Thank you for your feedback.
Form temporarily unavailable. Please try again or contact docfeedback@servicenow.com to submit your comments.
Versions
  • London
  • Kingston
  • Jakarta
  • Istanbul
  • Helsinki
  • Geneva
  • Store
Close

Edge Encryption proxy server properties

Edge Encryption proxy server properties

The edgeencryption.properties configuration file located in the <installation directory>/conf/ folder contains properties used to configure your environment.

Table 1. Target (instance) properties
Property Description
edgeencryption.target.host Host name for the instance. Must be the same for all encryption proxies connecting to the same instance. This property is set when the proxy is installed. For example, instancename.servicenow.com
edgeencryption.target.port Instance port. Must be the same for all encryption proxies connecting to the same instance. This property is set when the proxy is installed.
edgeencryption.target.protocol Instance protocol. Must be the same for all encryption proxies connecting to the same instance. This property is set when the proxy is installed. Options include:
  • http
  • https
Table 2. User account properties
Property Description
edgeencryption.target.username User name that the proxy uses to log in to the instance. The user must have the edge_encryption role. See Set up an Edge Encryption user account.
edgeencryption.target.password Password that the proxy uses to log in to the instance.
Table 3. Proxy properties
Property Description
edgeencryption.proxy.host Server name, IP address, or fully qualified domain name of the computer running the proxy. Along with the port, this property defines the URL used by the client to access the proxy server.
edgeencryption.proxy.name Proxy name. It must be unique for each proxy.
edgeencryption.proxy.http.port Port on the proxy for HTTP communication.
edgeencryption.proxy.https.port Port on the proxy for HTTPS communication.
Table 4. SSL certificate properties
Property Description
edgeencryption.proxy.https.cert.alias Alias of the certificate provided by the proxy server to connecting clients.
edgeencryption.proxy.https.keystore.path Path to the keystore that contains the HTTPS certificate.
edgeencryption.proxy.https.keystore.password Password for the keystore that contains the HTTPS certificate.
Table 5. Proxy configuration locked property
Property Description
edgeencryption.proxy.locked When true, the proxy does not accept encryption configuration changes or encryption rule changes from the instance. Set this property on the production instance after all encryption configurations and rules are final.
Table 6. Proxy database properties
Property Description
edgeencryption.db.url Proxy database location. Must be the same for all encryption proxies connecting to the same instance.
edgeencryption.db.user User name for accessing the proxy database. Must be the same for all encryption proxies connecting to the same instance.
edgeencryption.db.password Password to access the proxy database. Must be the same for all encryption proxies connecting to the same instance.
edgeencryption.db.name Proxy database name. Must be the same for all encryption proxies connecting to the same instance.
  • Default value: edgeencryption
edgeencryption.db.bootstrap.file

Bootstrap file for the proxy database. The file is relative to the sql/ directory. Must be the same for all encryption proxies connecting to the same instance.

Note: Under normal circumstances, this parameter should not be changed.
Table 7. Digital signature properties
Property Description
edgeencryption.proxy.signature.keystore.path Path and Java KeyStore file name.
edgeencryption.proxy.signature.keystore.password Password. The default password is <changeme>. Change the password after installing the Java KeyStore.
edgeencryption.proxy.signature.keystore.keyalias The key alias given as the -alias argument when the RSA key pair is generated.
Table 8. NAE device keystore
Property Description
edgeencryption.nae.retries Number of retries to make.
edgeencryption.nae.enabled Setting indicates whether an NAE device is available.
edgeencryption.nae.server Name of the NAE server.
edgeencryption.nae.port Port used by the NAE server.
edgeencryption.nae.protocol Protocol used by the NAE server.
edgeencryption.nae.keystore.path Path to the key store on the NAE server.
edgeencryption.nae.keystore.password NAE keystore password.
edgeencryption.nae.username User name to use to authenticate with the NAE device.
edgeencryption.nae.password Password to use to authenticate with the NAE device.
edgeencryption.nae.client.certificate Certificate located in the keystore on the NAE server. Set this property to authenticate using a certificate instead of a username and password.
Table 9. Clear text and static IV properties
Property Description
edgeencryption.customer.assigned.known.cleartext Clear text to let the instance verify that all proxies are using the same keys. At startup, the proxy encrypts the clear text and sends the encrypted text to the instance. The instance does not know the clear text, nor are keys sent to the instance. This property must be the same for all proxies.
edgeencryption.encrypter.static.iv Static IV (initialization vector) used in equality-preserving and order-preserving encryption. This property must be the same for all proxies and it must be exactly 16 bytes (16 ASCII characters).
Table 10. Password property
Property Description
edgeencryption.encrypter.properties.password Name of the file in the conf folder that contains a string used within a secure process to obfuscate passwords in the edgeencryption.properties file.

If this property is not set, passwords in your properties file appear in clear text. Leave this property blank until after the proxy configuration has been set up and tested.

Table 11. Web proxy properties
Property Description
edgeencryption.webproxy.host Web proxy name or IP address.
edgeencryption.webproxy.port Port on the web proxy.
edgeencryption.webproxy.user User name used to connect to the web proxy. If your web proxy does not use authentication, leave this property commented out.
edgeencryption.webproxy.password Password to use to connect to the web proxy. If your web proxy does not use authentication, leave this property commented out.
Table 12. Java KeyStore properties
Property Description
edgeencryption.keystore.path

Path to the Java KeyStore. If using a file store or a SafeNet KeySecure keystore, leave this property commented out.

Example:

edgeencryption.keystore.path = keystore/keystore.jceks
edgeencryption.keystore.password Password the proxy uses to connect to the Java KeyStore. If using a file store or a SafeNet KeySecure keystore, leave this property commented out.
Table 13. File store properties
Property Description
edgeencryption.keyfile.directory

The directory specifies where key files are stored. If using the Java KeyStore or a SafeNet KeySecure keystore, leave this property commented out.

Example:

edgeencryption.keyfile.directory=keys
Table 14. General configuration properties
Property Description
edgeencryption.config.poll.interval Poll interval in seconds. The default setting means that it takes 5 seconds for the proxy to learn of encryption configuration changes. Larger values cause the instance to take longer to detect an offline proxy.
Note: Do not change this property. Changing the default setting of the Proxy Poll Interval can result in detection delays when a proxy comes online.
edgeencryption.rules.dir Folder where the encryption rules are stored on the proxy.
edgeencryption.encryption.order_preserving.cache.enable Setting determines whether caching is used to support order-preserving encryption types.
edgeencryption.encryption.order_preserving.cache.size Maximum cache size, in bytes.
edgeencryption.jobs.concurrency Maximum number of mass encryption jobs that can run concurrently on this proxy.
edgeencryption.jobs.requests_per_second Number of http job requests per second that can be sent to the instance by this proxy.
edgeencryption.attachments.request.timeout.seconds Attachment upload request timeout in seconds.
edgeencryption.request.buffer.size Size of an encryption request. If an encryption request is larger than this size, the excess is saved to disk.
Note: Do not change this property.
edgeencryption.httpclient.request.buffer.size Size of the client request. If the client request is larger than this size, the excess is saved to disk.
Note: Do not change this property.
edgeencryption.proxy.idle.timeout Time in seconds after which a transaction times out. The default value is 300.
edgeencryption.proxy.keepalive.interval Time in seconds between pings issued by the proxy to the instance. Pings are issued periodically to verify connectivity between the proxy and the instance. The default value is 10. The minimum value is 5.
edgeencryption.register.retry.count Maximum number of times the proxy will ping the instance to try to register. The default is 0 (no limit).
edgeencryption.tokenization.exclusion.list Encryption patterns cannot tokenize strings found in these fields.

Proxy server performance properties

Proxy server performance properties are not present in the configuration file by default. To change the default values, you must add the properties and restart the proxy server. For more information, see Edge Encryption diagnostics and performance.

Property Description
edgeencryption.stat.collection.enabled

Enables the collection of statistics used by the Edge Encryption proxy server performance dashboard.

  • Default value: true

Add this property and set the value to false to disable the collection of statistics used by the Edge Encryption proxy server performance dashboard. After adding proxy server performance properties, you must restart the proxy server for the change to take effect.

edgeencryption.stat.collection.interval Interval length in seconds during which the Edge Encryption proxy server collects statistics. The value cannot be less than 30 seconds.
  • Default value: 30

After adding proxy server performance properties, you must restart the proxy server for the change to take effect.

Table 15. Deprecated proxy encryption properties
Property Description
edgeencryption.encrypter.default.key128 Specifies the name of the current AES 128 key. An AES 128 key must be available even if it is not used. Must be the same for all proxies.
edgeencryption.encrypter.default.key256 Specifies the name of the current AES 256 key. Must be the same for all proxies.
edgeencryption.encrypter.key Specifies the key name. This property is specified for each key and is used to specify the default keys. This is the key alias integrated with the metadata that is included with each encrypted item and, therefore, is stored on the instance. The key name must use lowercase letters.
edgeencryption.encrypter.type Specifies the type of encryption keystore system.
edgeencryption.encrypter.file Specifies the path and file name of the text file associated with the key.
edgeencryption.encrypter.password Specifies the password for accessing the keystore.