Common Configuration

Workers are configured by setting properties in the worker configuration. The common configuration options handled by the framework apply to all workers. In addition, there are worker specific properties, handled by the worker implementation.

Sensitive Properties

To reduce the risk of accidentally exposing sensitive data, for instance when sharing outputs for troubleshooting or support purposes, certain property values can be masked when exporting worker configurations or displaying the worker status etc.

By default, the following properties are masked:

• PIN

• KEYSTOREPASSWORD

• KEYDATA

You can customize which properties are masked by setting the maskedworkerproperties parameter in the conf/signserver_deploy.properties file at deployment time. Refer to the sample configuration file for examples and see the Configure Deployment section in Install SignServer for details on how to apply these settings.

Masking of properties is applied across all remote interfaces, including Admin Web, Admin Web Services (WS), REST API, as well as the audit log. Additionally, masking is enforced for commands executed in the local Admin CLI when retrieving properties from the server.

The Admin CLI also supports masking when reading in configuration and setting properties. To configure masking for those commands, use the admincli.maskedworkerproperties property in the conf/signserver_cli.properties file. Again, refer to the sample file for specific examples.

Commenting Out Properties

You can comment out properties to temporarily disable them by adding a pre- or postfix underscore.

Commenting out masked sensitive properties will still protect the properties and mask them in the cases described in the Sensitive Properties section above.