Page History
...
Code Block | ||||
---|---|---|---|---|
| ||||
js7 { auth { ... } configuration { ... } job { ... } web { ... } api-server { # API Server URL url = [ "https://joc-2-0-primary:4443", "https://joc-2-0-secondary:4443", ] # Option 1: use of a Credential Store cs-file=${js7.config-directory}"/private/secret.kdbx" cs-key=${js7.config-directory}"/private/secret.key" cs-password="secret" # Option 1: use of references to credentials username="cs://myAccounts/joc@username" password="cs://myAccounts/joc@password" # Option 2: use of account and password # username="root" # password="root" # option 3: use of encrypted account and password # username="enc:BAGaj1JGQQX2flfi5W4TUxIUDzYXJmI7T1WIO8QZAGoQF3rmsyaLnmehFnCMLTzG3VJdi4zUvw9M++2Du9YuxCax+NUCTmabAB1nlvEGc9wgOXsHer9LxgmucU4Ue1xzz6kI7sc= lrVE+e9qaAFyVraamlivmA== zLefNPT1WhHFzIGM/V+KAw==" # password="enc:BAGaj1JGQQX2flfi5W4TUxIUDzYXJmI7T1WIO8QZAGoQF3rmsyaLnmehFnCMLTzG3VJdi4zUvw9M++2Du9YuxCax+NUCTmabAB1nlvEGc9wgOXsHer9LxgmucU4Ue1xzz6kI7sc= lrVE+e9qaAFyVraamlivmA== zLefNPT1WhHFzIGM/V+KAw==" # privatekey.path=config/private/private-x509-keys/pdEncryptDecrypt-001.key } } |
Explanation:
- The
api-server
configuration section specifies authentication details for JITL job templates and can be positioned anywhere directly within thejs7
configuration block. - Configuration items available from this configuration section are explained in the following sections:
...
- The
url
configuration item is required as explained above. - The
username
andpassword
can be specified from the following options:- Option 1: Use of a JS7 - Credential Store
- with the following settings:
cs-file:
Specifies the path to a KeePass database file (required).cs-key
: Specifies the path to a KeePass key file (optional).cs-password
: Specifies the password for the KeePass database file (optional).username
: Specifies the path to the entry in the KeePass database that holds the account name (required).password
: Specifies the path to the entry in the KeePass database that holds the password (required).
- the use of a KeePass key file (
cs-key
) to protect the KeePass database is preferable. Basically it is pointless to protect a Credential Store by use of a password (cs-password
) which has a visibility similar to putting the key under the mat. Use of a key file allows OS ownership and file permissions to be applied to protect the key file from being visible to 3rd parties.
- with the following settings:
- Option 2: Use of user account and password
- with the following settings:
username
: Specifies the account name (required).password
: Specifies the plain text password (required).
- this means that both settings will be visible in the configuration file.
- with the following settings:
- Option 3: Use of encrypted user account and password
- with the following settings:
username
: Specifies the encrypted account name (required).password
: Specifies the encrypted password (required).privatekey.path
: Specifies the location of the private key to decrypt the password. An absolute location can be specified and a location relative to<AGENT-DATA>
. directory can be specified. Frequently private keys are stored in the<AGENT-DATA>/config/private
directory or a sub-directory. The private key must not be encrypted.
- Encryption can be performed from the JOC Cockpit GUI and from command line tools, see JS7 - How to encrypt and decrypt.
- with the following settings:
- Option 1: Use of a JS7 - Credential Store
Overview
Content Tools