You can improve the process for delivering Orchestrator plug-ins created with Maven by performing a set of tasks.

Using a Repository Manager

If you are creating plug-ins in a larger organization, use an enterprise repository manager to set up the default Orchestrator Appliance repository to be added as a proxy repository. Using a central repository improves management and plug-in project collaboration. When you complete the first build in the new repository, the repository manager caches the artifacts from the Orchestrator Appliance repository and you can turn off the default repository.

Locking Workflows

After you verify that all workflows in your plug-in work as expected, lock them to prevent unauthorized modifications. By locking workflows, you ensure that the basic functions of the plug-in cannot be compromised. If users must modify a default workflow for a specific purpose, they can create a copy of the original workflow and edit that copy.

To produce release builds with locked workflows, pass the -DallowedMask=vf parameter to Maven.

Using a Package-Signing Certificate

Use a self-signed certificate or a certificate signed by a Certificate Authority, to ensure the integrity and authenticity of the plug-ins. Store the certificate in the keystore under the _dunesrsa_alias_ alias, by importing it with the keytool in the JDK.

There are two ways to specify the path to the keystore file and the keystore password.

  • Define the -DkeystoreLocation and -DkeystorePassword command-line parameters for the MAVEN_OPTS variable.

  • Edit the pom.xml file to insert the values manually. For example,

<keystore>path to the keystore file</keystore>
<storepass>keystore password</storepass>

If no keystore is imported, the .package file is signed with the archetype.keystore file.