## Overview From a security perspective, a function to obtain credentials from the OS's system environment variables has been added from ver.1.2.21.0 to prevent the leakage of credentials even if a parameter file containing credentials such as a database connection string is leaked due to an error such as inadequate access rights settings. This explains the procedure for registering credentials in system environment variables. ## Credentials that can be registered in system environment variables ### [Rds.json](/en/manual/rds-json) You can set the database connection string. |Parameter|Settings| |---|---| |SaConnectionString|Connection string for connecting to a database instance with sa privileges| |OwnerConnectionString|Specify the connection string for connecting to the Pleasanter database with dbowner privileges| |UserConnectionString|Specify the connection string for connecting to the Pleasanter database with dbreader and dbwriter privileges| |MySqlConnectingHost|Only for MySQL, specify the user access rights to MySQL in the specified method| ### [Mail.json](/en/manual/mail.json) You can set the SMTP authentication information. |Parameters|Settings| |---|---| |SmtpUserName|Specify the user name for SMTP-AUTH| |SmtpPassword|Specify the password for SMTP-AUTH| ### [Security.json](/en/manual/security-json) You can set parameters related to the AspNetCoreDataProtection settings in system environment variables. |Parameters|Settings| |---|---| |BlobContainerUri|Specify the URL of the Blob container that will persist the data protection key| |KeyIdentifier|Specify the key identifier of Azure Key Vault that manages the encryption key to protect the data protection key| |XmlAesKey|Specify the string to generate the encryption key to protect the data protection key| ### [Service.json](/en/manual/service-json) You can set a string to distinguish the installation environment of Pleasanter. |Parameter|Settings| |---|---| |DeploymentEnvironment|Specify a string to distinguish the environment where Pleasanter is installed (production environment, staging environment, etc.)| ### 「Kvs.json」 You can set the connection string for session data. |Parameter|Settings| |---|---| |ConnectionStringForSession|Specify the session connection string for connecting to session data| ## Naming Rules for System Environment Variables When registering variables in system environment variables, follow the naming rules below. For details, refer to the manual for each parameter. ``` {Service name}_{Parameter file name}_{Parameter name} ``` 1. Service name Specify "EnvironmentName" or "Name" in "[Service.json](/en/manual/service-json)". The priority is "EnvironmentName" → "Name". 2. Parameter file name Specify the parameter file name. If you want to register the database connection string in the system environment variables, specify "Rds". 3. Parameter name Specify the parameter name you want to register in the system environment variable. *You can also specify the database type as the system environment variable name for the database connection string. For details, see "[Rds.json](/en/manual/rds-json)". ## Parameter priority If you set it in both the parameter file and the system environment, the priority is as follows. For details, see the manual for each parameter. |Priority|Setting value| |---|---| |1|Setting value in the parameter file| |2|"{Service name (EnvironmentName)}\_{Parameter file name}\_{Parameter name}" in the system environment variable| |3|"{Service name (Name)}\_{Parameter file name}\_{Parameter name}" in the system environment variable| *The priority of the database connection string also takes into account the database type. For details, see "[Rds.json](/en/manual/rds-json)". ## Notes on Registering in The System Environment Variable If you want to register credentials in the system environment variable, set "null" in the parameter file. As stated above, if you set a parameter in both the parameter file and the system environment variable, the parameter file takes precedence. ## How to Register a System Environment Variable ### 1. App Service 1. Connect to the Azure Portal and select the created App Service instance. 1. Click "Settings" - "Environment variables" in the left menu. 1. Click the "+ Add" button on the "App Settings" tab. 1. Enter the "Name" and "Value" of the credential you want to register, and click the "Apply" button. ### 2. Windows 1. Search for "Edit system environment variables" from the Start menu and launch it. 1. Click the "Environment variables" button on the "Advanced" tab of the "System Properties" dialog. 1. Click the "New" button for "System environment variables" in the "Environment variables" dialog. 1. In the "New system variable" dialog, enter the "Variable name" and "Variable value" of the credential you want to register, and click the "OK" button. 1. Click the "OK" button in the "Environment variables" dialog, and then click the "OK" button in the "System Properties" dialog. ### 3. Linux **When setting system environment variables in /etc/profile on Linux, an error may occur if the system environment variable name contains a "." (dot). In that case, set the system environment variable using one of the following procedures.** 1. Register using the env command 2. Add to the Pleasanter service script (/etc/systemd/system/pleasanter.service). Here is an example of specifying a database connection string. - Before addition ``` ～ [Service] ExecStart = /usr/local/bin/dotnet Implem.Pleasanter.dll ～ ``` - After addition ``` ～ [Service] ExecStart=/usr/bin/env \ Implem.Pleasanter_Rds_PostgreSQL_SaConnectionString="Server=localhost;Port=5432;Database=postgres;UID=postgres;PWD=SetSaPWD" \ Implem.Pleasanter_Rds_PostgreSQL_OwnerConnectionString="Server=localhost;Port=5432;Database=Implem.Pleasanter;UID=Implem.Pleasanter_Owner;PWD=SetAdminsPWD" \ Implem.Pleasanter_Rds_PostgreSQL_UserConnectionString="Server=localhost;Port=5432;Database=Implem.Pleasanter;UID=Implem.Pleasanter_User;PWD=SetUsersPWD" \ /usr/local/bin/dotnet Implem.Pleasanter.dll ～ ``` ## Supported Versions |Supported versions|Body| |:--|:--| |1.2.21.0 and later|Added a feature to register credentials in system environment variables| |1.3.26.0 and later|Added to DeploymentEnvironment in Service.json| |1.4.16.0 and later|Added to ConnectionStringForSession in Kvs.json| |1.4.18.0 and later|Added to MySqlConnectingHost in Rds.json| ## Related Information <div id="ManualList"><ul><li><a href="/en/manual/mail.json">Set Parameter: Mail.json</a><span>10.01.2024 up</span></li> <li><a href="/en/manual/rds-json">Set Parameter: Rds.json</a><span>10.24.2024 up</span></li> <li><a href="/en/manual/security-json">Set Parameter: Security.json</a><span>10.02.2024 up</span></li> <li><a href="/en/manual/service-json">Set Parameter: Service.json</a><span>10.10.2024 up</span></li></ul></article></div><input id="SearchTextHidden" type="hidden" value="" />