package proto.security

Get desktop application:
View/edit binary Protocol Buffers messages

Configuration for the API server's addressable URL and CORS policies.

Used in: Security

• string corsAccessPattern = 1

  If you have authentication enabled, are accessing Spinnaker remotely, and are logging in from sources other than the UI, provide a regex matching all URLs authentication redirects may come from.

• optional ApiSsl ssl = 2

  If you want the API server to do SSL termination, it must be enabled and configured here. If you are doing your own SSL termination, leave this disabled.

• string overrideBaseUrl = 3

  If you are accessing the API server remotely, provide the full base URL of whatever proxy or load balancer is fronting the API requests

Configuration for SSL termination by the API server.

Used in: config.ServerConfig, ApiSecurity

• optional google.protobuf.BoolValue enabled = 1

  Whether SSL is enabled.

• string keyAlias = 2

  Name of your keystore entry as generated with your keytool.

• string keyStore = 3

  Path to the keystore holding your security certificates.

• string keyStoreType = 4

  The type of your keystore. Examples include JKS, and PKCS12.

• string keyStorePassword = 5

  The password to unlock your keystore. Due to a limitation in Tomcat, this must match your key's password in the keystore.

• string trustStore = 6

  Path to the truststore holding your trusted certificates.

• string trustStoreType = 7

  The type of your truststore. Examples include JKS, and PKCS12.

• string trustStorePassword = 8

  The password to unlock your truststore.

• ClientAuth clientAuth = 9

  Whether to require or allow client authentication.

Setting for client authentication.

Used in: ApiSsl

• UNSPECIFIED = 0

  Unspecified. Do not directly use, instead omit the field.

• NONE = 1

  No client authentication.

• WANT = 2

  Client authentication is optional.

• NEED = 3

  Client authentication is required.

Configuration for security settings.

Used in: config.Hal

• optional ApiSecurity apiSecurity = 1

  Configuration for the API server's addressable URL and CORS policies.

• optional UiSecurity uiSecurity = 2

  Configuration for the UI server's addressable URL.

• optional authn.Authentication authn = 3

  Configuration of how users authenticate against Spinnaker.

• optional authz.Authorization authz = 4

  Configuration for what resources users of Spinnaker can read and modify.

Configuration for a custom trust store.

Used in: WebhookConfig

• optional google.protobuf.BoolValue enabled = 1

  Whether this custom trust store is enabled.

• string trustStore = 2

  The path to a key store in JKS format containing certification authorities that should be trusted.

• string trustStorePassword = 3

  The password for the supplied trustStore.

Configuration for the UI server's addressable URL.

Used in: Security

• optional UiSsl ssl = 1

  Configuration for SSL termination by the UI gateway.

• string overrideBaseUrl = 2

  If you are accessing the UI server remotely, provide the full base URL of whatever proxy or load balancer is fronting the UI requests.

Configuration for SSL termination by the UI gateway.

Used in: UiSecurity

• optional google.protobuf.BoolValue enabled = 1

  Whether SSL is enabled.

• string sslCertificateFile = 2

  Path to your .crt file.

• string sslCertificateKeyFile = 3

  Path to your .key file.

• string sslCACertificateFile = 4

  Path to the .crt file for the CA that issued your SSL certificate. This is only needed for local git deployments that serve the UI using webpack dev server.

• string sslCertificatePassphrase = 5

  The passphrase needed to unlock your SSL certificate. This will be provided to Apache on startup.

Configuration for webhooks.

Used in: config.Hal, config.Orca

• optional TrustStore trust = 1

  A custom trust store to use for outgoing webhook connections.