Edge Encryption proxy server properties
-
- UpdatedAug 1, 2024
- 6 minutes to read
- Xanadu
- Edge Encryption
The edgeencryption.properties configuration file located in the <installation directory>/conf/ folder contains properties used to configure your environment.
You must restart the proxy server after making changes to any proxy server properties.
Clear text and static IV properties
| edgeencryption.customer.assigned.known.cleartext | Clear text to let the instance verify that all proxies are using the same keys. At startup, the proxy encrypts the clear text and sends the encrypted text to the instance. The instance does not know the clear text, nor are keys sent to the instance. This property must be the same for all proxies. |
| edgeencryption.encrypter.static.iv | Static IV (initialization vector) used in equality-preserving and order-preserving encryption. This property must be the same for all proxies and must be exactly 16 bytes (16 ASCII characters). |
Digital signature properties
| edgeencryption.proxy.signature.keystore.path | Path and Java KeyStore file name. |
| edgeencryption.proxy.signature.keystore.password | Password. The default password is <changeme>. Change the password after installing the Java KeyStore. |
| edgeencryption.proxy.signature.keystore.keyalias | The key alias given as the -alias argument when the RSA key pair is generated. |
File store property
| edgeencryption.keyfile.directory | The directory specifies where key files are stored. If using the Java KeyStore
or a SafeNet KeySecure keystore, leave this property commented
out. Example:
If using Unbound Technology keys, uncomment this property and set the value to the keys directory. |
General configuration properties
| edgeencryption.config.poll.interval | Poll interval in seconds. The default setting means that it takes 5 seconds for
the proxy to learn of encryption configuration changes. Larger values cause the
instance to take longer to detect an offline proxy. Warning: Do not
change this property. Changing the default setting of the Proxy Poll Interval can
result in detection delays when a proxy comes online. |
| edgeencryption.rules.dir | Folder where the encryption rules are stored on the proxy. |
| edgeencryption.encryption.order_preserving.cache.enable | Setting determines whether caching is used to support order-preserving encryption types. |
| edgeencryption.encryption.order_preserving.cache.size | Maximum cache size, in bytes. |
| edgeencryption.jobs.concurrency | Maximum number of mass encryption jobs that can run concurrently on this proxy. |
| edgeencryption.jobs.requests_per_second | Number of http job requests per second that can be sent to the instance by this proxy. |
| edgeencryption.attachments.request.timeout.seconds | Attachment upload request timeout in seconds. |
| edgeencryption.request.buffer.size | Size of an encryption request. If an encryption request is larger than this
size, the excess is saved to disk. Warning: Do not change this
property. |
| edgeencryption.httpclient.request.buffer.size | Size of the client request. If the client request is larger than this size, the
excess is saved to disk. Warning: Do not change this
property. |
| edgeencryption.httpclient.header.size | Size of the request/response header.
Warning: Do not change this property. |
| edgeencryption.proxy.idle.timeout | Time in seconds after which a transaction times out. Default value: 300 (seconds) |
| edgeencryption.proxy.keepalive.interval | Time in seconds between pings issued by the proxy to the instance. Pings are
issued periodically to verify connectivity between the proxy and the instance.
|
| edgeencryption.register.retry.count | Maximum number of times the proxy pings the instance to try to
register. Default value: 0 (no limit) |
| edgeencryption.tokenization.exclusion.list | Encryption patterns cannot tokenize strings found in these fields. |
Java KeyStore properties
| edgeencryption.keystore.path | Path to the Java KeyStore. If using a file store or a SafeNet KeySecure
keystore, leave this property commented out.
Example: |
| edgeencryption.keystore.password | Password the proxy uses to connect to the Java KeyStore. If using a file store or a SafeNet KeySecure keystore, leave this property commented out. |
Logging properties
Logging properties are found in the lo4gj2.properties file found in the <installation directory>/conf/ directory. These properties are only changed for troubleshooting or when directed by ServiceNow support. For details see How to increase debug logging for the Edge Encryption proxy.
NAE device keystore properties
| edgeencryption.nae.retries | Number of retries to make. |
| edgeencryption.nae.enabled | Setting indicates whether an NAE device is available. |
| edgeencryption.nae.server | Name of the NAE server. |
| edgeencryption.nae.port | Port used by the NAE server. |
| edgeencryption.nae.protocol | Protocol used by the NAE server. |
| edgeencryption.nae.keystore.path | Path to the keystore on the NAE server. |
| edgeencryption.nae.keystore.password | NAE keystore password. |
| edgeencryption.nae.username | User name to use to authenticate with the NAE device. |
| edgeencryption.nae.password | Password to use to authenticate with the NAE device. |
| edgeencryption.nae.client.certificate | Certificate located in the keystore on the NAE server. Set this property to authenticate using a certificate instead of a username and password. |
Password property
| edgeencryption.encrypter.properties.password | Name of the file in the conf folder that contains a string
used within a secure process to obfuscate passwords in the
edgeencryption.properties file. Note: Name of the file in the
conf folder that contains a string used within a secure
process to obfuscate passwords in the
edgeencryption.properties file. |
Proxy properties
| edgeencryption.proxy.host | Server name, IP address, or fully qualified domain name of the computer running the proxy. Along with the port, this property defines the URL used by the client to access the proxy server. |
| edgeencryption.proxy.name | Proxy name. Must be unique for each proxy. |
| edgeencryption.proxy.http.port | Port on the proxy for HTTP communication. |
| edgeencryption.proxy.https.port | Port on the proxy for HTTPS communication. |
Proxy configuration locked property
| edgeencryption.proxy.locked | When true, the proxy does not accept encryption configuration changes or encryption rule changes from the instance. Set this property on the production instance after all encryption configurations and rules are final. |
Proxy database properties
| edgeencryption.db.url | Proxy database location. Must be the same for all encryption proxies connecting to the same instance. |
| edgeencryption.db.user | User name for accessing the proxy database. Must be the same for all encryption proxies connecting to the same instance. |
| edgeencryption.db.password | Password to access the proxy database. Must be the same for all encryption proxies connecting to the same instance. |
| edgeencryption.db.name | Proxy database name. Must be the same for all encryption proxies connecting to the same instance. The default for this property is edgeencryption. |
| edgeencryption.db.bootstrap.file | Bootstrap file for the proxy database. The file is relative to the
sql/ directory. Must be the same for all encryption proxies
connecting to the same instance. Warning: Under normal circumstances, do
not change this parameter. |
Proxy server performance properties
Proxy server performance properties are not present in the configuration file by default. To change the default values, you must add the properties and restart the proxy server. For more information, see Edge Encryption diagnostics and performance.
| edgeencryption.stat.collection.enabled | Enables the collection of statistics used by the Edge Encryption
proxy server performance dashboard. Default value: true Add this property and set the value to false to disable the collection of statistics used by the Edge Encryption proxy server performance dashboard. |
| edgeencryption.stat.collection.interval | Interval length in seconds during which the Edge Encryption proxy
server collects statistics. The value cannot be less than 30 seconds. Default value: 30 (seconds) |
SSL certificate properties
Restart your proxy if you change the value of any SSL certificate property. The system uses the HTTPS keypair on startup to establish the proxy server connection and determine how the proxy answers client requests.
| edgeencryption.proxy.https.cert.alias | Alias of the certificate provided by the proxy server to connecting clients. |
| edgeencryption.proxy.https.keystore.path | Path to the keystore that contains the HTTPS certificate. |
| edgeencryption.proxy.https.keystore.password | Password for the keystore that contains the HTTPS certificate. |
Target (instance) properties
| edgeencryption.target.host | Host name for the instance. Must be the same for all encryption proxies connecting to the same instance. This property is set when the proxy is installed. For example, instancename.servicenow.com |
| edgeencryption.target.port | Instance port. Must be the same for all encryption proxies connecting to the same instance. This property is set when the proxy is installed. |
| edgeencryption.target.protocol | Instance protocol. Must be the same for all encryption proxies connecting to
the same instance. This property is set when the proxy is installed. Options
include:
|
Unbound Technology provider properties
| edgeencryption.ekm.provider.classname | Internal class name for the implementation. Warning: Do not change
this property. |
| edgeencryption.thirdparty.vendor.library.path | Path to the Unbound API JAR file on the Unbound client machine. |
| edgeencryption.ekm.provider.rsa.wrapping.key.alias | Wrapping key alias in the Unbound Technology implementation. Must be the same for all proxies. |
User account properties
| edgeencryption.target.username | User name that the proxy uses to log in to the instance. The user must have the edge_encryption role. See Set up an Edge Encryption user account. |
| edgeencryption.target.password | Password that the proxy uses to log in to the instance. |
Web proxy properties
| edgeencryption.webproxy.host | Web proxy name or IP address. |
| edgeencryption.webproxy.port | Port on the web proxy. |
| edgeencryption.webproxy.user | User name used to connect to the web proxy. If your web proxy does not use authentication, leave this property commented out. |
| edgeencryption.webproxy.password | Password to use to connect to the web proxy. If your web proxy does not use authentication, leave this property commented out. |
Deprecated proxy encryption properties
- edgeencryption.encrypter.default.key128
- Specifies the name of the current AES 128 key. An AES 128 key must be available even
if it is not used. Must be the same for all proxies.
Perform maintenance of these keys on the instance.
- edgeencryption.encrypter.default.key256
- Specifies the name of the current AES 256 key. Must be the same for all
proxies.
Perform maintenance of these keys on the instance.
- edgeencryption.encrypter.key
- Specifies the key name for each key and is used to specify the default keys. This is the key alias integrated with the metadata that is included with each encrypted item and, therefore, is stored on the instance. The key name must use lowercase letters.
- edgeencryption.encrypter.type
- Specifies the type of encryption keystore system.
- edgeencryption.encrypter.file
- Specifies the path and file name of the text file associated with the key.
- edgeencryption.encrypter.password
- Specifies the password for accessing the keystore.
On this page
- Clear text and static IV properties
- Digital signature properties
- File store property
- General configuration properties
- Java KeyStore properties
- Logging properties
- NAE device keystore properties
- Password property
- Proxy properties
- Proxy configuration locked property
- Proxy database properties
- Proxy server performance properties
- SSL certificate properties
- Target (instance) properties
- Unbound Technology provider properties
- User account properties
- Web proxy properties
- Deprecated proxy encryption properties