Edge Encryption proxy server properties The edgeencryption.properties configuration file located in the <installation directory>/conf/ folder contains properties used to configure your environment. Table 1. Target (instance) properties Property Description edgeencryption.target.host Host name for the instance. Must be the same for all encryption proxies connecting to the same instance. This property is set when the proxy is installed. For example, instancename.servicenow.com edgeencryption.target.port Instance port. Must be the same for all encryption proxies connecting to the same instance. This property is set when the proxy is installed. edgeencryption.target.protocol Instance protocol. Must be the same for all encryption proxies connecting to the same instance. This property is set when the proxy is installed. Options include: http https Table 2. User account properties Property Description edgeencryption.target.username User name that the proxy uses to log in to the instance. The user must have the edge_encryption role. See Set up an Edge Encryption user account. edgeencryption.target.password Password that the proxy uses to log in to the instance. Table 3. Proxy properties Property Description edgeencryption.proxy.host Server name, IP address, or fully qualified domain name of the computer running the proxy. Along with the port, this property defines the URL used by the client to access the proxy server. edgeencryption.proxy.name Proxy name. It must be unique for each proxy. edgeencryption.proxy.http.port Port on the proxy for HTTP communication. edgeencryption.proxy.https.port Port on the proxy for HTTPS communication. Table 4. SSL certificate properties Property Description edgeencryption.proxy.https.cert.alias Alias of the certificate provided by the proxy server to connecting clients. edgeencryption.proxy.https.keystore.path Path to the keystore that contains the HTTPS certificate. edgeencryption.proxy.https.keystore.password Password for the keystore that contains the HTTPS certificate. Table 5. Proxy configuration locked property Property Description edgeencryption.proxy.locked When true, the proxy does not accept encryption configuration changes or encryption rule changes from the instance. Set this property on the production instance after all encryption configurations and rules are final. Table 6. Proxy database properties Property Description edgeencryption.db.url Proxy database location. Must be the same for all encryption proxies connecting to the same instance. edgeencryption.db.user User name for accessing the proxy database. Must be the same for all encryption proxies connecting to the same instance. edgeencryption.db.password Password to access the proxy database. Must be the same for all encryption proxies connecting to the same instance. edgeencryption.db.name Proxy database name. Must be the same for all encryption proxies connecting to the same instance. Default value: edgeencryption edgeencryption.db.bootstrap.file Bootstrap file for the proxy database. The file is relative to the sql/ directory. Must be the same for all encryption proxies connecting to the same instance. Note: Under normal circumstances, this parameter should not be changed. Table 7. Digital signature properties Property Description edgeencryption.proxy.signature.keystore.path Path and Java KeyStore file name. edgeencryption.proxy.signature.keystore.password Password. The default password is <changeme>. Change the password after installing the Java KeyStore. edgeencryption.proxy.signature.keystore.keyalias The key alias given as the -alias argument when the RSA key pair is generated. Table 8. NAE device keystore Property Description edgeencryption.nae.retries Number of retries to make. edgeencryption.nae.enabled Setting indicates whether an NAE device is available. edgeencryption.nae.server Name of the NAE server. edgeencryption.nae.port Port used by the NAE server. edgeencryption.nae.protocol Protocol used by the NAE server. edgeencryption.nae.keystore.path Path to the key store on the NAE server. edgeencryption.nae.keystore.password NAE keystore password. edgeencryption.nae.username User name to use to authenticate with the NAE device. edgeencryption.nae.password Password to use to authenticate with the NAE device. edgeencryption.nae.client.certificate Certificate located in the keystore on the NAE server. Set this property to authenticate using a certificate instead of a username and password. Table 9. Clear text and static IV properties Property Description edgeencryption.customer.assigned.known.cleartext Clear text to let the instance verify that all proxies are using the same keys. At startup, the proxy encrypts the clear text and sends the encrypted text to the instance. The instance does not know the clear text, nor are keys sent to the instance. This property must be the same for all proxies. edgeencryption.encrypter.static.iv Static IV (initialization vector) used in equality-preserving and order-preserving encryption. This property must be the same for all proxies and it must be exactly 16 bytes (16 ASCII characters). Table 10. Password property Property Description edgeencryption.encrypter.properties.password Name of the file in the conf folder that contains a string used within a secure process to obfuscate passwords in the edgeencryption.properties file. If this property is not set, passwords in your properties file appear in clear text. Leave this property blank until after the proxy configuration has been set up and tested. Table 11. Web proxy properties Property Description edgeencryption.webproxy.host Web proxy name or IP address. edgeencryption.webproxy.port Port on the web proxy. edgeencryption.webproxy.user User name used to connect to the web proxy. If your web proxy does not use authentication, leave this property commented out. edgeencryption.webproxy.password Password to use to connect to the web proxy. If your web proxy does not use authentication, leave this property commented out. Table 12. Java KeyStore properties Property Description edgeencryption.keystore.path Path to the Java KeyStore. If using a file store or a SafeNet KeySecure keystore, leave this property commented out. Example: edgeencryption.keystore.path = keystore/keystore.jceks edgeencryption.keystore.password Password the proxy uses to connect to the Java KeyStore. If using a file store or a SafeNet KeySecure keystore, leave this property commented out. Table 13. File store properties Property Description edgeencryption.keyfile.directory The directory specifies where key files are stored. If using the Java KeyStore or a SafeNet KeySecure keystore, leave this property commented out. Example: edgeencryption.keyfile.directory=keys Table 14. General configuration properties Property Description edgeencryption.config.poll.interval Poll interval in seconds. The default setting means that it takes 5 seconds for the proxy to learn of encryption configuration changes. Larger values cause the instance to take longer to detect an offline proxy. Note: Do not change this property. Changing the default setting of the Proxy Poll Interval can result in detection delays when a proxy comes online. edgeencryption.rules.dir Folder where the encryption rules are stored on the proxy. edgeencryption.encryption.order_preserving.cache.enable Setting determines whether caching is used to support order-preserving encryption types. edgeencryption.encryption.order_preserving.cache.size Maximum cache size, in bytes. edgeencryption.jobs.concurrency Maximum number of mass encryption jobs that can run concurrently on this proxy. edgeencryption.jobs.requests_per_second Number of http job requests per second that can be sent to the instance by this proxy. edgeencryption.attachments.request.timeout.seconds Attachment upload request timeout in seconds. edgeencryption.request.buffer.size Size of an encryption request. If an encryption request is larger than this size, the excess is saved to disk. Note: Do not change this property. edgeencryption.httpclient.request.buffer.size Size of the client request. If the client request is larger than this size, the excess is saved to disk. Note: Do not change this property. edgeencryption.proxy.idle.timeout Time in seconds after which a transaction times out. The default value is 300. edgeencryption.proxy.keepalive.interval Time in seconds between pings issued by the proxy to the instance. Pings are issued periodically to verify connectivity between the proxy and the instance. The default value is 10. The minimum value is 5. edgeencryption.register.retry.count Maximum number of times the proxy will ping the instance to try to register. The default is 0 (no limit). edgeencryption.tokenization.exclusion.list Encryption patterns cannot tokenize strings found in these fields. Proxy server performance properties Proxy server performance properties are not present in the configuration file by default. To change the default values, you must add the properties and restart the proxy server. For more information, see Edge Encryption diagnostics and performance. Property Description edgeencryption.stat.collection.enabled Enables the collection of statistics used by the Edge Encryption proxy server performance dashboard. Default value: true Add this property and set the value to false to disable the collection of statistics used by the Edge Encryption proxy server performance dashboard. After adding proxy server performance properties, you must restart the proxy server for the change to take effect. edgeencryption.stat.collection.interval Interval length in seconds during which the Edge Encryption proxy server collects statistics. The value cannot be less than 30 seconds. Default value: 30 After adding proxy server performance properties, you must restart the proxy server for the change to take effect. Table 15. Deprecated proxy encryption properties Property Description edgeencryption.encrypter.default.key128 Specifies the name of the current AES 128 key. An AES 128 key must be available even if it is not used. Must be the same for all proxies. edgeencryption.encrypter.default.key256 Specifies the name of the current AES 256 key. Must be the same for all proxies. edgeencryption.encrypter.key Specifies the key name. This property is specified for each key and is used to specify the default keys. This is the key alias integrated with the metadata that is included with each encrypted item and, therefore, is stored on the instance. The key name must use lowercase letters. edgeencryption.encrypter.type Specifies the type of encryption keystore system. edgeencryption.encrypter.file Specifies the path and file name of the text file associated with the key. edgeencryption.encrypter.password Specifies the password for accessing the keystore.