Sensitive information about visibility jobs that you create is encrypted when stored in the Cloud Discovery & Visibility (CDV) database. (This is mainly the BlueCat Address Manager (BAM) credentials needed to access the BAM APIs used by that job.) The key used to encrypt this information is called the CDV Secret Key.
You can either explicitly define the CDV Secret Key as an environment variable when
you deploy the CDV container (
SECRET_KEY) , or let CDV create one.
However, if you want CDV to restart visibility jobs on startup, you must
SECRET_KEY must have exactly 32 characters. It can
include case-sensitive letters, numbers, and special characters except white space,
single quotation marks (
'), or double quotation marks
For visual clarity, you can enclose the
SECRET_KEY variable inside
single or double quotation marks. For example:
docker run -d \ -p 80:8000 \ -p 443:44300 \ -v <volume-name>:/var/lib/postgresql/ \ -e BAM_IP=<your_bam_ip_address> \ -e SECRET_KEY="?=}z@S9A)D7,/*%\[2_Av%L(a&}#xD;y" \ --name <gateway_container_name> \ quay.io/bluecat/cloud_discovery_visibility:22.2.2
How does CDV use the CDV Secret Key to restart visibility jobs?
Normally, when the CDV container stops (either intentionally or because of a system
failure), all running CDV jobs are also stopped. However, if the
SECRET_KEY is explicitly specified as an environment variable,
CDV will look for stopped visibility jobs and decrypt information about those jobs
using that key. All found jobs are decrypted using the
value, added to an internal queue, then restarted one by one.
SECRET_KEY variable is specified, for security reasons the CDV
container will not look for or restart stopped jobs. Users can still restart jobs
manually after they log in to CDV under an appropriate account.