Configuration¶
Zercurity provides a number of configuration options for on-premise deployments.
Production.env¶
| Variable | Options |
| ZERCURITY_DOMAIN | The system HOSTNAME will be used to serve
the Zercurity web application. However,
please use ZERCURITY_DOMAIN to configure
the application domain. Do not include the
app, api or download prefix. |
| PROVIDER | By default this is local and the Zercurity
application will make use of the local
services. This can also be set to aws to
use AWS KMS, SES and other AWS services for
common operations |
| SECRET | If you’re using the local provider a
SECRET is required in order to perform
encrypt and decrypt operations. |
| STAGE | This can either be prod, dev or local
This will configure the system loggers and
verbosity of debug information. |
| DB_ENGINE | Only postgres can be set at present. |
| DB_HOSTNAME | The hostname or IP address of your database instance. |
| DB_DATABASE | The database name you want to use. The Zercurity migrations container will automatically provision or upgrade the the provided database. |
| DB_USERNAME | Your database username |
| DB_PASSWORD | Your database password |
| TEMP_PATH | |
| STORAGE_PATH | A directory to store generated Zercurity
content. The default is /tmp/zercurity |
| RESOURCE_PATH | |
| REPOSITORY_URL | |
| API_CERTIFICATE_CHAIN | |
| ENROLL_DARWIN_DEVELOPER_KEY | |
| ENROLL_DARWIN_DEVELOPER_CER | |
| ENROLL_DARWIN_SIGNATORY_KEY | |
| ENROLL_DARWIN_SIGNATORY_CER | |
| ENROLL_LINUX_SIGNATORY_PEM | |
| ENROLL_WINDOWS_SIGNATORY_PEM | |
| AWS_KMS_KEY | If you’re using AWS as your PROVIDER you
can opt to use AWS KMS for both key and data
encryption and decryption. You need to
provide your KMS ARN. |
| STRIPE_API_KEY | If you need to enable billing as an MSP. You can provide your Stripe API key to automatically bill and invoice accounts. |
| VIRUS_TOTAL_API_KEY | If you don’t want to send application hashes to Zercurity you can add support for VT. |
| GOOGLE_CLOUD_API_KEY | |
| ATLASSIAN_CLIENT_ID | |
| ATLASSIAN_CLIENT_KEY | |
| SLACK_CLIENT_ID | |
| SLACK_CLIENT_SECRET | |
| LICENSE_TRIAL | By default this is set to True. Set this
to False to load your license key file. |
| LICENSE_ASSETS_LIMIT | |
| LICENSE_USERS_LIMIT | |
| LICENSE_TEAMS_LIMIT | |
| LICENSE_COMPANIES_LIMIT | |
| LICENSE_WORKFLOWS | Globally enable workflow support. |
| LICENSE_OSQUERY | Globally enable Osquery support. |
| LICENSE_SANTA | Globally enable Google Santa support. |
| LETSENCRYPT | Either enable True or disable False
support for Let’s encrypt certificates.
By default Let’s encrypt isn’t used. Self
signed certificates are used instead. |
| LETSENCRYPT_EMAIL | Your Let’s Encrypt account email address
admin@your-domain.com |
| LETSENCRYPT_METHOD | http |
| LETSENCRYPT_OPTS | Any additional Let’s Encrypt arguments |
Docker-compose.yml¶
This will be provided to you by your account manager.