Skip to main content

25 docs tagged with "security"

View all tags

Composable Blueprints

Multiple blueprints can be composed into one master blueprint which specifies the deployment model for multiple included blueprints, by using includeBefore and includeAfter parameters. This allows you to scale your deployment and release models with any number of blueprints. During the implementation of a composed blueprint, the CLI will work through the blueprints in the sequence defined, merging the questions into a single list and applying any custom values that were defined in the composed blueprint. For more information on the YAML fields that enable composable blueprints, see IncludeBefore/IncludeAfter fields for composability.

Configure Secure Communication With Workers and Satellites

The Deploy master communicates with workers and satellite servers over a secure communication channel using TLS/SSL technology to encrypt data. This algorithm relies on certificate checking and data encryption using asymmetric keys.

Connect Deploy to Your LDAP or Active Directory

By default, Deploy authenticates users and retrieves authorization information from its repository. You can also configure Deploy to use an LDAP repository to authenticate users and to retrieve role (group) membership. In this scenario, the LDAP users and groups are used as principals in Deploy that can be mapped to Deploy roles. Role membership and rights assigned to roles are always stored in the Deploy repository.

Connect to Atlassian Crowd

By default, Deploy authenticates users and retrieves authorization information from its repository. Deploy can also be configured to use an Atlassian Crowd repository to authenticate users and to retrieve role (group) membership. In this scenario, the Atlassian Crowd users and groups are used as principals in Deploy and can be mapped to Deploy roles. Role membership and rights assigned to roles are stored in the Deploy repository.

Deploy Concepts

Deploy is an application release automation (ARA) tool that deploys applications to environments (for example, development, test, QA, and production) while managing configuration values that are specific to each environment. Deploy is designed to make the process of deploying applications faster, easier, and more reliable. You provide the components that make up your application, and Deploy does the rest.

Logging in Deploy

By default, the Deploy server writes informational, warning, and error log messages to standard output and to XLDEPLOYSERVER_HOME/log/deployit.log when it is running. In addition, Deploy:

Manage Deploy Permissions in YAML

You can specify and maintain global permissions, roles, and users for Deploy in YAML, enabling you to manage this aspect of your Deploy configuration "as code".

Manage Release Permissions in YAML

You can specify and maintain global permissions, roles, and users for Release in YAML, enabling you to manage this aspect of your Release configuration "as code".

Manage System Passwords

This topic describes how to change the encryption key password and the admin user's password in Deploy.

Pendo Analytics and Guidance

Pendo.io is a Product Analytics platform used in Deploy to enrich the product experience and provide insights to the product management team.

Roles and Permissions

Deploy includes a fine-grained access control scheme to ensure the security of your middleware and deployments. The security scheme is based on the concepts of principals, roles, and permissions.

Security FAQs

What are the implications of deprecating TLS protocol versions 1.0 and 1.1?

Security in Stitch

Stitch sources are created under the Configuration tab of the CI Explorer. Using configuration or folder permissions, you can show/hide Stitch sources. As a Stitch source is also a CI, it has the same logic for permissions as all other CI’s.

Set up Roles and Permissions

Deploy provides fine-grained security settings based on roles and permissions that you can configure in the GUI and through the command-line interface (CLI).

Set up Roles and Permissions Using the Deploy CLI

When Deploy is installed, no permissions are granted to any user. The only users that have permissions granted are the administrator users, and they have all permissions granted to them. Deploy has one predefined administrator user called admin, with the default password admin. For more information, see roles and permissions.

Store Credentials

In the Configuration section of the CI Library, you can define one or more sets of credentials to be used with source artifacts. To define credentials, you must have admin global permissions. You can use the defined credentials to provide a username and password to any HTTP URL that requires authentication.

Store Encrypted Passwords in Deploy

Digital.ai Deploy provides a mechanism to automatically encrypt passwords and allow you to refer to them, so you do not need to store third-party passwords in plain text in configuration files. To declare a new third-party password:

Store Proxy Servers in Deploy

In the Configuration section of the CI Library, you can define one or more sets of proxy servers to be used with source artifacts. To define a proxy server, you must have admin global permissions. You can use the defined proxy servers to provide a

Store Shared Host Credentials

Your infrastructures can include multiple remote hosts that share the same credentials. To simplify credential management across these hosts, you can configure a single CI to define shared credentials for any remote host that requires authentication. Then, when you define an overthere host connection, you can select the shared credentials CI. This is applicable to the following host types:

Update the Digital Certificate

To support secure communications, Deploy can generate a self-signed digital certificate. This can cause issues in situations where Deploy needs to be accessed using a URL other than https4516, because the Common Name in the certificate is localhost.