Encrypting secrets stored in JobServer configuration file - 7.3

Talend Data Management Platform Installation Guide for Linux
EnrichVersion
7.3
EnrichProdName
Talend Data Management Platform
EnrichPlatform
Talend Activity Monitoring Console
Talend Administration Center
Talend Artifact Repository
Talend CommandLine
Talend Data Preparation
Talend Data Stewardship
Talend DQ Portal
Talend Identity and Access Management
Talend Installer
Talend JobServer
Talend Log Server
Talend Repository Manager
Talend Runtime
Talend SAP RFC Server
Talend Studio
task
Installation and Upgrade

You can enable encryption of password properties in the Talend JobServer configuration file.

By default, this encryption feature is disabled. To enable it, do the following.

Procedure

  1. Go to the directory <root>/conf/, where <root> is the Talend JobServer path, and open the TalendJobServer.properties file to edit it.
  2. Set the following parameter to true. 
    org.talend.remote.jobserver.encrypt=true
  3. Save your changes and restart the Talend JobServer so that the configuration takes effect.

Results

On start of Talend JobServer, this setting will cause the following passwords to be encrypted using the Base64 encoded secret in property aes.key inside <root>/conf/aeskey.dat:

  • org.talend.jmxmp.ssl.keyStorePassword
  • org.talend.jmxmp.ssl.trustStorePassword
  • org.talend.remote.server.ssl.keyStorePassword
  • org.talend.remote.server.ssl.trustStorePassword

To modify the location and/or name of the key file, set the encryption.keys.file system property in the Talend JobServer start script start_rs.sh.

Note: For Talend ESB, you need to set org.talend.remote.jobserver.encrypt=true in <KARAF_HOME>/etc/org.talend.remote.jobserver.server.cfg and store your secret inside <KARAF_HOME>/etc/aeskey.dat. To modify location and/or the name of the key file, set the encryption.keys.file system property in the start script trun.