Skip to main content Skip to complementary content

Verifying artifact signature with a custom signing key

Enable Remote Engines to use your own signing keys to verify artifact signatures.

If you configure the engine to use a custom signing key, the Talend-provided keys are not used.

Before you begin

  • You must have set up your custom signing key on Talend Studio side for artifact signature verification.

    For further information, see Configuring custom Java KeyStore for Job artifact signature.

  • Your Remote Engine must be v2.12.0 and onwards.
  • Your Talend Studio version must be R2022-06 and onwards.
  • Only one KeyStore is allowed across a Remote Engine cluster.
  • Only one KeyStore is allowed for the Remote Engines assigned to the source and the target environments of a promotion.

Procedure

  1. If not done yet, run this KARAF command:
    feature:uninstall talend-job-server-signature-verifier-disabler

    This command uninstalls the Karaf talend-job-server-signature-verifier-disabler feature to enable Job signature validation.

  2. Copy-paste the JKS (Java KeyStore) file on the machine where your Remote Engine is installed.
  3. In the <RemoteEngineInstallationDirectory>/etc/org.talend.remote.jobserver.server.cfg file, add these two properties:
    org.talend.remote.jobserver.commons.config.JobServerConfiguration.SIGNATURE_CHECK_KEYSTORE=<path_to_jks_file_on_Remote_Engine>
    org.talend.remote.jobserver.commons.config.JobServerConfiguration.SIGNATURE_CHECK_STORE_PASSWORD=<password_for_jks_file>
  4. Save the file.

Did this page help you?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – please let us know!