Encrypt your alert data with Edge Encryption
Install and set up the edge encryption application then use one of the three methods we provide to deploy it to your environment.
Set up the Edge Encryption application
Prerequisites
Contact customer success to have the Edge Encryption feature enabled on your account
Determine the domain you will use to deploy the edge encryption application
Steps
Access your Opsgenie Settings page.
Select the Edge Encryption tab.
Add a new application.
Fill in the name and URL fields.
a. Provide the URL of your chosen domain to the URL field. If you want this application to process your data, you need to send your requests to this URL.Copy the public key and application ID after adding the application. You will need them to configure the app.
Open the config file of the app.
The public key is used for verifying requests between Opsgenie and the application. Save this key to a file and paste the path of this file as the jwtPublicKeyPath in the config file.
Paste the application ID that you copied from the Edge Encryption page to the ogApplicationId field.
Add an API Key of one of the API integrations that you configured to the conf file. In order to get the integration config to the application, this API Key will be used.
According to your Opsgenie account domain, set the opGenieApiUrl:
a. For US: https://api.opsgenie.com
b. For EU: https://api.eu.opsgenie.comThe application will use a master key for encrypting the alert. You need to create a new one and save it in a file and put the file path to the config file as encryptionMasterKeyPath.
After the config file is ready, you can run the application.
File configuration instructions
In the configuration file, create a .og-edge-encryption-conf file under $USER_HOME directory with content like this:
Text
1
2
3
4
5
6
7
8
9
10
11
12
13
{
"opsGenieApiUrl": <Opsgenie app url>,
"apiKey": <apiKey of one of your API integrations>,
"encryptionMasterKeyPath": "$USER_HOME/.og-edge-encryption-master-key",
"ogApplicationId": <your application id>,
"jwtPublicKeyPath": "$USER_HOME/.og-edge-encryption-jwt-public-key"
}
Put your encryption master key into related file. $USER_HOME/.og-edge-encryption-master-key
Put the public key you copied from Opsgenie into related file. $USER_HOME/.og-edge-encryption-jwt-public-key
Run the application.
How to use the encryption master key
Prerequisites
Check instructions for setting up the edge encryption application.
Steps
Our Edge Encryption application uses AWS encryption SDK for the encryption/decryption process, using a practice called Envelope Encryption. In Envelope Encryption practice, data keys are used to encrypt/decrypt data and a master key is used for encrypting/decrypting the data key. SDK itself rotates the data key, but you must be aware of the fact that the master key should not be rotated since it is used for encryption/decryption of data keys. For more information, read AWS’s developer guide on how it works.
The master key can be AES 128-bit or AES 256-bit. Providing and managing the master key is your responsibility. If you change the master key, you might not be able to decrypt the data key encrypted before.
How to deploy the edge encryption application via Docker image
Prerequisites
Check instructions for setting up the edge encryption application.
Steps
Run ‘docker run -ti -v :/home/opsgenie:ro -p 9200:9200 atlassian/opsgenie-edge-encryption’ command
is the directory which contains your conf files
In the configuration file, create a .og-edge-encryption-conf file under $USER_HOME directory with content like this:
Text
1
2
3
4
5
6
7
8
9
10
11
12
13
{
"opsGenieApiUrl": <Opsgenie app url>,
"apiKey": <apiKey of one of your API integrations>,
"encryptionMasterKeyPath": "/home/opsgenie/.og-edge-encryption-master-key",
"ogApplicationId": <your application id>,
"jwtPublicKeyPath": "/home/opsgenie/.og-edge-encryption-jwt-public-key"
}
Put your encryption master key into related file. $USER_HOME/.og-edge-encryption-master-key
Put the public key you copied from Opsgenie into related file. $USER_HOME/.og-edge-encryption-jwt-public-key
How to deploy the edge encryption application via CloudFormation template
Prerequisites
Set up or log into your AWS account to access the CloudFormation template.
Steps
Access the template here.
Enter your stack name.
Enter your encryption master key to the EncryptionMasterKey field.
Copy the JWT public key from Opsgenie (where? config file?) and paste it to the JWTPublicKey field.
Access Opsgenie > Settings > Edge Encryption tab and copy the applicationID and paste it to the OgAplicationId field in the template.
Copy the API key from one of your API integrations via the integration setup page and paste it to the OpsGenieApiKey field in the template.
Access Opsgenie > Settings > Edge Encryption tab and copy Opsgenie API key to theOpsGenieApiUrl field in the template. The default value is “https://api.opsgenie.com”, edit the url to use EU or Sandbox environments.
Check the box to “I acknowledge that AWS CloudFormation might create IAM resources with custom names” under the Capabilities section.
Click Create.
How to deploy the edge encryption application via Jar package
Prerequisites
Check instructions for setting up the edge encryption application.
Steps
Download the jar package here.
It is normal to get a warning when downloading an executable file.
In the configuration file, create a .og-edge-encryption-conf file under $USER_HOME directory with content like this:
Text
1
2
3
4
5
6
7
8
9
10
11
12
13
{
"opsGenieApiUrl": <Opsgenie app url>,
"apiKey": <apiKey of one of your API integrations>,
"encryptionMasterKeyPath": "$USER_HOME/.og-edge-encryption-master-key",
"ogApplicationId": <your application id>,
"jwtPublicKeyPath": "$USER_HOME/.og-edge-encryption-jwt-public-key"
}
Put your encryption master key into related file. $USER_HOME/.og-edge-encryption-master-key
Put the public key you copied from Opsgenie into related file. $USER_HOME/.og-edge-encryption-jwt-public-key
Run the jar file
a. java -jar filename.jar
Was this helpful?