Encryption properties
This reference lists and describes the global and specific server portion encryption properties located in spectrum-container.properties.
Global encryption settings
Global encryption settings apply to all levels: http, https, cache, and index. You can use the
level-specific properties to define preferences at those specific levels.
| Property | Description |
|---|---|
| spectrum.encryption.enabled | Enable or disable basic HTTP: true for enabled or false (default) for
disabled Note: Spectrum encryption will evaluate and apply the global encryption settings
even if this property is set to false, and will not allow Elasticsearch indexing unless the
Indexing settings are
specifically applied. |
| spectrum.encryption.algorithm | Encryption algorithm to use for the resource password: JASYPT (default) or AES |
| spectrum.encryption.keystoreAlias | Alias of certificate, if applicable, or use first key found; for example spectrum |
| spectrum.encryption.keystoreType | Keystore type: pkcs12 (default) or jks |
| spectrum.encryption.keystore | Keystore file name in location SpectrumDirectory/conf/certs |
| spectrum.encryption.keystorePassword | Keystore password; For more information: |
| spectrum.encryption.selfSignedCert | Are certificates self-signed? True or false |
| spectrum.encryption.truststoreType | Truststore type: pkcs12 or jks |
| spectrum.encryption.truststore | Truststore file name in location SpectrumDirectory/server/conf/certs |
| spectrum.encryption.truststorePassword | Truststore password; For more information: |
| spectrum.encryption.validateCerts | Should certificates be validated? True (default) or false |
| spectrum.encryption.trustAllHosts | During verification, ignore host name specified on the certificate. |
Caching settings
These definitions control caching settings and are located in the Cache settings
(Hazelcast) section of spectrum-container.properties.
| Property | Description |
|---|---|
| spectrum.cache.encryption.keystoreType | Keystore type: pkcs12 or jks |
| spectrum.cache.encryption.keystore | Keystore file name in SpectrumDirectory/server/conf/certs |
| spectrum.cache.encryption.keystorePassword | Keystore password; For more information:
|
| spectrum.cache.encryption.truststoreType | Truststore type: pkcs12 or jks |
| spectrum.cache.encryption.truststore | Truststore file name in SpectrumDirectory/server/conf/certs |
| spectrum.cache.encryption.truststorePassword | Truststore password; For more information:
|
HTTPS and HTTP settings
These definitions control settings to HTTP and HTTPS properties and are located in the "Spectrum http settings" section of spectrum-container.properties.
| Property | Description |
|---|---|
| spectrum.http.enabled | Enable/disable basic HTTP |
| spectrum.http.port | HTTP port |
| spectrum.https.enabled | Enable/disable basic HTTPS: true or false |
| spectrum.https.port | HTTPS port |
| spectrum.https.encryption.validateCerts | Should certificates be validated? |
| spectrum.https.encryption.trustAllHosts | Trust all certificates if no keystore or truststore are provided? |
| spectrum.https.encryption.selfSignedCert | Are certificates self-signed? |
| spectrum.https.encryption.trustAllHosts | Is host name verification disabled? |
| spectrum.https.encryption.keystoreType | Keystore type: pkcs12 or jks |
| spectrum.https.encryption.keystore | Keystore file name in SpectrumDirectory/server/conf/certs |
| spectrum.https.encryption.keystorePassword | Keystore password For more information: |
| spectrum.https.encryption.keystoreAlias | Alias of certificate, if applicable, or use first key found |
| spectrum.https.encryption.truststoreType | Truststore type: pkcs12 or jks |
| spectrum.https.encryption.truststore | Truststore file name in SpectrumDirectory/server/conf/certs |
| spectrum.https.encryption.truststorePassword | Truststore password; For more information: |
Indexing settings
These definitions control indexing settings and are located in the "Index settings (Elasticsearch)" section of spectrum-container.properties.
| Property | Description |
|---|---|
| spectrum.index.encryption.enabled | Enable/disable encryption on indexing : true or false |
| spectrum.index.encryption.trustAllHosts | Is hostname verification disabled? |
| spectrum.index.encryption.keystoreType | Keystore type: pkcs12 or jks |
| spectrum.index.encryption.keystoreAlias | Alias of certificate, if applicable, or use first key found |
| spectrum.index.encryption.keystore |
Index keystore name in SpectrumDirectory/server/conf/certs |
| spectrum.index.encryption.keystorePassword | Index keystore password in SpectrumDirectory/server/conf/certs; For more information: |
| spectrum.index.encryption.truststoreType | Index truststore type: pkcs12 or jks |
| spectrum.index.encryption.truststore |
Index keystore name in SpectrumDirectory/server/conf/certs |
| spectrum.index.encryption.truststorePassword | Index truststore password; For more information: |
Password algorithm setting
This definition controls password-level decryption settings and are located in
spectrum-container.properties.
| Property | Description |
|---|---|
| spectrum.password.decryption.algorithm | Encryption algorithm to use for decrypting the passwords: JASYPT (default) or AES |