Configuration

Zercurity provides a number of configuration options for on-premise deployments.

Production.env

Variable Options
ZERCURITY_DOMAIN The system HOSTNAME will be used to serve the Zercurity web application. However, please use ZERCURITY_DOMAIN to configure the application domain. Do not include the app, api or download prefix.
PROVIDER By default this is local and the Zercurity application will make use of the local services. This can also be set to aws to use AWS KMS, SES and other AWS services for common operations
SECRET If you’re using the local provider a SECRET is required in order to perform encrypt and decrypt operations.
STAGE This can either be prod, dev or local This will configure the system loggers and verbosity of debug information.
DB_ENGINE Only postgres can be set at present.
DB_HOSTNAME The hostname or IP address of your database instance.
DB_DATABASE The database name you want to use. The Zercurity migrations container will automatically provision or upgrade the the provided database.
DB_USERNAME Your database username
DB_PASSWORD Your database password
TEMP_PATH  
STORAGE_PATH A directory to store generated Zercurity content. The default is /tmp/zercurity
RESOURCE_PATH  
REPOSITORY_URL  
API_CERTIFICATE_CHAIN  
ENROLL_DARWIN_DEVELOPER_KEY  
ENROLL_DARWIN_DEVELOPER_CER  
ENROLL_DARWIN_SIGNATORY_KEY  
ENROLL_DARWIN_SIGNATORY_CER  
ENROLL_LINUX_SIGNATORY_PEM  
ENROLL_WINDOWS_SIGNATORY_PEM  
AWS_KMS_KEY If you’re using AWS as your PROVIDER you can opt to use AWS KMS for both key and data encryption and decryption. You need to provide your KMS ARN.
STRIPE_API_KEY If you need to enable billing as an MSP. You can provide your Stripe API key to automatically bill and invoice accounts.
VIRUS_TOTAL_API_KEY If you don’t want to send application hashes to Zercurity you can add support for VT.
GOOGLE_CLOUD_API_KEY  
ATLASSIAN_CLIENT_ID  
ATLASSIAN_CLIENT_KEY  
SLACK_CLIENT_ID  
SLACK_CLIENT_SECRET  
LICENSE_TRIAL By default this is set to True. Set this to False to load your license key file.
LICENSE_ASSETS_LIMIT  
LICENSE_USERS_LIMIT  
LICENSE_TEAMS_LIMIT  
LICENSE_COMPANIES_LIMIT  
LICENSE_WORKFLOWS Globally enable workflow support.
LICENSE_OSQUERY Globally enable Osquery support.
LICENSE_SANTA Globally enable Google Santa support.
LETSENCRYPT Either enable True or disable False support for Let’s encrypt certificates. By default Let’s encrypt isn’t used. Self signed certificates are used instead.
LETSENCRYPT_EMAIL Your Let’s Encrypt account email address admin@your-domain.com
LETSENCRYPT_METHOD http
LETSENCRYPT_OPTS Any additional Let’s Encrypt arguments

Docker-compose.yml

This will be provided to you by your account manager.