Skip to content

Configuration

Deployment

A part of the configuation is done with environment variables, which need to be set when deploying SecObserve. How this is done depends on the deployment method, see Installation.

Backend

Environment variable Optionality Description
AAD_CLIENT_ID optional Only for authentication with Azure AD: Client ID from the Azure app registration.
AAD_TENANT_ID optional Only for authentication with Azure AD: Tenant ID of the Azure subscription.
ADMIN_USER mandatory Username of the administration user. The user will be created at the fist start of the backend.
ADMIN_EMAIL optional E-Mail of the administration user.
ADMIN_PASSWORD optional Initial password of the admin user. If it is not set, a random password will be created during startup and shown in the log.
ALLOWED_HOSTS mandatory Hostname of the backend, see Django settings ALLOWED_HOSTS
CORS_ALLOWED_ORIGINS mandatory URL of the frontend that is authorized to make cross-site HTTP requests.
DATABASE_HOST mandatory Which host to use when connecting to the database.
DATABASE_DB mandatory The name of the database to use.
DATABASE_PORT mandatory The port to use when connecting to the database.
DATABASE_USER mandatory The username to use when connecting to the database.
DATABASE_PASSWORD mandatory The password to use when connecting to the database.
DATABASE_ENGINE mandatory The database backend to use. Supported database backends are django.db.backends.mysql and django.db.backends.postgresql
MYSQL_AZURE optional Must be set to true if Azure Database for MySQL is used, to use the necessary SSL certificate. See Configure SSL connectivity in your application to securely connect to Azure Database for MySQL.
DJANGO_SECRET_KEY mandatory A secret key for a particular Django installation. This is used to provide cryptographic signing, and should be set to a unique, unpredictable value with at least 50 characters, see Django settings SECRET_KEY.
FIELD_ENCRYPTION_KEY mandatory Key to encrypt fields like the JWT secret. See Generating an Encryption Key how to generate the key.

Frontend

Environment variable Optionality Description
AAD_ENABLE mandatory true: Azure AD authentication is active, false: otherwise.
AAD_AUTHORITY mandatory The authority is a URL that indicates a directory that MSAL can request tokens from, typically https://login.microsoftonline.com/<TENANT>/
AAD_CLIENT_ID mandatory The client ID is the unique Application (client) ID assigned to your app by Azure AD when the app was registered.
AAD_REDIRECT_URI mandatory The redirect URI is the URI the identity provider will send the security tokens back to. To be set with the URL of the frontend.
AAD_POST_LOGOUT_REDIRECT_URI mandatory The post logout redirect URI is the URI that will be called after logout. To be set with the URL of the frontend.
AAD_SCOPE mandatory The scope is a permission that have been granted to the client applications, see Scopes and permissions in the Microsoft identity platform. Might be something like <AAD_CLIENT_ID>/.default
API_BASE_URL mandatory URL where to find the backend API, e.g. https:\\secobserve-backend.example.com/api.

All the AAD_* environment variables are needed for technical reasons. If AAD_ENABLE is set to false, the other AAD_* environment variables can be set to dummy or something similar.

Admin user interface

SecObserve provides an administration user interface to manage users and some system-wide configurations. It can be accessed via <BACKEND_URL>/admin by users where the flag Superuser status is set.

The entries in section CONSTANCE / Config should be checked and adjusted if necessary after installing SecObserve.