The site that you are currently viewing is a static version of the Software Factory documentation delivered with the

version v7.2.
For up-to-date documentation, see the latest version.

Secrets, Tokens and Credentials in Blackduck

This document lists all secrets, tokens and credentials that can be configured and managed by an administrator user in Blackduck.

List of credentials

Credentials typeUsageOfficial documentation linkComment
Tokens
Access/API TokenJWT issued for API authAccess Tokens
Other
Username/passwordUser AuthenticationCreating a user account

Credential Configuration Parameters

This section lists all parameters available for credential configuration. Each parameter can be set by an administrator through the Admin Module UI

Single Sign-on Authentication

Software Factory recommends implementing SAML-based authentication for Single Sign-On (SSO).

Using native users and groups should be avoided.

Credentials typeParametersConfiguration locationAdmin panel configurationDefault configurationRecommendationOfficial documentation link
Login/passwordMinimum Password LengthOnly in UIAdmin > System Settings > Local Authentication816Configuring password requirements
Minimum Character RequirementsOnly in UIAdmin > System Settings > Local Authentication14Configuring password requirements
Enforce Password ConfigurationOnly in UIAdmin > System Settings > Local AuthenticationDisabledEnabledConfiguring password requirements
Access TokensEnable Auto Purge JobOnly in UIAdmin Panel > Security > General > Token expiration26 weeks12 weeksToken expiration

API Key Recommendation

Warning

Blackduck don’t offer the standard expected options for securing credentials, thus the recommended values are not covered by Security in Thales guidelines.