Configuration

Zercurity provides a number of configuration options for on-premise deployments.

Production.env

Variable

Options

ZERCURITY_DOMAIN

The system HOSTNAME will be used to serve the Zercurity web application. However, please use ZERCURITY_DOMAIN to configure the application domain. Do not include the app, api or download prefix.

PROVIDER

By default this is local and the Zercurity application will make use of the local services. This can also be set to aws to use AWS KMS, SES and other AWS services for common operations

SECRET

If you’re using the local provider a SECRET is required in order to perform encrypt and decrypt operations.

STAGE

This can either be prod, dev or local This will configure the system loggers and verbosity of debug information.

DB_ENGINE

Only postgres can be set at present.

DB_HOSTNAME

The hostname or IP address of your database instance.

DB_DATABASE

The database name you want to use. The Zercurity migrations container will automatically provision or upgrade the the provided database.

DB_USERNAME

Your database username

DB_PASSWORD

Your database password

TEMP_PATH

STORAGE_PATH

A directory to store generated Zercurity content. The default is /tmp/zercurity

RESOURCE_PATH

REPOSITORY_URL

API_CERTIFICATE_CHAIN

ENROLL_DARWIN_DEVELOPER_KEY

ENROLL_DARWIN_DEVELOPER_CER

ENROLL_DARWIN_SIGNATORY_KEY

ENROLL_DARWIN_SIGNATORY_CER

ENROLL_LINUX_SIGNATORY_PEM

ENROLL_WINDOWS_SIGNATORY_PEM

AWS_KMS_KEY

If you’re using AWS as your PROVIDER you can opt to use AWS KMS for both key and data encryption and decryption. You need to provide your KMS ARN.

STRIPE_API_KEY

If you need to enable billing as an MSP. You can provide your Stripe API key to automatically bill and invoice accounts.

VIRUS_TOTAL_API_KEY

If you don’t want to send application hashes to Zercurity you can add support for VT.

GOOGLE_CLOUD_API_KEY

ATLASSIAN_CLIENT_ID

ATLASSIAN_CLIENT_KEY

SLACK_CLIENT_ID

SLACK_CLIENT_SECRET

LICENSE_TRIAL

By default this is set to True. Set this to False to load your license key file.

LICENSE_ASSETS_LIMIT

LICENSE_USERS_LIMIT

LICENSE_TEAMS_LIMIT

LICENSE_COMPANIES_LIMIT

LICENSE_WORKFLOWS

Globally enable workflow support.

LICENSE_OSQUERY

Globally enable Osquery support.

LICENSE_SANTA

Globally enable Google Santa support.

LETSENCRYPT

Either enable True or disable False support for Let’s encrypt certificates. By default Let’s encrypt isn’t used. Self signed certificates are used instead.

LETSENCRYPT_EMAIL

Your Let’s Encrypt account email address admin@your-domain.com

LETSENCRYPT_METHOD

http

LETSENCRYPT_OPTS

Any additional Let’s Encrypt arguments

Docker-compose.yml

This will be provided to you by your account manager.