Configuring the CDV Secret Key to automatically restart visibility jobs or scheduled discovery jobs upon startup - Adaptive Applications - BlueCat Gateway

Configuring the CDV Secret Key to automatically restart visibility jobs or scheduled discovery jobs upon startup - Adaptive Applications - BlueCat Gateway - 25.3

Cloud Discovery & Visibility Administration Guide

ft:locale

en-US

Product name

BlueCat Gateway

Version

25.3

Sensitive information about visibility jobs and scheduled discovery jobs that you create is encrypted when stored in the Cloud Discovery & Visibility (CDV) database. (This includes the cloud credentials required to access cloud platform resources, as well as the BlueCat Address Manager (BAM) credentials needed to interact with the BAM APIs used by the job.) The key used to encrypt this information is called the CDV Secret Key.

You can either explicitly define the CDV Secret Key as an environment variable when you deploy the CDV container (SECRET_KEY) , or let CDV create one. However, if you want CDV to restart visibility jobs or scheduled discovery jobs on startup, you must specify the SECRET_KEY yourself.

The SECRET_KEY must have exactly 32 characters. It can include case-sensitive letters, numbers, and special characters except white space, single quotation marks ('), or double quotation marks (").

For visual clarity, you can enclose the SECRET_KEY variable inside single or double quotation marks. For example:

docker run -d \
-p 80:8000 \
-p 443:44300 \
-v <Path to mapped log directory>:/logs/ \
-v <Path to mapped workspace directory>:/bluecate_gateway/ \
-v <Volume name>:/var/lib/postgresql/ \
-e BAM_IP=<Your BAM IP address> \
-e SECRET_KEY="?=}z@S9A)D7,/*%\[2_Av%L(a&}#xD;y" \
--name <Gateway container name> \
quay.io/bluecat/cloud_discovery_visibility:25.3

How does CDV use the CDV Secret Key to restart visibility jobs or scheduled discovery jobs?

Normally, when the CDV container stops (either intentionally or because of a system failure), all running CDV jobs are also stopped. However, if the SECRET_KEY is explicitly specified as an environment variable, CDV will look for stopped discovery jobs (or scheduled discovery jobs) and decrypt information about those jobs using that key. All found jobs are decrypted using the SECRET_KEY value, added to an internal queue, then restarted one by one.

Note: When CDV restarts, only jobs that were running are restarted. Visibility jobs and scheduled discovery jobs that were already Stopped or Failed will remain in that state and must be restarted manually, from the Discovery Management or Visibility Management panel.

If no SECRET_KEY variable is specified, for security reasons the CDV container will not look for or restart stopped jobs. Users can still restart jobs manually after they log in to CDV under an appropriate account.