Encryption and Proxy Configuration

Use the Settings page in Alert to configure encryption and proxies.

• The encryption fields are required in Alert, and your password and salt are required when encrypting sensitive fields in Alert, such as the Black Duck API token and proxy password, which must be securely stored in the database.

• Proxy configuration is only required if you want to use a proxy in your setup.

The configurable settings are discussed in the following sections.

Open

Encryption configuration

Configure your encryption credentials by navigating to Settings > Encryption Configuration. It is best to use environment variables to configure encryption when deploying Alert. The environment variables are:

• ALERT_ENCRYPTION_PASSWORD

• ALERT_ENCRYPTION_GLOBAL_SALT

If you have not set the environment variables, then you must configure encryption with the user interface.
If the encryption password and salt are not set, the setup page displays before you log in, and requires you to set the required values.

To set up your encryption configuration, complete the following fields under Encryption Configuration and then click Save.

• You can use the special characters !,@,%,# in the Encryption Password and Encryption Global Salt fields.

• The fields must contain values between 8 – 24 characters in length.

Environment variables are inserted at startup if there is nothing in the database for that configuration.

In in Alert versions prior to 6.0.0, when the Startup Environment Variable Override is set to true, the environment variables override the stored configurations at startup.

Open

Providing encryption configuration in a file

Using Docker secrets, you can supply a file for the encryption password and a file for the encryption salt. The files must contain the text that is the password and salt to be used for encryption on the first line of the file. The files must have the following names so that Alert can find them.

• ALERT_ENCRYPTION_PASSWORD

• ALERT_ENCRYPTION_GLOBAL_SALT

Examples

docker secret create blackduck_ALERT_ENCRYPTION_PASSWORD alert_encryption_password.txt
where the first line in the alert_encryption_password.txt file contains the password.

docker secret create blackduck_ALERT_ENCRYPTION_GLOBAL_SALT alert_encryption_global_salt.txt
where the first line in the alert_encryption_global_salt.txt file contains the salt.

Using multiple configuration methods

If you use multiple methods to configure encryption, they are evaluated and used in the following order:

1. Environment variables for encryption.

2. The files in the docker secrets directory.

3. The database volume if the encryption data was written to the volume.

Upgrading encryption considerations

When upgrading Alert, if the encryption password and salt were configured using environment variables in the previous version, then the encryption password and encryption salt values must be specified using environment variables for the new version of Alert. The environment variables must contain the same values as the corresponding password and salt variables in the previous version.

Proxy configuration

To configure your proxy environment,

1. Navigate to Settings > Proxy Configuration.

2. Click + at the left of Proxy Configuration to display the proxy fields.

Complete the following fields:

1. Proxy Host: Type your proxy server hostname.

2. Proxy Port: Type the port number to be used on your proxy server.

3. Proxy Username: If the proxy server requires authentication, type your proxy user name.

4. Proxy Password: If the proxy server requires authentication, type your proxy password.

5. Non-proxy hosts can be specified, and Alert will not send network traffic to those hosts through the proxy. This field supports the wildcard character '*' (e.g. specifying * .example.com will match https://org.example.com and server.example.com, but not http://my-example.com ). 

    

6. Click Save.