Managing Credentials

A Visualizer project connects to Quantum Fabric to create and publish back-end services. To use Quantum Fabric, you need to add the Quantum Cloud credentials to your project.

To add Quantum Cloud credentials to your project, follow these steps.

1. From the Quantum Visualizer & Fabric section in the buildVisualizerApp job, next to the FABRIC_CREDENTIALS_ID parameter, click ADD. A drop-down list appears.
2. From the drop-down list, select the scope at which you want to add the new credentials.
   

   

   NOTE: As Temenos typically provides only one set of these credentials per customer, Temenos recommends that you store this credential type in the Jenkins scope to share it across projects and to avoid creating unnecessary duplicates.
   

3. In the Add Credentials window, from the Kind list, select Username and Password.

   NOTE: In the Domain field, make sure that the Global Credentials (Unrestricted) domain is selected.

   
   
4. Configure the parameters that appear in the Add Credentials window. For more information about the parameters, refer to the following table.
   
   

   Parameter	Description
   Scope	Specifies the level at which the credentials are used. Contains the following options: System: The credentials are available to the associated object. Credentials with a System scope are used for email, authentication, slave connection, and scenarios in which the Jenkins instance uses the credentials. Global: The credentials are available to the associated object and the child objects. The credentials with a global scope are typically used for the additional requirements of a job. NOTE: For Cloud credentials, select Global.
   Username	Specifies the Username of your Quantum Cloud instance.
   Password	Specifies the Password of your Quantum Cloud instance.
   ID	Specifies the unique identifier that jobs and other configurations use to identify the credentials. NOTE: Temenos strongly recommends that you specify an ID that you can easily recognize. If this field is left blank, an ID is automatically generated, which you may not be able to recognize later.
   Description	Specifies the details about the credentials. This is an optional field. Temenos recommends that you provide a unique description so that you can easily distinguish the credentials while triggering a build.

5. After you configure the parameters, click Add.
6. On the buildVisualizerApp job, from the FABRIC_CREDENTIALS_ID list, select the credentials that you added.

A Quantum Fabric App configuration connects to the specified back-end services while building a Visualizer app. In the FABRIC_APP_CONFIG parameter, you can specify the details of your app such as the host URL, app name, environment, and app version. The details are used to fetch the app services document, binding the app to an environment, and publish the app to the environment.

To add a Fabric app configuration, follow these steps:

1. From the Quantum Visualizer & Fabric section in the buildVisualizerApp job, next to the FABRIC_APP_CONFIG parameter, click ADD. A drop-down list appears.
2. From the drop-down list, select the scope at which you want to add the new credentials.
   

   

   NOTE: As Temenos typically provides only one set of these credentials per customer, Temenos recommends that you store this credential type in the Jenkins scope to share it across projects and to avoid creating unnecessary duplicates.
   

3. In the Add Credentials window, from the Kind list, select Fabric App Configuration.

   NOTE: In the Domain field, make sure that the Global Credentials (Unrestricted) domain is selected.

   

4. Configure the parameters that appear in the Add Credentials window. For more information about the parameters, refer to the following table.

   Parameter	Description
   ID	Specifies the unique identifier that jobs and other configurations use to identify the credentials. NOTE: Temenos strongly recommends that you specify an ID that you can easily recognize. If this field is left blank, an ID is automatically generated, which you may not be able to recognize later.
   Description	Specifies the details about the credentials. This is an optional field. Temenos recommends that you provide a unique description so that you can easily distinguish the credentials while triggering a build.
   Environment Name	Specifies the Quantum Fabric name to which you want to publish the Fabric app.
   Application Name	Specifies the name of the Fabric app that you want to bind to the project.
   Application Version	Specifies the version of the Fabric app that you want to bind to the project.
   Fabric Host Environment	Specifies the location of the Fabric server on which the cloud environment is hosted. Contains the following options: manage.kony.com/manage.temenos.com This check box specifies that the Fabric environment is hosted on the Temenos AWS Cloud. When you select this check box, the Account ID parameter appears. On-Premise/Cloud This check box specifies that the Fabric environment is hosted on-premises or on other clouds (such as Azure). When you select this check box, the Console URL and Identity URL parameters appear.
   Account ID	Specifies the account ID of the cloud on which the Fabric environment is hosted. The default account ID for this field is for the cloud that is linked to your App Factory environment. If you want link the project to a different cloud, type the account ID in the text box. This parameter is applicable only if manage.kony.com/manage.temenos.com is selected as the Fabric Host Environment.
   Console URL	Specifies the IP address (or the DNS) and port of the Fabric Console server. For example: http://1.2.10.20:8080 This parameter is applicable only if On-Premise/Cloud is selected as the Fabric Host Environment. NOTE: The Fabric Console server must be accessible from the App Factory build environment. If the Fabric Console is behind a firewall, make sure that the IP address is white-listed. If the Fabric Console is on a local on-premise setup, make sure that you enable public IP.
   Identity URL	Specifies the IP address (or the DNS) and port of the Fabric identity server. For example: http://1.3.10.30:8080 This parameter is applicable only if On-Premise/Cloud is selected as the Fabric Host Environment. NOTE: The Fabric identity server must be accessible within the App Factory build environment. If the Fabric identity server is behind a firewall, make sure that the IP address is white-listed. If the Fabric identity server is on a local on-premise setup, make sure that you enable public IP.
   Custom Tenant URL	Specifies the Custom Tenant URL used to generate the Service Document for the Quantum Fabric App Services. This parameter is applicable only if On-Premise/Cloud is selected as the Fabric Host Environment. NOTE: If you do not provide the Custom Tenant URL, App Factory generates the Service Document by using the Identity URL of the Quantum Fabric installation environment.

5. Validate the details that you entered for the parameters, and then click ADD.
6. On the buildVisualizerApp job, from the FABRIC_APP_CONFIG list, select the credentials that you added.

A Sonar token is used to sign-in to your SonarQube cloud. To add a Sonar token as credentials, follow these steps:

1. From the SonarQube section in the Visualizer Project Settings, next to the Login Token setting, click ADD. A drop-down list appears.
2. From the drop-down list, select the scope at which you want to add the new credentials.
3. In the Add Credentials window, from the Kind list, select Sonar Token.

   NOTE: In the Domain field, make sure that the Global Credentials (Unrestricted) domain is selected.

4. Configure the parameters that appear in the Add Credentials window. For more information about the parameters, refer to the following table.

   Parameter	Description
   ID	Specifies the unique identifier that jobs and other configurations use to identify the credentials. NOTE: Temenos strongly recommends that you specify an ID that you can easily recognize. If this field is left blank, an ID is automatically generated, which you may not be able to recognize later.
   Description	Specifies the details about the credentials. This is an optional field. Temenos recommends that you provide a unique description so that you can easily distinguish the credentials while triggering a build.
   Sonar Token	Specifies the authentication token that is used to login to the SonarQube server.

5. After you configure all the parameters, click Add.
6. In the Project Settings, from the Login Token list, select the credentials that you added.

App Factory signs-in to your repository to check-out and build the Visualizer project. To build a Visualizer app, you need to add the source code repository credentials to your project.

NOTE: If your repository is protected with 2FA (two-factor authentication) in GitHub, you need to add the GitHub credentials to your project. For more information, refer to GitHub 2FA.

To add source code repository credentials, follow these steps.

1. In the Source Control section of the Visualizer Project Settings or Fabric Project Settings, next to the SCM Credentials setting, click ADD. A drop-down list appears.
2. From the drop-down list, select the scope at which you want to add the new credentials.

   NOTE: As developers typically use the different GitHub accounts for different projects, Temenos recommends that you store this credential type at the project level scope to keep it local to the project.
   

3. In the Add Credentials window, from the Kind list, select Username and Password.
   
4. Configure the parameters that appear in the Add Credentials window. For more information about the parameters, refer to the following table.
   
   

   Parameter	Description
   Scope	Specifies the level at which the credentials are used. Contains the following options: System: The credentials are available to the associated object. Credentials with a System scope are used for email, authentication, slave connection, and scenarios in which the Jenkins instance uses the credentials. Global: The credentials are available to the associated object and the child objects. The credentials with a global scope are typically used for the additional requirements of a job.
   Username	Specifies the user name of your SCM credentials. NOTE: If your repository is protected with 2FA (two-factor authentication) on GitHub, then the Username is your GitHub user name. For more information, refer to GitHub 2FA.
   Password	Specifies the password of your SCM credentials. NOTE: If your repository is protected with 2FA (two-factor authentication) on GitHub, then the Password is the GitHub personal access token. For more information, refer to GitHub 2FA.
   ID	Specifies the unique identifier that jobs and other configurations use to identify the credentials. NOTE: Temenos strongly recommends that you specify an ID that you can easily recognize. If this field is left blank, an ID is automatically generated, which you may not be able to recognize later.
   Description	Specifies the details about the credentials. This is an optional field. Temenos recommends that you provide a unique description so that you can easily distinguish the credentials while triggering a build.

5. After you configure the parameters, click Add.
6. In the Source Control section in the Project Settings, from the SCM Credentials list, select the credentials that you added.
   

If the source code URL for your project is an SSH URL, you need to add the SSH key credentials that act as the source code repository credentials for the project.

NOTE: You need to generate and add the SSH key to your GitHub account before you add the key in App Factory. For more information, refer to Generating a New SSH key and Adding the New SSH key to your GitHub Account.

To add new SSH key credentials to your project, follow these steps.

1. In the Source Control section of the Visualizer Project Settings or Fabric Project Settings, next to the SCM Credentials setting, click ADD. A drop-down list appears.
2. From the drop-down list, select the scope at which you want to add the new credentials.

   NOTE: As developers typically use the different GitHub accounts for different projects, Temenos recommends that you store this credential type at the project level scope to avoid potential security concerns.
   

3. In the Add Credentials window, from the Kind list, select SSH Username with private key.
   
4. Configure the parameters that appear in the Add Credentials window. For more information about the parameters, refer to the following table.
   
   

   Parameter	Description
   ID	Specifies the unique identifier that jobs and other configurations use to identify the credentials. NOTE: Temenos strongly recommends that you specify an ID that you can easily recognize. If this field is left blank, an ID is automatically generated, which you may not be able to recognize later.
   Description	Specifies the details about the credentials. This is an optional field. Temenos recommends that you provide a unique description so that you can easily distinguish the credentials while triggering a build.
   Username	Specifies the user name that is used to identify the SSH key. This parameter is optional. NOTE: If your repository is protected with 2FA (two-factor authentication) on GitHub, then the Username is your GitHub user name. For more information, refer to GitHub 2FA.
   Private Key	Specifies the Private Key that is related to the Public Key that is linked to GitHub. To configure a Private Key, select Enter Directly, and then click Add. Select the Enter Directly option and click Add to provide the Private key of the related Public Key which is linked in GitHub.
   Passphrase	Specifies the passphrase that is configured while generating the SSH key.

5. After you configure the parameters, click Add.
6. From the Source Control section in the Project Settings, from the SCM Credentials list, select the credentials that you added.
   

App Factory signs-in to your database to run scripts and commands. To run SQL or Flyway scripts on your database, you need to add the database credentials to your project.

To add the database credentials, follow these steps.

1. While configuring parameters for the Flyway job, next to the DB_CREDENTIALS parameter, click ADD.
   A drop-down list appears.
2. From the drop-down list, select the scope at which you want to add the new credentials.

   NOTE: As developers typically have unique database credentials, Temenos recommends that you store this credential type at the project level scope to avoid potential security concerns.
   

3. In the Add Credentials window, from the Kind list, select Username and Password.

   NOTE: In the Domain field, make sure that the Global Credentials (Unrestricted) domain is selected.

   
   
4. Configure the parameters that appear in the Add Credentials window. For more information about the parameters, refer to the following table.
   

   Parameter	Description
   Scope	Specifies the level at which the credentials are used. Contains the following options: System: The credentials are available to the associated object. Credentials with a System scope are used for email, authentication, slave connection, and scenarios in which the Jenkins instance uses the credentials. Global: The credentials are available to the associated object and the child objects. The credentials with a global scope are typically used for the additional requirements of a job.
   ID	Specifies the unique identifier that jobs and other configurations use to identify the credentials. NOTE: Temenos strongly recommends that you specify an ID that you can easily recognize. If this field is left blank, an ID is automatically generated, which you may not be able to recognize later.
   Description	Specifies the details about the credentials. This is an optional field. Temenos recommends that you provide a unique description so that you can easily distinguish the credentials while triggering a build.
   DB_URL	Specifies the URL at which the database is hosted. The URL must be in the JDBC format. For example: jdbc:mysql://host1:3060 jdbc:mysql://host1:3060/sampledb
   DB_USERNAME	Specifies the username that is used to access your database. Make sure that the user has permissions to write and update schemas.
   DB_PASSWORD	Specifies the password that is used to access your database.

5. After you configure the parameters, click Add.

NOTE: To validate the credentials, click TEST CONNECTION.

6. In the Flyway job, from the DB_CREDENTIALS list, select the credentials that you added.

IMPORTANT: From January 2021, Apple has started to enforce 2FA to authenticate with username and password, which makes it impractical to use for automation. Therefore, App Factory has deprecated support for signing iOS binaries with the Apple Account signing method. You must upgrade your App Factory project and either use the API Key or the Upload Certificate signing method.

App Factory uses the App Store Connect API Key of the Apple Developer account to generate signing certificates for iOS apps. If you want to generate certificates by using your Apple Developer account, you need to add the API Key to your project.

For more information about the App Store Connect API, refer to Creating API Keys for App Store Connect API and Generating Tokens for API Requests.

To add the Apple API Key to your project, follow these steps.

1. While configuring the Project Settings, in the iOS section, next to the API Key parameter, click ADD.
   A drop-down list appears.
   
2. From the drop-down list, select the scope at which you want to add the new credentials.

   NOTE: As developers typically use unique API Keys, Temenos recommends that you store this credential type at the project level scope to avoid potential security concerns.
   

3. In the Add Credentials window, from the Kind list, select Apple App Store Connect API.

   NOTE: In the Domain field, make sure that the Global Credentials (Unrestricted) domain is selected.

4. Configure the parameters that appear in the Add Credentials window. For more information about the parameters, refer to the following table.
   
   

   Parameter	Description
   Scope	Specifies the level at which the credentials are used. Contains the following options: System: The credentials are available to the associated object. Credentials with a System scope are used for email, authentication, slave connection, and scenarios in which the Jenkins instance uses the credentials. Global: The credentials are available to the associated object and the child objects. The credentials with a global scope are typically used for the additional requirements of a job.
   ID	Specifies the unique identifier that jobs and other configurations use to identify the credentials. NOTE: Temenos strongly recommends that you specify an ID that you can easily recognize. If this field is left blank, an ID is automatically generated, which you may not be able to recognize later.
   Description	Specifies the details about the credentials. This is an optional field. Temenos recommends that you provide a unique description so that you can easily distinguish the credentials while triggering a build.
   Issuer ID	Specifies the Issuer ID that you receive from App Store Connect.
   Key ID	Specifies the Key ID that you receive after creating an API Key on App Store Connect.
   API Key File	Specifies the API key file that you downloaded from App Store Connect.

5. After you configure the parameters, click Add.
6. In the iOS section of the Visualizer Project Settings, from the API Key list, select the credentials that you added.
   

App Factory uses certificates to sign the iOS binaries (.ipa). If you want to upload the signing certificates manually, you need to add the certificates to your project.

IMPORTANT: Make sure that you convert the signing certificates to the P12 format before uploading them to App Factory.

To add signing certificates to your project, follow these steps.

1. While configuring parameters for the buildVisualizerApp job, next to the APPLE_SIGNING_CERTIFICATES parameter, click ADD. A drop-down list appears.
   
2. From the drop-down list, select the scope at which you want to add the new credentials.

   NOTE: As developers typically have unique signing certificates, Temenos recommends that you store this credential type at the project level scope to avoid potential security concerns.
   

3. In the Add Credentials window, from the Kind list, select Apple Signing Certificates.

   NOTE: In the Domain field, make sure that the Global Credentials (Unrestricted) domain is selected.

   
   
4. Configure the parameters that appear in the Add Credentials window. For more information about the parameters, refer to the following table.
   
   

   Parameter	Description
   Scope	Specifies the level at which the credentials are used. Contains the following options: System: The credentials are available to the associated object. Credentials with a System scope are used for email, authentication, slave connection, and scenarios in which the Jenkins instance uses the credentials. Global: The credentials are available to the associated object and the child objects. The credentials with a global scope are typically used for the additional requirements of a job.
   ID	Specifies the unique identifier that jobs and other configurations use to identify the credentials. NOTE: Temenos strongly recommends that you specify an ID that you can easily recognize. If this field is left blank, an ID is automatically generated, which you may not be able to recognize later.
   Description	Specifies the details about the credentials. This is an optional field. Temenos recommends that you provide a unique description so that you can easily distinguish the credentials while triggering a build.
   Provision Certificate	Specifies the certificate that is used to sign the iOS binaries (.ipa).
   Password	Specifies the password for the Provision Certificate that you uploaded.
   Mobile Provisioning Profile	Specifies the provisioning profiles that are used to install the app on specific devices. You can select and upload a Single Profile or Multiple Profiles. Single Profile You need to upload a mobile provision file Multiple Profiles You need to upload a zip archive that contains multiple mobile provision files NOTE: Wild card provisioning profiles are not supported.

5. After you configure the parameters, click Add.
6. In the buildVisualizerApp job, from the APPLE_SIGNING_CERTIFICATES list, select the credentials that you added.
   

The TrustStore file stores a collection of trusted certificate authority certificates, also known as cacerts. To use a custom TrustStore for your Fabric instance, you need to add a TrustStore file and a TrustStore password to your project.

IMPORTANT: Make sure that you add password credentials for every TrustStore file.

Upload a Custom TrustStore File

1. While configuring the General Project Settings, under Custom Trust Store, click ADD. A drop-down list appears.
   
2. From the drop-down list, select the scope at which you want to add the credentials.

   NOTE: If you use the same TrustStore for multiple apps, you can add the TrustStore file at the Jenkins scope to use it across different projects. If you use different TrustStore for different apps, you can add the TrustStore file at the project level scope.
   

3. In the Add Credentials window, from the Kind list, select Secret File.

   NOTE: In the Domain field, make sure that the Global Credentials (Unrestricted) domain is selected.

   
   
4. Configure the parameters that appear in the Add Credentials window. For more information about the parameters, refer to the following table.
   

   Parameter	Description
   Scope	Specifies the level at which the credentials are used. Contains the following options: System: The credentials are available to the associated object. Credentials with a System scope are used for email, authentication, slave connection, and scenarios in which the Jenkins instance uses the credentials. Global: The credentials are available to the associated object and the child objects. The credentials with a global scope are typically used for the additional requirements of a job.
   File	Specifies the TrustStore file that contains the cacerts.
   ID	Specifies the unique identifier that jobs and other configurations use to identify the credentials. NOTE: Temenos strongly recommends that you specify an ID that you can easily recognize. If this field is left blank, an ID is automatically generated, which you may not be able to recognize later.
   Description	Specifies the details about the credentials. This is an optional field. Temenos recommends that you provide a unique description so that you can easily distinguish the credentials while triggering a build.

5. After you configure the parameters, click Add.
6. In the General Project Settings, from the Custom Trust Store list, select the credentials that you added.

Add a Custom TrustStore Password

1. While configuring the General Project Settings, under Custom Trust Store Password, click ADD. A drop-down list appears.
   
2. From the drop-down list, select the scope at which you want to add the credentials.

   NOTE: If you use the same TrustStore for multiple apps, you can add the TrustStore file at the Jenkins scope to use it across different projects. If you use different TrustStore for different apps, you can add the TrustStore file at the project level scope.
   

3. In the Add Credentials window, from the Kind list, select Secret Text.

   NOTE: In the Domain field, make sure that the Global Credentials (Unrestricted) domain is selected.

   
   
4. Configure the parameters that appear in the Add Credentials window. For more information about the parameters, refer to the following table.
   

   Parameter	Description
   Scope	Specifies the level at which the credentials are used. Contains the following options: System: The credentials are available to the associated object. Credentials with a System scope are used for email, authentication, slave connection, and scenarios in which the Jenkins instance uses the credentials. Global: The credentials are available to the associated object and the child objects. The credentials with a global scope are typically used for the additional requirements of a job.
   Secret	Specifies password for the TrustStore file that you uploaded.
   ID	Specifies the unique identifier that jobs and other configurations use to identify the credentials. NOTE: Temenos strongly recommends that you specify an ID that you can easily recognize. If this field is left blank, an ID is automatically generated, which you may not be able to recognize later.
   Description	Specifies the details about the credentials. This is an optional field. Temenos recommends that you provide a unique description so that you can easily distinguish the credentials while triggering a build.

5. After you configure the parameters, click Add.
6. In the General Project Settings, from the Custom Trust Store Password list, select the credentials that you added.

The keystore file stores the key that is used to sign the Android binary. To build a Visualize app for Android, you need to add an Android_Keystore file and an Android_KeyStore password to your project.

IMPORTANT: Make sure that you add Android_Keystore password credentials for every Android_Keystore file.

Upload an Android_KeyStore File

1. While configuring the build parameters for the buildVisualizerApp job, next to ANDROID_KEYSTORE_FILE, click ADD. A drop-down list appears.
   
2. From the drop-down list, select the scope at which you want to add the credentials.

   NOTE: If you use the same keystore for multiple apps, you can add the keystore file at the Jenkins scope to use it across different projects. If you use different keystores for different apps, you can add the keystore file at the project level scope.
   

3. In the Add Credentials window, from the Kind list, select Secret File.

   NOTE: In the Domain field, make sure that the Global Credentials (Unrestricted) domain is selected.

   
   
4. Configure the parameters that appear in the Add Credentials window. For more information about the parameters, refer to the following table.
   
   

   Parameter	Description
   Scope	Specifies the level at which the credentials are used. Contains the following options: System: The credentials are available to the associated object. Credentials with a System scope are used for email, authentication, slave connection, and scenarios in which the Jenkins instance uses the credentials. Global: The credentials are available to the associated object and the child objects. The credentials with a global scope are typically used for the additional requirements of a job.
   File	Specifies the Keystore file that is used to sign the Android binaries.
   ID	Specifies the unique identifier that jobs and other configurations use to identify the credentials. NOTE: Temenos strongly recommends that you specify an ID that you can easily recognize. If this field is left blank, an ID is automatically generated, which you may not be able to recognize later.
   Description	Specifies the details about the credentials. This is an optional field. Temenos recommends that you provide a unique description so that you can easily distinguish the credentials while triggering a build.

5. After you configure the parameters, click Add.
6. In the buildVisualizerApp job, from the ANDROID_KEYSTORE_FILE list, select the credentials that you added.

Add an Android_KeyStore Password

1. While configuring the build parameters for the buildVisualizerApp job, next to ANDROID_KEYSTORE_PASSWORD, click ADD. A drop-down list appears.
   
2. From the drop-down list, select the scope at which you want to add the credentials.

   NOTE: If you use the same keystore for multiple apps, you can add the keystore file at the Jenkins scope to use it across different projects. If you use different keystores for different apps, you can add the keystore file at the project level scope.
   

3. In the Add Credentials window, from the Kind list, select Secret Text.

   NOTE: In the Domain field, make sure that the Global Credentials (Unrestricted) domain is selected.

   
   
4. Configure the parameters that appear in the Add Credentials window. For more information about the parameters, refer to the following table.
   
   

   Parameter	Description
   Scope	Specifies the level at which the credentials are used. Contains the following options: System: The credentials are available to the associated object. Credentials with a System scope are used for email, authentication, slave connection, and scenarios in which the Jenkins instance uses the credentials. Global: The credentials are available to the associated object and the child objects. The credentials with a global scope are typically used for the additional requirements of a job.
   Secret	Specifies password for the Keystore file that you uploaded.
   ID	Specifies the unique identifier that jobs and other configurations use to identify the credentials. NOTE: Temenos strongly recommends that you specify an ID that you can easily recognize. If this field is left blank, an ID is automatically generated, which you may not be able to recognize later.
   Description	Specifies the details about the credentials. This is an optional field. Temenos recommends that you provide a unique description so that you can easily distinguish the credentials while triggering a build.

5. After you configure the parameters, click Add.
6. In the buildVisualizerApp job, from the ANDROID_KEYSTORE_PASSWORD list, select the credentials that you added.

App Factory provides an option to build protected binaries for both Android and iOS platform by using Quantum Visualizer. To build an app in protected mode, you need to add keys to your project.

To add protected mode keys to your project, follow these steps.

1. While configuring the build parameters for the buildVisualizerApp job, from the Protected Build section, next to PROTECTED_KEYS, click ADD. A drop-down list appears.
   
2. From the drop-down list, select the scope at which you want to add the credentials.

   NOTE: As teams typically use one set of protected mode keys across multiple apps, Temenos recommends that you store this credential type in the Jenkins scope to share it across projects and to avoid creating unnecessary duplicates.
   

3. In the Add Credentials window, from the Kind list, select Protected Mode Build Keys.
   

   NOTE: The Domain field displays Global Credentials (Unrestricted).

   
   
4. Configure the parameters that appear in the Add Credentials window. For more information about the parameters, refer to the following table.
   
   

   Parameter	Description
   Scope	Specifies the level at which the credentials are used. Contains the following options: System: The credentials are available to the associated object. Credentials with a System scope are used for email, authentication, slave connection, and scenarios in which the Jenkins instance uses the credentials. Global: The credentials are available to the associated object and the child objects. The credentials with a global scope are typically used for the additional requirements of a job.
   Public Key	Specifies the public key that is used for encryption and to protect the app.
   Private Key	Specifies the private key that is used for encryption and to protect the app.
   Fin Keys	Specifies the fin keys that you want to use for the app. Fin Keys must be uploaded in a zip archive. The key files must be at the root of the zip archive, which must not have any sub-folder within the zip. NOTE: For versions V8 ServicePack 3 or later. uploading Fin Keys is optional.
   ID	Specifies the unique identifier that jobs and other configurations use to identify the credentials. NOTE: Temenos strongly recommends that you specify an ID that you can easily recognize. If this field is left blank, an ID is automatically generated, which you may not be able to recognize later.
   Description	Specifies the details about the credentials. This is an optional field. Temenos recommends that you provide a unique description so that you can easily distinguish the credentials while triggering a build.

5. After you configure the parameters, click Add.
6. In the buildVisualizerApp job, from the PROTECTED_KEYS list, select the credentials that you added.
   

App Factory provides an option to protect web applications as part of the automated build by obfuscating their Javascript logic.

To build a web app in protected mode, follow these steps.

1. In the Quantum Visualizer & Fabric section of the buildVisualizerApp job, from the BUILD_MODE list, select release-protected.
   
2. From the Web Protection section in the buildVisualizerApp job, next to the OBFUSCATION_PROPERTIES parameter, click ADD. A drop-down list appears.
3. From the drop-down list, select the scope at which you want to add the new credentials.
   

   

   NOTE: As Temenos typically provides only one set of these credentials per customer, Temenos recommends that you store this credential type in the Jenkins scope to share it across projects and to avoid creating unnecessary duplicates.
   

4. In the Add Credentials window, from the Kind list, select Secure JS Properties.
   

   NOTE: In the Domain field, make sure that the Global Credentials (Unrestricted) domain is selected.

   

5. Configure the parameters that appear in the Add Credentials window. For more information about the parameters, refer to the following table.
   

   Parameter	Description
   Scope	Specifies the level at which the credentials are used. Contains the following options: System: The credentials are available to the associated object. Credentials with a System scope are used for email, authentication, agent connection, and scenarios in which the Jenkins instance uses the credentials. Global: The credentials are available to the associated object and the child objects. The credentials with a global scope are typically used for the additional requirements of a job.
   ID	Specifies the unique identifier that jobs and other configurations use to identify the credentials. NOTE: Temenos strongly recommends that you specify an ID that you can easily recognize. If this field is left blank, an ID is automatically generated, which you may not be able to recognize later.
   Description	An optional free text field.
   Consumer Key	Specifies the consumer identifier that is used to invoke protection API calls (on your behalf) to obfuscate your web app. This is the value of the ci property in the securejs.properties file.
   Consumer Secret	Specifies the consumer secret that is used to invoke protection API calls (on your behalf) to obfuscate your web app. This is the value of the cs property in the securejs.properties file.
   Encryption Key	Specifies the base64-encoded symmetric encryption key, which is itself encrypted with your RSA public key. This is the value of the id property in the securejs.properties file.

6. After you configure the parameters, click Add. In the buildVisualizerApp job, from the OBFUSCATION_PROPERTIES list, select the credentials that you added.