    --encrypt-cert=foobar.crt

    • For details see JS7 - How to update a Job Resource using PowerShell

      Code Block
      languagepowershell
      titleExample for Encryption using PowerShell
      collapsetrue
      Set-JS7JobResource `
    -Path /ProductDemo/Variables/pdConfigurationData `
    -Key 'configurationData' `
    -File application.conf `
    -EnvVar 'CONFIGURATION_DATA' `
    -EncryptCertificatePath foobar.crt `
    -JavaLib /js7/js7.encryption/lib

...

It is possible that jobs access an AgentAgents' s Private Key and SSL Certificate that are used to secure HTTPS connections, see JS7 - Agent HTTPS Connections. This requires the AgentAgents' s SSL Certificate certificate to be created with the dataEncipherment key usage option. Many users consider it more secure to use separate keys for HTTPS connections and for encryption/decryption of secrets.

...