Keyfactor Command CA Connector API appsetting.json File

The CAConnectorAPI appsettings.json configuration file allows you to change default CAClosed A certificate authority (CA) is an entity that issues digital certificates. Within Keyfactor Command, a CA may be a Microsoft CA or a Keyfactor gateway to a cloud-based or remote CA. connector APIClosed An API is a set of functions to allow creation of applications. Keyfactor offers the Keyfactor API, which allows third-party software to integrate with the advanced certificate enrollment and management features of Keyfactor Command. installation configuration settings.

Windows Installations Under IIS

To update the appsettings.json file:

  1. Navigate to the CAConnectorAPI\Configuration folder on your server, located by default at:

    C:\Program Files\Keyfactor\Keyfactor Platform\CAConnectorAPI\Configuration
  2. Browse to open the appsettings.json file in a text editor (e.g. Notepad) and adjust the values as needed.
  3. Save the file.

Figure 459: Sample CAConnectorAPI Appsettings.json File

Container Installations Under Kubernetes

The configurations from the appsettings.json file can be updated in one of two ways for container installations:

  • To update one or two settings, set an environment variable in your custom values file.

  • To update a large number of settings or the entire contents of the appsettings.json file, create a config map containing the appsettings.json file contents and mount it as a volume to replace the existing appsettings.json file.

Note:  Some appsettings.json settings are overridden by environment variables in a standard installation, so don’t assume that the values you see in an appsettings.json file if you view it within a started container are actually the values in use. Be sure to check for environment variables as well. Environment variables take precedence over values of the same name from the appsettings.json file. For example, in a standard installation, the appsettings.json files ActiveDirectoryEnforced value will show true, but an environment variable is set in each container where this is relevant to set this to false.

To set an environment variable for one or two configuration values:

  1. On your Kubernetes server, edit your values file to add an additionalEnvironmentVariables section (if one does not already exist) and environment variable name(s) and value(s) for the setting(s) to change. For example, the following shows a portion of the example values file (see Install Keyfactor Command in Containers Under Kubernetes) with the JobStart_ConnectRetryOptions_DelayInMinutes value set to 2.

    additionalEnvironmentVariables:
  - name: JobStart_ConnectRetryOptions_DelayInMinutes
    value: '2'

volumes:
  - name: root-cas
    configMap:
      name: ca-roots
      items:
        - key: ca-certificates.crt
          path: ca-certificates.crt
volumeMounts:
  - name: root-cas
    mountPath: /etc/ssl/certs/ca-certificates.crt
    subPath: ca-certificates.crt
    Note:   Notice that the DelayInMinutes parameterClosed A parameter or argument is a value that is passed into a function in an application. is referenced by its full name, including its parent parameter names—JobStart_ConnectRetryOptions_DelayInMinutes. Likewise, a SQL retry configuration setting would be, for example, SqlRetryConfiguration_NumberOfTries.

  2. Load the new values, referencing the deployment name, namespace, your customized values file, the helm chart, and version. For example:

    sudo helm upgrade Helm_Deployment_Name --namespace keyfactor-command --values values-local.yaml oci://repo.keyfactor.com/charts/command --version 1.0.0

To provide the appsettings.json file as a config map:

  1. On your Kubernetes server, create an appsettings.json file with the full contents of the file, including the updates you wish to make. For example:

    Copy 
    {
      "NLogConfigFile": "Configuration/NLog_CAConnectors.config",
      "ExtensionsDirectory": "Extensions",
      "SqlRetryConfiguration": {
        "NumberOfTries": "5",
        "DeltaTime": "00:00:00.5",
        "MaxTimeInterval": "00:02:00"
      },
      "JobStart": {
        "ConnectRetryOptions": {
          "DelayInMinutes": 2
        }
      }
    }

  2. On your Kubernetes server, create a config map containing the appsettings.json file. For example:

    sudo kubectl create configmap appsettings-caconnector --namespace keyfactor-command --from-file=/opt/kyf_command/appsettings.json

  3. Edit your values file to add a volume and volumeMount for the config map of the appsettings.json file. For example, the following values file section shows the example root trusts volume (see Install Keyfactor Command in Containers Under Kubernetes) and the appsettings volume.

    volumes:
  - name: root-cas
    configMap:
      name: ca-roots
      items:
        - key: ca-certificates.crt
          path: ca-certificates.crt
  - name: appsettings-caconnector-volume
    configMap:
      name: appsettings-caconnector
volumeMounts:
  - name: root-cas
    mountPath: /etc/ssl/certs/ca-certificates.crt
    subPath: ca-certificates.crt
  - name: appsettings-caconnector-volume
    mountPath: /app/Configuration/appsettings.json
    subPath: appsettings.json

  4. Load the new values, referencing the deployment name, namespace, your customized values file, the helm chart, and version. For example:

    sudo helm upgrade Helm_Deployment_Name --namespace keyfactor-command --values values-local.yaml oci://repo.keyfactor.com/charts/command --version 1.0.0
Configuration Settings

The following table shows the configuration settings for the Keyfactor Command CA ConnectorClosed The Keyfactor CA Connector is installed in the customer environment to provide a connection between a CA and Keyfactor Command when a direct connection is not possible. It is supported on both Windows and Linux and has versions for Microsoft (Windows only) or EJBCA CAs. API available in the appsettings.json file.

Table 92: Appsetting.json File Parameters - CAConnectorAPI

Setting Description
NLog Config File

Enter the file path to the NLog_ClaimsProxy.config file as a subdirectory of the CAConnectorAPI directory. The default is:

Configuration\\NLog_CAConnectors.config

This translates to, for example:

C:\Program Files\Keyfactor\Keyfactor Platform\CAConnectorAPI\Configuration\NLog_CAConnectors.config

This value is not used for container installations under Kubernetes.
Extensions Directory

Enter the file path to the extensions to be loaded by the extension loader (for registration handler, workflow step, etc... support). For Windows installations under IIS, this is a subdirectory of the CAConnectorAPI directory. The default value is Extensions.

This translates to, for example, for Windows installations under IIS:

C:\Program Files\Keyfactor\Keyfactor Platform\CAConnectorAPI\Extensions

Container installations under Kubernetes:

/app/Configuration/Extensions
Sql Retry Configuration SQL retry settings (seeKeyfactor Command Changing SQL Retry Settings for more information).
Setting Description
Number Of Tries The number of times a connection attempt will be made to SQL before an exception is thrown. The default is 5.
Delta TimeThe preferred gap time to delay before the next attempt to connect to SQL will be made. The default is .5 (1/2) second.
Max Time IntervalThe maximum time interval before the next attempt to connect to SQL will be made. The default is 2 minutes.
Job Start

Settings to control the retry interval the job start service uses in attempting to establish a connection to RabbitMQ.

Setting Description
Connect Retry Options

The connection retry options.

Setting Description
Delay In Minutes The number of minutes between attempts to retry a connection to RabbitMQ. The default is 1. The value must be a positive integer.