Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Asgardeo] Add updated remote user store documentation #4883

Draft
wants to merge 3 commits into
base: master
Choose a base branch
from
Draft

[Asgardeo] Add updated remote user store documentation #4883

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
4139a7b
Add updated remote user store docs
ThaminduDilshan Nov 25, 2024
3600390
Add deployment best practices
ThaminduDilshan Nov 26, 2024
e947279
Resolve merge conflicts
ThaminduDilshan Nov 27, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Binary file added ...ardeo/docs/assets/img/guides/user-stores/register-user-store-configurations.png
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added en/asgardeo/docs/assets/img/guides/user-stores/register-user-store-general.png
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file removed en/asgardeo/docs/assets/img/guides/user-stores/register-user-store.png
View file
Open in desktop
Binary file not shown.
129 changes: 129 additions & 0 deletions en/asgardeo/docs/guides/users/user-stores/advanced-configurations-for-the-agent.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,129 @@
# Advanced configuration for the remote agent

## Configuring secrets in the agent configuration file

The remote user store agent is built-in with a secure vault implementation that allows parsing plain text passwords as encrypted secrets. The downloaded agent zip file contains a `ciphertool` that can be used to encrypt the secrets defined in the deployment.toml file. To encrypt secrets in the agent configuration file:

1. Add the following [secrets] configurations to the bottom of the deployment.toml file. Secrets can be listed with any alias and the value should be enclosed within double quotes and square brackets.

```toml
[secrets]
secret_alias = ["secret_value"]
```

For example:

```toml
[secrets]
connection_password = "[adminpassword]"
```

2. The encrypted secrets can be used for the configurations by using the `$secret{alias}` format.

```toml
[user_store]
connection_password = "$secret{connection_password}"
```

3. Configure and run the cipher tool to encrypt the secrets in the deployment.toml file.

=== "Optimized Agent"

Both the cipher tool and agent need to be configured with an encryption key to use the secrets. To do so, configure the following environment variable with your encryption key.

```bash
export ENCRYPTION_KEY=51e6a32d699c43f7cbd7c62ba999c64a
```

Open a terminal and run the following command to encrypt the secrets.

- **Linux/Unix:**

```bash
./ciphertool <path/to/the/deployment/toml/file>
```

- **Windows:**

```bash
ciphertool <path/to/the/deployment/toml/file>
```

!!! note

When you configure secrets in the configuration file, you need to configure the same encryption key environment variable in the agent as well.

=== "Classic Agent"

The classic agent's internal keystore is used to encrypt and decrypt the secrets. To encrypt the secrets, open a terminal and run the following command.

- **Linux/Unix:**

```bash
./ciphertool.sh -Dconfigure
```

- **Windows:**

```bash
ciphertool.bat -Dconfigure
```

!!! note

When you configure secrets in the configuration file, the agent will prompt you to enter the keystore and private key passwords when starting the agent. The default password is `wso2carbon`.

4. Open the `deployment.toml` file again and see that the alias secrets are now encrypted.

```toml
[secrets]
connection_password = "xxxxxxx"
```

## Configuring remote agent logs

The remote agent provides flexible options for configuring logs such as altering the log level. This helps with debugging and monitoring the agent's operations effectively.

To configure remote agent logs:

=== "Optimized Agent"

- To enable debug logs or adjust the log level, set the `LOG_LEVEL` environment variable.

```bash
export LOG_LEVEL = DEBUG
```

Following levels can be configured.

- **DEBUG**: Logs detailed information for debugging.
- **INFO**: Logs general operational information.
- **WARN**: Logs only the potential issues.
- **ERROR**: Logs only the error events.
- **FATAL**: Logs critical errors that may cause the application to terminate.

- To write logs to a file, enable file-based logging by setting the `ENABLE_LOG_FILE` environment variable.

```bash
export ENABLE_LOG_FILE = true
```

- Restart the agent to apply the changes.

=== "Classic Agent"

- The classic user store agent is shipped with `log4j2` logging capabilities. The log level can be set specifically for each appender in the `log4j2.properties` file by setting the threshold value.

```bash
rootLogger.level = DEBUG
```

Following levels can be configured.

- **DEBUG**: Logs detailed information for debugging.
- **INFO**: Logs general operational information.
- **WARN**: Logs only the potential issues.
- **ERROR**: Logs only the error events.
- **FATAL**: Logs critical errors that may cause the application to terminate.

- Restart the agent to apply the changes.
Loading