Environment Variables
Manoj Kumar Srivastava
Ananth Pal
Overview
This document outlines the environment variables required for various containers during the installation or upgrade of KnowHOW. Few sections are marked mandatory, while the rest are optional and depending on the tools in use.
Mandatory configurations
If installing for the first time, provide the following:
MONGO_INITDB_ROOT_USERNAME=<DB ROOT USER>MONGO_INITDB_ROOT_PASSWORD=<DB ROOT PASSWORD>
Mandatory configurations
For Upgrading KnowHOW:
mongock.start-system-version=<Your current KnowHOW version>mongock.end-system-version=<Version to upgrade to>mongock.migration-scan-package=com.publicissapient.kpidashboard.apis.mongock.upgradeversionnumber=<Version number you are upgrading to>
For First-time Installation:
mongock.migration-scan-package=com.publicissapient.kpidashboard.apis.mongock.installationmongock.end-system-version=<KnowHOW version number>forgotPassword.uiHost=<KnowHOW server DNS without https://>corsFilterValidOrigin=<KnowHOW server DNS without https://>spring.data.mongodb.uri=mongodb://<DB USER>:<DB PASSWORD>@mongodb:27017/kpidashboard(URL-encode special characters in the password.)aesEncryptionKey=<AES Encryption Key>(Generate using a random key generator; minimum length: 8.)auth.secret=<JWT token signing secret>(Minimum length: 4.)isRepoToolEnable=<true|false>(Enable or disable SCM.)versionnumber=<Latest version number>
SAML Authentication:
To authenticate and authorize KnowHOW users using SAML
auth.subDomainCookie=trueauth.domain=<Auth service parent domain>auth.centralAuthBaseURL=https://<Central Auth Backend DNS>auth.resourceAPIKey=<Resource API key>(Generate an API Key by following the steps outlined here. This is required only when running central authentication.)
SCM Processor Setup:
When installing KnowHOW with the SCM Processor (i.e., when isRepoToolEnable=true)
exposed_api_key=<API key>repoToolAPIKey=<API key>(Generate an API Key by following the steps outlined here. )
Optional Variables:
JAVA_OPTS=<JVM options>
DNS_SSL=<Your IP/DNS address>API_HOST=<CustomAPI container name>API_PORT=<CustomAPI port>
SAML Authentication:
To authenticate and authorize KnowHOW users using SAML
AUTHENTICATION_SERVICE=trueCENTRAL_LOGIN_URL=https://<Central Authentication Service URL>
spring.data.mongodb.uri=mongodb://<DB USER>:<DB PASSWORD>@mongodb:27017/kpidashboardaesEncryptionKey=<Same key as defined in CustomAPI>
spring.data.mongodb.uri=mongodb://<DB USER>:<DB PASSWORD>@mongodb:27017/kpidashboardaesEncryptionKey=<Same key as defined in CustomAPI>
spring.data.mongodb.uri=mongodb://<DB USER>:<DB PASSWORD>@mongodb:27017/kpidashboardaesEncryptionKey=<Same key as defined in CustomAPI>
Applicable only when deploying KnowHOW with the AuthnAuth application
For PostgreSQL Configuration:
POSTGRES_USER=<DB ROOT USER>POSTGRES_PASSWORD=<DB ROOT PASSWORD>POSTGRES_DB=authNauthHOST=<Host IP>
AuthnAuth Configuration:
auth.baseUrl=https://<Central Auth UI DNS>auth.baseUiUrl=https://<Central Auth UI DNS>auth.secret=<Same JWT token signing secret>(This should be the same passphrase used to generate the signed JWT token in CustomAPI.)forgotPassword.uiHost=https://<Central Auth UI DNS>auth.corsFilterValidOrigin=https://<Central Auth UI DNS>spring.datasource.url=jdbc:postgresql://<Auth DB service/container name>:<Port>/authNauthspring.datasource.username=authdbspring.datasource.password=<Postgres DB password>spring.kafka.producer.bootstrap-servers=<Kafka service/container>spring.kafka.consumer.bootstrap-servers=<Kafka service/container:port>KAFKA_CFG_ZOOKEEPER_CONNECT=<Zookeeper service/container:port>ZOO_SERVERS=<Zookeeper service/container:port>flag.mailWithoutKafka=<true|false>auth.domain=<Parent domain>
SAML Integration:
For SAML integration, obtain the following values from your company’s Azure AD provider. Refer to the SSO Integration documentation for guidance.
auth.holdingEntityId=<SAML Entity ID>auth.assertingEntityId=<SAML Tenant URL>auth.alias=<SAML alias>auth.samlLoginUrl=<SAML login URL>
For Auth 2.0.0 Configuration:
auth.serverApiKey:<Resource API key for the Auth Service API used in KnowHOW Backend>
(Use the same API key as specified. Follow the mentioned steps.)auth.rpCertificate:<Credentials for SAML SSO signing>auth.rpPrivateKey:<Credentials for SAML SSO signing>spring.security.saml2.relyingparty.registration.azure.assertingparty.metadata-uri:<Login URL for SAML>spring.security.saml2.relyingparty.registration.azure.entity-id:<SAML Entity ID>AUTH_BASE_URL:<Auth UI URL>
UI Application:
REACT_APP_DNS: https://<Central Auth UI URL>DNS_SSL: https://<Central Auth UI URL>REACT_APP_PSKnowHOW: https://<KnowHOW UI URL>
PostgreSQL Configuration:
POSTGRES_USER=<Postgres username>POSTGRES_PASSWORD=<Postgres password>POSTGRES_DB=debbie
Django Configuration:
DEBUG=TrueDEBUG_TOOLBAR=TrueALLOWED_HOSTS=*DATABASE_URL=<Postgres DB URL>CORS_ORIGIN_WHITELIST=http://localhost(Specifies the allowed origins for handling CORS)RESULT_SEND_TYPE=mq(Specifies the RabbitMQ message key)RABBITMQ_DEFAULT_USER=adminRABBITMQ_DEFAULT_PASS=<RabbitMQ password>RABBITMQ_DEFAULT_VHOST=debbie(Specifies the default host of RabbitMQ)RABBIT_BROKER_HOST=repotool-rabbitmq(Specifies the RabbitMQ container name)RABBIT_BROKER_PORT=5672RABBIT_QUEUE=repos(Specifies the name of the RabbitMQ job queue)
BASE_HOST_URL=https://<Your base host>SCAN_STATUS_APIS=http://customapi:8080/api/processor/saveRepoToolsStatus(API endpoint for saving scanning details)SCAN_STATUS_APIS_TOKEN=<API token>(Same value of customapiexposed_api_key)DEBBIE_INTERNAL_API_KEY=<API key>(Generated by RepoTool)
© 2022 Publicis Sapient. All rights reserved.