Skip to main content Skip to complementary content

Encrypting secrets stored in the Talend JobServer configuration file

You can enable encryption of password properties in the Talend JobServer configuration file.

By default, this encryption feature is disabled. To enable it, do the following.


  1. Go to the directory <root>\conf, where <root> is the Talend JobServer path, and open the aeskey.dat file to edit it.
    The aeskey.dat file contains a Base64 encoded secret in the following format:
    aes.key=<BASE64 encoded AES key>
  2. Generate your own encryption secret.

    For example, using the command:

    openssl rand 32 | base64
  3. Replace the secret in <root>/conf/aeskey.dat with your own one.
  4. Open the <root>\conf\ file to edit it.
  5. Set the following parameter to true.
  6. Save your changes and restart the Talend JobServer so that the configuration takes effect.


On start of Talend JobServer, this setting will cause the following passwords to be encrypted using the Base64 encoded secret in property aes.key inside <root>\conf\aeskey.dat:

  • org.talend.jmxmp.ssl.keyStorePassword
  • org.talend.jmxmp.ssl.trustStorePassword
  • org.talend.remote.server.ssl.keyStorePassword
  • org.talend.remote.server.ssl.trustStorePassword

To modify the location or name of the key file by setting the encryption.keys.file system property in the Talend JobServer start script start_rs.bat.

Information noteImportant: For Talend ESB, you need to set org.talend.remote.jobserver.encrypt=true in <KARAF_HOME>\etc\org.talend.remote.jobserver.server.cfg and store your secret inside <KARAF_HOME>\etc\aeskey.dat. To modify location or the name of the key file, set the encryption.keys.file system property in the start script trun.bat

Did this page help you?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – let us know how we can improve!