Enable Remote Engines to use your own signing keys to verify artifact
signatures.
If you configure the engine to use a custom signing key, the Talend-provided
keys are not used.
Before you begin
You must have set up your custom signing key on the Studio side for artifact
signature verification.
For further information, see Configuring custom Java KeyStore for Job artifact signature.
- Your Remote Engine must be v2.12.0 and onwards.
- Your Studio version must be r2022-06 and onwards.
- Only one KeyStore is allowed across a Remote Engine cluster.
- Only one KeyStore is allowed for the Remote Engines assigned to the source and the
target environments of a promotion.
Procedure
-
If not done yet, run this KARAF command:
feature:uninstall talend-job-server-signature-verifier-disabler
This command uninstalls the Karaf
talend-job-server-signature-verifier-disabler feature to
enable Job signature validation.
-
Copy-paste the JKS (Java KeyStore) file on the machine where your Remote Engine is
installed.
-
In the <RemoteEngineInstallationDirectory>/etc/org.talend.remote.jobserver.server.cfg file, add these
two properties:
org.talend.remote.jobserver.commons.config.JobServerConfiguration.SIGNATURE_CHECK_KEYSTORE=<path_to_jks_file_on_Remote_Engine>
org.talend.remote.jobserver.commons.config.JobServerConfiguration.SIGNATURE_CHECK_STORE_PASSWORD=<password_for_jks_file>
-
Save the file.