Encrypting secrets stored in the Talend JobServer configuration file
Talend JobServer offers password encryption for its TalendJobServer.properties configuration file.
Information noteImportant: For Talend ESB,
the configuration file is different. Follow Configuring password encryption for Talend ESB instead to implement the
encryption.
About this task
Procedure
-
Create an encryption key file:
- Navigate to <JobServer_installation>/conf/.
- Create a new file named aeskey.dat.
-
Generate a Base64 encoded AES key:
- You can use a command like: openssl rand 32 | base64 to generate this key.
- Add the key to aeskey.dat in this format: aes.key=<your_generated_key>.
-
Configure encryption:
- Open <JobServer_installation>/conf/TalendJobServer.properties.
- Set org.talend.remote.jobserver.encrypt=true.
-
Apply changes:
- Save the modified files.
- Restart Talend JobServer.
Results
Upon startup, Talend JobServer encrypts the following passwords using the Base64 encoded secret:
- org.talend.jmxmp.ssl.keyStorePassword
- org.talend.jmxmp.ssl.trustStorePassword
- org.talend.remote.server.ssl.keyStorePassword
- org.talend.remote.server.ssl.trustStorePassword
Custom key file location:
- To customize the key file location or name, set the encryption.keys.file system property in the start_rs.sh script.
Configuring password encryption for Talend ESB
Talend ESB uses org.talend.remote.jobserver.server.cfg for its JobServer configuration.
If you are using Talend ESB, skip the previous section and apply the following steps instead.
About this task
The encryption feature of Talend ESB is initially inactive.
Procedure
Results
Upon startup, Talend JobServer encrypts the following passwords using the Base64 encoded secret:
- org.talend.jmxmp.ssl.keyStorePassword
- org.talend.jmxmp.ssl.trustStorePassword
- org.talend.remote.server.ssl.keyStorePassword
- org.talend.remote.server.ssl.trustStorePassword
- To customize the key file location or name, set the encryption.keys.file system property in the trun script.