Sign the Integration Hub integration steps in the production instance

  • Release version: Washingtondc
  • Updated April 1, 2024
  • 3 minutes to read

    • Use update sets to sign and validate your Integration Hub integration steps by enabling the Code Signing in production and trusted instances.

    Help ensure the authenticity and integrity of your integration hub content by signing the integration steps located in the Step Instance [sys_hub_step_instance] table. For details on these steps, see Integration steps.

    Requirements

    Ensure that you have the following before signing your integration steps.

    • Users performing the steps must elevate to the security_admin role. For details see Security_admin role.
    • Establish Circle of Trust between your production and trusted instances to ensure that only authorized users can access the Code Signing feature. For details on this process, see Configuring Code Signing.

    Sign existing Integration Hub integration steps

    Sign and validate existing Integration Hub integration steps by enabling the code signing in production and trusted non-production instances.

    Before you begin

    Role required: sn_kmf.cryptographic_manager

    Procedure

    1. In the trusted instance, sign the records in the Step Instance table.
      1. Navigate to System Security > Security Jobs > All.
      2. Click New.
      3. On the form, fill these values.
        Field Description
        Name Name to identify the record.
        Type Type of the encryption job. Select Mass Sign Records.
        Table Table from which the records should be signed. Select Step Instance.
      4. Click Export Code Signing job to production.
        Two locally signed update sets are created.
        • One update set for the KMF signature.
        • Another update set from the encryption job to export the code signing job.
    2. In the trusted instance, export the local update set to an XML file.
      1. Navigate to System Update Sets > Local Update Sets.
      2. Open the update set you had created for mass signing the records.
      3. Click the Export to XML related link and save the XML file.
    3. In the production instance, import the XML file.
      1. Navigate to System Update Sets > Retrieved Update Sets.
      2. Click the Import Update Set from XML related link to import the update set that is exported from the trusted instance.
        For more information, see Import and commit the quick-start update set.
        The update set is committed successfully.
    4. In the production instance, run the encryption job you had earlier created in the trusted instance.
      1. Navigate to System Security > Security Jobs > All.
      2. Open the encryption job you had earlier created in the trusted instance.
      3. Click Start to start the job.
      A confirmation message is displayed mentioning that the records are signed.

    Sign new Integration Hub integration steps

    Sign and validate new Integration Hub integration steps by enabling the Code Signing in production and trusted non-production instances.

    Before you begin

    Role required: sn_kmf.cryptographic_manager

    Procedure

    1. In the trusted instance, start an update set.
    2. In the trusted instance, create the required flows, subflows, or actions, and publish them.
      The flows, subflows, or actions are added to the update set.
    3. In the trusted instance, change the state of the update set to Complete and click Update.
    4. In the trusted instance, sign the update set by creating an encryption job.
      1. Navigate to System Security > Security Jobs > All.
      2. Click New.
      3. On the form, fill these values.
        Field Description
        Name Name to identify the record.
        Type Type of the encryption job. Select Sign Update Set.
        Table Update set from which the records should be signed.
      4. Click Submit.
      5. Click Start to sign the update set.
        • Summary is updated that the records are signed.
        • The update set is updated and includes the signature.
    5. In the trusted instance, open the signed update set record and export it to an XML.
    6. In the production instance, import the signed update set.
      1. Navigate to System Update Sets > Retrieved Update Sets.
      2. Select the Import Update Set from XML related link to import the update set that is exported from the trusted instance.
        For more information, see Import and commit the quick-start update set.
        The update set is committed successfully.