Skip to main content

Create the plugin configuration

To add a custom plugin in Trust Lifecycle Manager, you must provide a corresponding JSON configuration file. The configuration file serves two main purposes:

  1. Define the UI form fields for configuring an instance (connector) of the plugin in Trust Lifecycle Manager.

  2. Map user configuration inputs to the corresponding variables in your custom plugin code.

To help craft your plugins, this page includes example configurations and descriptions of the underlying JSON fields and schemas.

  • For a general explanation, make sure to review at least the connector screen and base configuration examples.

  • For explanations of the specific fields in the JSON examples, select the Schema tabs for each.

  • The sections marked automation and discovery focus on those respective plugin types, but are also helpful in understanding plugin configurations in general.

Example of connector screen

The following screenshot shows an example of the configuration screen for one of the pre-built connector types in Trust Lifecycle Manager. For custom plugins, users must complete a similar screen to provide the configuration settings for each connector/instance of the plugin. The JSON configuration defines the form fields and maps them to applicable variables in your custom plugin.

Screenshot

그림 1. Configuration screen for pre-built A10 appliance connector
[en] Configuration screen for pre-built A10 appliance connector

Notes

  • The Name and Business unit fields are included for every connector, regardless of the plugin configuration.

  • The Managing sensor is required for all custom plugins and must be included in your JSON configuration.

Base configuration

The base configuration represents the bare minimum JSON configuration before adding your own fields. The schema here explains the general structure of the JSON configuration and the supported settings objects for building out your own custom configuration.

JSON

Sections

The JSON configuration structure for plugins consists of the following sections.

Section

Description

metadata

Defines basic metadata about the plugin author. These values are included in the Plugins details after uploading the plugin to Trust Lifecycle Manager, but are not visible anywhere outside of Trust Lifecycle Manager.

core_settings

All plugins require a DigiCert sensor to manage the connection. The core_settings prompt the user to select a managing sensor and maps it to a sensor_id in Trust Lifecycle Manager. You can adjust the UI label here, otherwise include this object exactly as shown in the example.

config_settings

Populate the config_settings with the main configuration objects for the variables in your custom plugin. The field names here must map to properties in the MyPluginConfiguration.java class for your custom plugin, and the parent object must be config_attributes. Most of the customization work you do should focus on this part of the configuration.

additional_settings

Plugins may include secondary configuration in the additional_settings array. These properties map to base object fields in Trust Lifecycle Manager and should not typically be modified. For example, see Discovery: tlm-plugin-example-discovery.

credential_sets

The credential_sets array allows you to define special handling for certain parameters when configuring an instance (connector) of the plugin in Trust Lifecycle Manager.

To customize this part of the configuration, add fields from the config_settings section that require special handling. Each object here must have one of the following names, followed by a list of the fields to handle accordingly:

  • sensitive: The values for these fields will be encrypted in the database in Trust Lifecycle Manager.

  • unique: The values for these fields must be unique across all instances of the plugin.

  • API Key: These fields contain API keys and will be encrypted in the database.

  • Credentials: These fields will be isolated in the database in a separate column.

Automation: tlm-plugin-example-automation

The following example is for an automation plugin and included in the tlm-plugin-example-automation repository in GitHub. It matches the default code in that repository, plus the parameters needed to configure an instance (connector) of the plugin in Trust Lifecycle Manager. The schema here explains the specific values used in the configuration.

JSON

Notes

  • The core_settings section includes the standard sensor object, as required in all configurations.

  • The main config_settings section includes user credentials and a management IP/port for connecting to a network appliance such as an F5 load balancer.

    • These fields map to the default properties in the MyPluginConfiguration.java class for the example automation plugin.

    • To customize for a different appliance or cloud service type, add the required properties to the MyPluginConfiguration.java class with matching fields here.

  • The additional_settings section is empty and not required for configuring automation plugins.

  • The credential_sets section marks certain parameters for special handling.

    • The example automation plugin defines the password property from the MyPluginConfiguration.java properties as sensitive, to be encrypted in the database in Trust Lifecycle Manager when configuring an instance of this plugin.

    • The managementIP property is defined as unique, so each instance of the plugin must have a unique management IP address. This prevents adding multiple connectors to the same target system. If a user attempts to configure a new connector with the same management IP address as an existing connector, Trust Lifecycle Manager will reject it.

    • For descriptions of other types of credential handling you can specify here, see the Base configuration notes.

참고

If a field within a settings object does not apply, omit it or set the value to be empty or null.

Discovery: tlm-plugin-example-discovery

The following example is for a discovery plugin and included in the tlm-plugin-example-discovery repository in GitHub. It matches the default code in that repository, plus the parameters needed to configure an instance (connector) of the plugin in Trust Lifecycle Manager. The schema here explains the specific values used in the configuration.

JSON

/tlm/plugins/tlm-plugin-example-discovery.yaml

Notes

  • The core_settings section includes the standard sensor object, as required in all configurations.

  • The config_settings section includes user credentials for connecting to an external scan provider.

    • These fields map to the default properties in the MyPluginConfiguration.java class for the example discovery plugin.

    • To include network parameters for a scan provider (for example, URL or IP address), add the required properties to the MyPluginConfiguration.java class with matching fields here.

  • Discovery plugins include a secondary additional_settings section to configure import operations from the scan provider.

    • These fields are defined by the base object in Trust Lifecycle Manager and do not have matching properties in the MyPluginConfiguration.java class for the custom plugin.

    • Do not modify this part of the configuration.

  • The credential_sets section marks certain parameters for special handling.

    • The example discovery plugin defines the password property from the MyPluginConfiguration.java properties as sensitive, to be encrypted in the database in Trust Lifecycle Manager when configuring an instance of this plugin.

    • For descriptions of other types of credential handling you can specify here, see the Base configuration notes.

참고

If a field within a settings object does not apply, omit it or set the value to be empty or null.

What's next

Once you've built the Zip file for your plugin and created the corresponding JSON configuration file, you're ready to add the plugin in Trust Lifecycle Manager.

이 섹션의 내용: