The site that you are currently viewing is a static version of the Software Factory
documentation delivered with the
version v7.2.
For up-to-date documentation, see the
latest version.
Secrets, Tokens and Credentials in Blackduck
less than a minute
This document lists all secrets, tokens and credentials that can be configured and managed by an administrator user in Blackduck.
List of credentials
| Credentials type | Usage | Official documentation link | Comment |
|---|---|---|---|
| Tokens | |||
| Access/API Token | JWT issued for API auth | Access Tokens | |
| Other | |||
| Username/password | User Authentication | Creating a user account |
Credential Configuration Parameters
This section lists all parameters available for credential configuration. Each parameter can be set by an administrator through the Admin Module UI
Single Sign-on Authentication
Software Factory recommends implementing SAML-based authentication for Single Sign-On (SSO).
Using native users and groups should be avoided.
| Credentials type | Parameters | Configuration location | Admin panel configuration | Default configuration | Recommendation | Official documentation link |
|---|---|---|---|---|---|---|
| Login/password | Minimum Password Length | Only in UI | Admin > System Settings > Local Authentication | 8 | 16 | Configuring password requirements |
| Minimum Character Requirements | Only in UI | Admin > System Settings > Local Authentication | 1 | 4 | Configuring password requirements | |
| Enforce Password Configuration | Only in UI | Admin > System Settings > Local Authentication | Disabled | Enabled | Configuring password requirements | |
| Access Tokens | Enable Auto Purge Job | Only in UI | Admin Panel > Security > General > Token expiration | 26 weeks | 12 weeks | Token expiration |
API Key Recommendation
Warning
Blackduck don’t offer the standard expected options for securing credentials, thus the recommended values are not covered by Security in Thales guidelines.