Encryption properties

Global encryption settings

Global encryption settings apply to all levels: http, https, model store, cache, and index. You can use the level-specific properties to define preferences at those specific levels.


Property	Description
spectrum.encryption.enabled	Enable or disable basic HTTP: true for enabled or false (default) for disabled Note: Spectrum encryption will evaluate and apply the global encryption settings even if this property is set to false, and will not allow Elasticsearch indexing unless the Indexing settings are specifically applied.
spectrum.encryption.algorithm	Encryption algorithm to use for the resource password: JASYPT (default) or AES
spectrum.encryption.keystoreAlias	Alias of certificate, if applicable, or use first key found; for example spectrum
spectrum.encryption.keystoreType	Keystore type: pkcs12 (default) or jks
spectrum.encryption.keystore	Keystore file name in location `SpectrumDirectory`/conf/certs
spectrum.encryption.keystorePassword	Keystore password; For more information: Review Generate encryption strings Review Encrypt passwords or mask encryption strings
spectrum.encryption.selfSignedCert	Are certificates self-signed? True or false
spectrum.encryption.truststoreType	Truststore type: pkcs12 or jks
spectrum.encryption.truststore	Truststore file name in location `SpectrumDirectory`/server/conf/certs
spectrum.encryption.truststorePassword	Truststore password; For more information: Review Generate encryption strings Review Encrypt passwords or mask encryption strings
spectrum.encryption.validateCerts	Should certificates be validated? True (default) or false
spectrum.encryption.trustAllHosts	During verification, ignore host name specified on the certificate.

Caching settings

These definitions control caching settings and are located in the Cache settings (Hazelcast) section of spectrum-container.properties.


Property	Description
spectrum.cache.encryption.keystoreType	Keystore type: pkcs12 or jks
spectrum.cache.encryption.keystore	Keystore file name in `SpectrumDirectory`/server/conf/certs
spectrum.cache.encryption.keystorePassword	Keystore password. For more information: Review Generate encryption strings for information about generating encryption strings. Review Encrypt passwords or mask encryption strings for more information about encrypting or masking strings.

spectrum.cache.encryption.truststoreType	Truststore type: pkcs12 or jks
spectrum.cache.encryption.truststore	Truststore file name in `SpectrumDirectory`/server/conf/certs
spectrum.cache.encryption.truststorePassword	Truststore password; For more information: Review Generate encryption strings for information about generating encryption strings. Review Encrypt passwords or mask encryption strings for information about encrypting or masking strings.

HTTPS and HTTP settings

These definitions control settings to HTTP and HTTPS properties and are located in the "Spectrum http settings" section of spectrum-container.properties.


Property	Description
spectrum.http.enabled	Enable/disable basic HTTP
spectrum.http.port	HTTP port
spectrum.https.enabled	Enable/disable basic HTTPS: true or false
spectrum.https.port	HTTPS port
spectrum.https.encryption.validateCerts	Should certificates be validated?
spectrum.https.encryption.trustAllHosts	Trust all certificates if no keystore or truststore are provided?
spectrum.https.encryption.selfSignedCert	Are certificates self-signed?
spectrum.https.encryption.trustAllHosts	Is host name verification disabled?
spectrum.https.encryption.keystoreType	Keystore type: pkcs12 or jks
spectrum.https.encryption.keystore	Keystore file name in `SpectrumDirectory`/server/conf/certs
spectrum.https.encryption.keystorePassword	Keystore password For more information: Review Generate encryption strings. Review Encrypt passwords or mask encryption strings.
spectrum.https.encryption.keystoreAlias	Alias of certificate, if applicable, or use first key found
spectrum.https.encryption.truststoreType	Truststore type: pkcs12 or jks
spectrum.https.encryption.truststore	Truststore file name in `SpectrumDirectory`/server/conf/certs
spectrum.https.encryption.truststorePassword	Truststore password; For more information: Review Generate encryption strings. Review Encrypt passwords or mask encryption strings.

Indexing settings

These definitions control indexing settings and are located in the "Index settings (Elasticsearch)" section of spectrum-container.properties.


Property	Description
spectrum.index.encryption.enabled	Enable/disable encryption on indexing : true or false
spectrum.index.encryption.trustAllHosts	Is hostname verification disabled?
spectrum.index.encryption.keystoreType	Keystore type: pkcs12 or jks
spectrum.index.encryption.keystoreAlias	Alias of certificate, if applicable, or use first key found
spectrum.index.encryption.keystore	Index keystore name in `SpectrumDirectory`/server/conf/certs
spectrum.index.encryption.keystorePassword	Index keystore password in `SpectrumDirectory`/server/conf/certs; For more information: Review Generate encryption strings. Review Encrypt passwords or mask encryption strings.
spectrum.index.encryption.truststoreType	Index truststore type: pkcs12 or jks
spectrum.index.encryption.truststore	Index keystore name in `SpectrumDirectory`/server/conf/certs
spectrum.index.encryption.truststorePassword	Index truststore password; For more information: Review Generate encryption strings. Review Encrypt passwords or mask encryption strings.

Password algorithm setting

This definition controls password-level decryption settings and are located in spectrum-container.properties.


Property	Description
spectrum.password.decryption.algorithm	Encryption algorithm to use for decrypting the passwords: JASYPT (default) or AES