Keyfactor Command Service appsetting.json File

The Service appsettings.json file allows you to view or change the Keyfactor Command Service installation and configuration settings.

Windows Installations Under IIS

To update the appsettings.json file for service configuration:

  1. Navigate to the Service\Configuration folder on your server, located by default at:

    C:\Program Files\Keyfactor\Keyfactor Platform\Service\Configuration
  2. Browse to open the appsettings.json file in a text editor (e.g., Notepad) and adjust the values as needed as per Table 100: Keyfactor Command Services Configuration Settings and Keyfactor Command Service Automated Tasks.

    Figure 486: Appsettings.json File for TimerService Settings

  3. Save the file.
Container Installations Under Kubernetes

The configurations from the appsettings.json file can be updated in one of two ways for container installations:

  • To update one or two settings, set an environment variable in your custom values file.

  • To update a large number of settings or the entire contents of the appsettings.json file, create a config map containing the appsettings.json file contents and mount it as a volume to replace the existing appsettings.json file.

Note:  Some appsettings.json settings are overridden by environment variables in a standard installation, so don’t assume that the values you see in an appsettings.json file if you view it within a started container are actually the values in use. Be sure to check for environment variables as well. Environment variables take precedence over values of the same name from the appsettings.json file. For example, in a standard installation, the appsettings.json files ActiveDirectoryEnforced value will show true, but an environment variable is set in each container where this is relevant to set this to false.

To set an environment variable for one or two configuration values:

  1. On your Kubernetes server, edit your values file to add an additionalEnvironmentVariables section (if one does not already exist) and environment variable name(s) and value(s) for the setting(s) to change. For example, the following shows a portion of the example values file (see Install Keyfactor Command in Containers Under Kubernetes) with the ConcurrentWorkflows value set to 1200 and the PurgeAuditHistory service job set to false.

    additionalEnvironmentVariables:
      - name: ConcurrentWorkflows
        value: '1200'
      - name: Jobs_PurgeAuditHistory
        value: false
    
    workloadDefaults:
      volumes:
        - name: root-cas
          configMap:
            name: ca-roots
            items:
              - key: ca-certificates.crt
                path: ca-certificates.crt
    
      volumeMounts:
        - name: root-cas
          mountPath: /etc/ssl/certs/ca-certificates.crt
          subPath: ca-certificates.crt
    Note:   Notice that the PurgeAuditHistory parameterClosed A parameter or argument is a value that is passed into a function in an application. is referenced by its full name, including its parent parameter name—Jobs_PurgeAuditHistory. Likewise, a SQL retry configuration setting would be, for example, SqlRetryConfiguration_NumberOfTries.
  2. Load the new values, referencing the deployment name, namespace, your customized values file, the helm chart, and version. For example:

    sudo helm upgrade Helm_Deployment_Name --namespace keyfactor-command --values values-local.yaml oci://repo.keyfactor.com/charts/command --version 2.0.0

To provide the appsettings.json file as a config map:

  1. On your Kubernetes server, create an appsettings.json file with the full contents of the file, including the updates you wish to make. For example:

    Copy
    {
      "NLogConfigFile": "NLog_TimerService.config",
      "ExtensionsDirectory": "Extensions",
      "ActiveDirectoryEnforced": true,
      "ConcurrentWorkflows": 1000,
      "MetadataGeneration": {
        "Version": 1,
        "Parallelism": 8,
        "ProgressInterval": "00:07:00"
      },
      "SqlRetryConfiguration": {
        "NumberOfTries": "5",
        "DeltaTime": "00:00:00.5",
        "MaxTimeInterval": "00:02:00"
      },
      "Jobs": {
        "BulkAuditProcessing": true,
        "MetadataGeneration": true,
        "PrivateKeyCleanup": true,
        "PurgeAuditHistory": true,
        "EndpointHistory": true,
        "ReportingCleanup": true,
        "ScheduleSslJobs": true,
        "SuspendedWorkflows": true,
        "SyncTemplates": true,
        "StatsUpdate": true,
        "WorkflowCleanup": true,
        "CAHealth": true,
        "CAThreshold": true,
        "CRL": true,
        "ExpirationAlerts": true,
        "IssuedAlerts": true,
        "PendingAlerts": true,
        "QueryItems": true,
        "Reporting": true,
        "SSHKeyRotationAlerts": true,
        "AgentNotificationAlert": true,
        "CASync": true,
        "CollectionQueryAlerts": true,
        "UndecryptableSecretsSearch": true,
        "CertificateStoreWorkflows": true,
        "KeyRotationWorkflows": true,
        "ExpirationWorkflows": true,
        "RevocationMonitoringWorkflows": true
        "CertificateCleanup": true
      }
    }
    Important:  This file needs to be called appsettings.json when you create the config map for it, not something like appsettings-service.json.
  2. On your Kubernetes server, create a config map containing the appsettings.json file. For example:

    sudo kubectl create configmap appsettings-service --namespace keyfactor-command --from-file=/opt/kyf_command/appsettings.json
  3. Edit your values file to add a timerservice section under appConfig (if one does not already exist) and a volume and volumeMount for the config map of the appsettings.json file within that. For example:.

    appConfig:
      timerservice:
        volumes:
          - name: appsettings-service-volume
            configMap:
              name: appsettings-service
        volumeMounts:
          - name: appsettings-service-volume
            mountPath: /app/Configuration/appsettings.json
            subPath: appsettings.json
  4. Load the new values, referencing the deployment name, namespace, your customized values file, the helm chart, and version. For example:

    sudo helm upgrade Helm_Deployment_Name --namespace keyfactor-command --values values-local.yaml oci://repo.keyfactor.com/charts/command --version 2.0.0
Configuration Settings

The following table shows the configuration settings for the Keyfactor Command Service available in the appsettings.json file.

Table 100: Keyfactor Command Services Configuration Settings

Setting Description
NLog Config File

Enter the file path to the NLog_TimerService.config file as a subdirectory of the Service\Configuration directory. The default is:

NLog_TimerService.config

This translates to, for example:

C:\Program Files\Keyfactor\Keyfactor Platform\Service\Configuration\NLog_TimerService.config

This value is not used for container installations under Kubernetes.

Extensions Directory

Enter the file path to the extensions to be loaded by the extension loader (for registration handler, workflow step, etc... support). For Windows installations under IIS, this is a subdirectory of the Service directory. The default value is Extensions.

This translates to, for example, for Windows installations under IIS:

C:\Program Files\Keyfactor\Keyfactor Platform\Service\Extensions

Container installations under Kubernetes:

/app/Configuration/Extensions
Active Directory Enforced This should be set to false if you are not using Active Directory. An IIS reset will be required to apply this setting if you change it.
Concurrent Workflows The batch size used when suspended workflows are run by the Keyfactor Command service. Also used when running certificate entered collection and certificate left collection workflows to limit the number of certificates flowing through the workflow for each instance of the workflow initiated by the service. The default is 1000.
Metadata Generation
Setting Description
Version This timer service job iterates over the certificates in the database, looks fora value less than the version set here, and if true, sets the properties of the certificates with the version number specified here.
Parallelism How many threads of the job run simultaneously.
Progress Interval How often ( in milliseconds) the work from cache is saved to the database.
Sql Retry Configuration SQL retry settings (seeKeyfactor Command Changing SQL Retry Settings for more information).
Setting Description
Number Of Tries The number of times a connection attempt will be made to SQL before an exception is thrown. The default is 5.
Delta TimeThe preferred gap time to delay before the next attempt to connect to SQL will be made. The default is .5 (1/2) second.
Max Time IntervalThe maximum time interval before the next attempt to connect to SQL will be made. The default is 2 minutes.
Jobs

The jobs run by the Keyfactor Command Service. By default, the Keyfactor Command Service sets all service jobs to run (true). The service jobs can be disabled in the appsettings.json file. Select service jobs have configurable options. For more information, see Keyfactor Command Service Automated Tasks.

  • Bulk Audit Processing

  • Metadata Generation

  • Private Key Cleanup

  • Purge Audit History

  • Endpoint History

  • Reporting Cleanup

  • Schedule Ssl Jobs

  • Suspended Workflows

  • Sync Templates

  • Stats Update

  • Workflow Cleanup

  • CA Health

  • CA Threshold

  • CRL

  • Expiration Alerts

  • Issued Alerts

  • Pending Alerts

  • Query Items

  • Reporting

  • SSH Key Rotation Alerts

  • Agent Notification Alert

  • CASync

  • Collection Query Alerts

  • Undecryptable Secrets Search

  • Certificate Store Workflows

  • Key Rotation Workflows

  • Expiration Workflows

  • Revocation Monitoring Workflows

  • Actioned Certificates

  • Certificate Cleanup