Configuring the CDV Secret Key to automatically restart visibility jobs upon startup - Adaptive Applications - BlueCat Gateway - 22.2.2

Cloud Discovery & Visibility Administration Guide

Product name
BlueCat Gateway

Sensitive information about visibility jobs that you create is encrypted when stored in the Cloud Discovery & Visibility (CDV) database. (This is mainly the BlueCat Address Manager (BAM) credentials needed to access the BAM APIs used by that job.) The key used to encrypt this information is called the CDV Secret Key.

You can either explicitly define the CDV Secret Key as an environment variable when you deploy the CDV container (SECRET_KEY) , or let CDV create one. However, if you want CDV to restart visibility jobs on startup, you must specify the SECRET_KEY yourself.

The SECRET_KEY must have exactly 32 characters. It can include case-sensitive letters, numbers, and special characters except white space, single quotation marks ('), or double quotation marks (").

For visual clarity, you can enclose the SECRET_KEY variable inside single or double quotation marks. For example:

docker run -d \
-p 80:8000 \
-p 443:44300 \
-v <volume-name>:/var/lib/postgresql/ \
-e BAM_IP=<your_bam_ip_address> \
-e SECRET_KEY="?=}z@S9A)D7,/*%\[2_Av%L(a&}#xD;y" \
--name <gateway_container_name> \

How does CDV use the CDV Secret Key to restart visibility jobs?

Normally, when the CDV container stops (either intentionally or because of a system failure), all running CDV jobs are also stopped. However, if the SECRET_KEY is explicitly specified as an environment variable, CDV will look for stopped visibility jobs and decrypt information about those jobs using that key. All found jobs are decrypted using the SECRET_KEY value, added to an internal queue, then restarted one by one.

Note: When CDV restarts, only jobs that were running are restarted. Visibility jobs that were already Stopped or Failed will remain in that state and must be restarted manually, from the Visibility Management panel.

If no SECRET_KEY variable is specified, for security reasons the CDV container will not look for or restart stopped jobs. Users can still restart jobs manually after they log in to CDV under an appropriate account.