Sensitive information about visibility jobs that you create is encrypted when stored in the Cloud Discovery & Visibility (CDV) database. (This is mainly the BlueCat Address Manager (BAM) credentials needed to access the BAM APIs used by that job.) The key used to encrypt this information is called the CDV Secret Key.
You can either explicitly define the CDV Secret Key as an environment variable when
you deploy the CDV container (SECRET_KEY
) , or let CDV create one.
However, if you want CDV to restart visibility jobs (and Azure visibility managers)
on startup, you must specify the SECRET_KEY
yourself.
The SECRET_KEY
must have exactly 32 characters. It can
include case-sensitive letters, numbers, and special characters except white space,
single quotation marks ('
), or double quotation marks
("
).
For visual clarity, you can enclose the SECRET_KEY
variable inside
single or double quotation marks. For example:
docker run -d \
-p 80:8000 \
-p 443:44300 \
-v <Path to mapped log directory>:/logs/ \
-v <Path to mapped workspace directory>:/bluecate_gateway/ \
-v <volume-name>:/var/lib/postgresql/ \
-e BAM_IP=<your_bam_ip_address> \
-e SECRET_KEY="?=}z@S9A)D7,/*%\[2_Av%L(a&}#xD;y" \
--name <gateway_container_name> \
quay.io/bluecat/cloud_discovery_visibility:24.1.1
How does CDV use the CDV Secret Key to restart visibility jobs?
Normally, when the CDV container stops (either intentionally or because of a system
failure), all running CDV jobs are also stopped. However, if the
SECRET_KEY
is explicitly specified as an environment variable,
CDV will look for stopped visibility jobs and decrypt information about those jobs
using that key. All found jobs are decrypted using the SECRET_KEY
value, added to an internal queue, then restarted one by one.
If no SECRET_KEY
variable is specified, for security reasons the CDV
container will not look for or restart stopped jobs. Users can still restart jobs
manually after they log in to CDV under an appropriate account.