System Properties
The CipherTrust Manager allows you to manage user configurable system properties.
Property Name | Default Value | Description |
---|---|---|
MAXIMUM_REFRESH_TOKEN_LIFETIME | Describes the maximum lifetime of a refresh token. This can be an empty string (infinite lifetime) or a sequence of integers with a time unit as a suffix. The valid time units are m and h . For example, 300m, 3h, or 2h45m. The value of the maximum lifetime of a refresh token should be at least 5m. | |
CERT_REV_CHECK_TIMEOUT | 5sec | Configures the revocation check request timeout for Web (cert user login) and NAE/KMIP clients. The timeout value must be in an integer from 0-600secs, where 0 refers to no timeout. This timeout is for each request.For example if a certificate contains 3 URLs for the caIssuer and CRL/OCSP, and each URL gets failed in 5sec; then it will take 15sec to complete the authentication call. |
ALLOW_UNKNOWN_FIELDS | false | Allows unknown fields in the JSON body from the API calls. If you set this property to true , restart is required for changes to take effect. |
ENABLE_RECORDS_DB_STORE | true | Stores audit records in the database. If you set this property to false , it deletes the audit records. If syslog is added, it continues to push audit records to the syslog server. |
ENFORCE_NAE_CLIENT_VALIDATION | false | Enforces client validation on the NAE. |
ENFORCE_NAE_CLIENT_REGISTRATION | false | Enforces registered NAE clients to perform the NAE operations. |
ENABLE_NAE_CRYPTO_RECORDS | false | Enables the logging for NAE crypto audit records. |
ENABLE_NAE_ACTIVITY_LOGS | false | Enables the activity logging for NAE operations. |
ENABLE_KMIP_ACTIVITY_LOGS | false | Enables the activity logging for KMIP operations. |
ENABLE_CERT_REV_CHECK | true | Checks the client certificates on the NAE/KMIP interface for revocation status. This property is not applicable for user certificate login. For user certificate login, the CRL revocation status is always checked. |
Managing user configurable system properties using ksctl
The following operations can be performed:
Get details of a property
List all properties
Modify a property
Reset a property
Getting details of properties
To get details of a property, run:
Syntax
ksctl properties get --name <name of the system configuration>
Example
ksctl properties get --name ENABLE_RECORDS_DB_STORE
Getting list of properties
To list all the configurable system properties, run:
Syntax
ksctl properties list
Updating properties
To modify the value of a property, run:
Syntax
ksctl properties modify --name <property name> --value <value to be set>
Example 1
ksctl properties modify --name ENABLE_RECORDS_DB_STORE --value false
**Example 2 **
ksctl properties modify --name CERT_REV_CHECK_TIMEOUT --value 10
Changes doesn't reflect immediately. It may take up to 60 seconds on the current node as well as on the clustered nodes.
Resetting properties
To reset the value of a property to default, run:
Syntax
ksctl properties reset --name <property name>
Examples
ksctl properties reset --name ENABLE_RECORDS_DB_STORE