Encryption properties

This reference lists and describes the global and specific server portion encryption properties located in spectrum-container.properties.

Global encryption settings

Global encryption settings apply to all levels: http, https, cache, and index. You can use the level-specific properties to define preferences at those specific levels.
Property Description
spectrum.encryption.enabled Enable or disable basic HTTP: true for enabled or false (default) for disabled
Note: Spectrum encryption will evaluate and apply the global encryption settings even if this property is set to false, and will not allow Elasticsearch indexing unless the Indexing settings are specifically applied.
spectrum.encryption.algorithm Encryption algorithm to use for the resource password: JASYPT (default) or AES
spectrum.encryption.keystoreAlias Alias of certificate, if applicable, or use first key found; for example spectrum
spectrum.encryption.keystoreType Keystore type: pkcs12 (default) or jks
spectrum.encryption.keystore Keystore file name in location SpectrumDirectory/conf/certs
spectrum.encryption.keystorePassword Keystore password; For more information:
spectrum.encryption.selfSignedCert Are certificates self-signed? True or false
spectrum.encryption.truststoreType Truststore type: pkcs12 or jks
spectrum.encryption.truststore Truststore file name in location SpectrumDirectory/server/conf/certs
spectrum.encryption.truststorePassword Truststore password; For more information:
spectrum.encryption.validateCerts Should certificates be validated? True (default) or false
spectrum.encryption.trustAllHosts During verification, ignore host name specified on the certificate.

Caching settings

These definitions control caching settings and are located in the Cache settings (Hazelcast) section of spectrum-container.properties.
Property Description
spectrum.cache.encryption.keystoreType Keystore type: pkcs12 or jks
spectrum.cache.encryption.keystore Keystore file name in SpectrumDirectory/server/conf/certs
spectrum.cache.encryption.keystorePassword Keystore password; For more information:
spectrum.cache.encryption.truststoreType Truststore type: pkcs12 or jks
spectrum.cache.encryption.truststore Truststore file name in SpectrumDirectory/server/conf/certs
spectrum.cache.encryption.truststorePassword Truststore password; For more information:

HTTPS and HTTP settings

These definitions control settings to HTTP and HTTPS properties and are located in the "Spectrum http settings" section of spectrum-container.properties.

Property Description
spectrum.http.enabled Enable/disable basic HTTP
spectrum.http.port HTTP port
spectrum.https.enabled Enable/disable basic HTTPS: true or false
spectrum.https.port HTTPS port
spectrum.https.encryption.validateCerts Should certificates be validated?
spectrum.https.encryption.trustAllHosts Trust all certificates if no keystore or truststore are provided?
spectrum.https.encryption.selfSignedCert Are certificates self-signed?
spectrum.https.encryption.trustAllHosts Is host name verification disabled?
spectrum.https.encryption.keystoreType Keystore type: pkcs12 or jks
spectrum.https.encryption.keystore Keystore file name in SpectrumDirectory/server/conf/certs
spectrum.https.encryption.keystorePassword Keystore password For more information:
spectrum.https.encryption.keystoreAlias Alias of certificate, if applicable, or use first key found
spectrum.https.encryption.truststoreType Truststore type: pkcs12 or jks
spectrum.https.encryption.truststore Truststore file name in SpectrumDirectory/server/conf/certs
spectrum.https.encryption.truststorePassword Truststore password; For more information:

Indexing settings

These definitions control indexing settings and are located in the "Index settings (Elasticsearch)" section of spectrum-container.properties.

Property Description
spectrum.index.encryption.enabled Enable/disable encryption on indexing : true or false
spectrum.index.encryption.trustAllHosts Is hostname verification disabled?
spectrum.index.encryption.keystoreType Keystore type: pkcs12 or jks
spectrum.index.encryption.keystoreAlias Alias of certificate, if applicable, or use first key found
spectrum.index.encryption.keystore

Index keystore name in SpectrumDirectory/server/conf/certs

spectrum.index.encryption.keystorePassword Index keystore password in SpectrumDirectory/server/conf/certs; For more information:
spectrum.index.encryption.truststoreType Index truststore type: pkcs12 or jks
spectrum.index.encryption.truststore

Index keystore name in SpectrumDirectory/server/conf/certs

spectrum.index.encryption.truststorePassword Index truststore password; For more information:

Password algorithm setting

This definition controls password-level decryption settings and are located in spectrum-container.properties.
Property Description
spectrum.password.decryption.algorithm Encryption algorithm to use for decrypting the passwords: JASYPT (default) or AES