Securing the public and the private keys of your engine - Cloud

Talend Remote Engine User Guide for Linux
Version
Cloud
Language
English
Operating system
Linux
Product
Talend Cloud
Module
Talend Remote Engine
Content
Design and Development
Installation and Upgrade
Last publication date
2024-02-23

Store the public and the private keys of an engine in a secure way to restrict the access to them.

Remote Engine generates its own key pair (RSA/4096 bits) during the pairing process. With Talend Remote Engine v2.12.5 onwards, this key pair is stored in a Java keystore in etc/keystores, secured with a password defined in a dedicated configuration file or as an environment variable.

If no password is defined, a random value is generated instead to ensure that the private key is still stored encrypted at rest.

Note: This pair of keys is used to protect the information transferred between Talend Remote Engine and Talend Management Console.

Before you begin

  • You have installed Talend Remote Engine.
  • Your engine version is 2.12.5 onwards.

About this task

Do the following to define your own password to encrypt and secure the access to the keystore.

Procedure

  1. Stop your engine if it is running.
  2. Unpair your engine if it is already paired.
  3. Remove the previously generated keys and keystores from <RE_installation>/etc/keystores.
  4. In the <RE_installation>/etc/org.talend.ipaas.rt.keypair.manager.cfg file, ensure that the following lines present and enter your password: 
    # whether to use secured keystore for key-pair
keypair.use.keystore=true

# keystore type: PKCS12 or JCEKS
keypair.keystore.type=PKCS12

# Password used to encrypt keystore. Do not change it after key-pair was generated!
keypair.keystore.password=${env:ORG_TALEND_IPAAS_RT_KEYPAIR_MANAGER_KEYPAIR_KEYSTORE_PASSWORD}
    • Either directly enter the password to be used in this file.
    • Or add the ORG_TALEND_IPAAS_RT_KEYPAIR_MANAGER_KEYPAIR_KEYSTORE_PASSWORD variable to your system environment and define your password there.
  5. Start your engine.

Results

Your engine now generates a new pair of public and private keys in a new keystore and uses your password to encrypt them.

What to do next

Start to pair your engine.