TOML Format Reference for the Baffle Advanced Config Editor

This document is a reference for the TOML format parameters, syntax, and structure for the following Baffle configuration files:

IMPORTANT! NOTE: Using the Baffle Configuration Editor to modify these files is an advanced procedure. We recommend that you consult with a Baffle Support representative before doing so.

TOML Format - BaffleCommonConfig

This section provides information on TOML parameters for BaffleCommonConfig, as well as the datatype and TOML representation with default value. For an example of a TOML Baffle Common Config file, see the TOML BaffleCommonConfig Template.

For information on other formats for this config file, see  Baffle Common Config File Parameters Reference. For instructions on how to edit this file, see Modify and Deploy the Baffle Common Config File.

 

Original

TOML Parameter

Datatype

Representation

COMMON PARAMS

tier

tier

Integer

[params]

   tier  = 0

type

type

String

[params]

   type  = “bs”

configType

configType

String

[params]

   configType  = “remote”

useMarkers

useMarkers

Boolean

[params]

   useMarkers  = false

configRefreshMilliSeconds

configRefreshMilliSeconds

Long

[params]

   configRefreshMilliSeconds  = 3000

nullEncryption

nullEncryption

Boolean

[params]

   nullEncryption  = false

baffleID

baffleID

String

[params]

   baffleID = “1”

syncTime

syncTime

Integer

[params]

   syncTime = 30

resourceLeakDetectorLevel

resourceLeakDetectorLevel

String

[params]

   resourceLeakDetectorLevel= “paranoid”

resourceLeakDetectorRecords

resourceLeakDetectorRecords

Integer

[params]

   resourceLeakDetectorRecords = 200

KEY INFO

numKeyIds

numKeyIds

Integer

[keyInfo]

   numKeyIds = 1

numRandomKeyIds

numRandomKeyIds

(default = numKeyIds)

Integer

[keyInfo]

   numRandomKeyIds = 1

keyRefreshSeconds

keyRefreshSeconds

Integer

[keyInfo]

   keyRefreshSeconds = 60

multiKeyEnable

enableMultiKey

Boolean

[keyInfo]

   enableMultiKey = true

multiKeyWildCardEnable

enableMultiKeyWildCard

Boolean

[keyInfo]

   enableMultiKeyWildCard = true

LOG INFO

logPath

logPath

(default = jar path + /logs)

String

[logInfo]

   logPath  = “/home/vagrant/shield/logs"

logFiles

logFiles

Integer

[logInfo]

   logFiles  = 10

logSize

logSize

Integer

[logInfo]

   logSize  = “10MB”

BAFFLE SHIELD CONFIG

bsMode

mode

Integer

[baffleshield]

   mode = 0

debug

debug

Integer

[baffleshield]

   debug = 0

bsClientPort

clientPort 

Integer

[baffleshield]

   clientPort = 8444

bsServerPort

serverPort

Integer

[baffleshield]

   serverPort = 3306

bsDBServerHost

dbServerHost

String

[baffleshield]

   dbServerHost = “127.0.0.1”

bsDBServerUser

dbServerUser

String

[baffleshield]

   dbServerUser = null

bsDBServerPassword

dbServerPassword

String

[baffleshield]

   dbServerPassword = null

bsEnable

enableShield

Boolean

[baffleshield]

   enableShield = true

bsKeyCreate

enableKeyCreation

Boolean

[baffleshield]

   enableKeyCreation = false

isIntegrityCheckEnabled

enableInegrityCheck

Boolean

[baffleshield]

   enableIntegrityCheck = false

isMixedModeEnabled

enableMixedMode

Boolean

[baffleshield]

   enableMixedMode = false

diagnosticsEnabled

enableDiagnosis

Boolean

[baffleshield]

   enableDiagnosis = false

randomizedSearchStrings

randomizedSearchStrings

Boolean

[baffleshield]

   randomizedSearchStrings = false

caseSensitiveCompare

caseSensitiveCompare

Boolean

[baffleshield]

   caseSensitiveCompare = true

charset

charset

String

[baffleshield]

   charset = “utf8”

charsetMaxLen

charsetMaxLen

Integer

[baffleshield]

   charsetMaxLen = 0

checkProxyPort

checkProxyPort

Boolean

[baffleshield]

   checkProxyPort = false

readReplica

readReplica

Boolean

[baffleshield]

   readReplica = false

encType

encType

String

[baffleshield]

   encType = “ENC_DET”

encMode

encMode

String

[baffleshield]

   encMode = “M_ADD”

threadPoolSize

threadPoolSize

Integer

[baffleshield]

   threadPoolSize = 0

backPressureDisabled

backPressureDisabled

Boolean

[baffleshield]

   backPressureDisabled = false

configClientRetryLimit

configClientRetryLimit

Integer

[baffleshield]

   configClientRetryLimit = 120

aggressiveHealthCheck

aggressiveHealthCheck

Boolean

[baffleshield]

   aggressiveHealthCheck = false

resultSetStreaming

resultSetStreaming

Boolean

[baffleshield]

   resultSetStreaming = true

loopbackServer

loopbackServer

String

[baffleshield]

   loopbackServer = “BaffleShield”

supportQuotedIdentifiers

supportQuotedIdentifiers

Boolean

[baffleshield]

   supportQuotedIdentifiers = true

bsMonitorPort

monitorPort

Integer

[baffleshield]

   monitorPort = -1

useStoredProcedures

useStoredProcedures

Boolean

[baffleshield]

   useStoredProcedures = false

refreshOnDDL

refreshOnDDL

Boolean

[baffleshield]

   refreshOnDDL = false

filterMode

filterMode

Integer

[baffleshield]

   filterMode = 0

verifyBPS

verifyBPS

Boolean

[baffleshield]

   verifyBPS = true

bsConfigClientDBName

configClientDBName

String

[baffleshield]

   configClientDBName = ““

ROW LEVEL ENCRYPTION

rowLevelEncryption

enableRLE

Boolean

[rowlevel]

   enableRLE = false

isRowGlobalEncryption

isRowGlobalEncryption

Boolean

[rowlevel]

   isRowGlobalEncryption = false

isTHFTDisabled

isTHFTDisabled

Boolean

[rowlevel]

   isTHFTDisabled = true

sqlComments

sqlComments

String

[rowlevel]

   sqlComments = ““

entityIdInWhereClause

entityIdInWhereClause

Boolean

[rowlevel]

   entityIdInWhereClause = true

enableAnyEntityIdDecryption

enableAnyEntityIdDecryption

Boolean

[rowlevel]

   enableAnyEntityIdDecryption = false

aggressivePreParseFilter

aggressivePreParseFilter

Boolean

[rowlevel]

   aggressivePreParseFilter = true

isSHAProxy

isSHAProxy

Boolean

[rowlevel]

   isSHAProxy = false

selectOnInvalidKey

selectOnInvalidKey

String

[rowlevel]

   selectOnInvalidKey= ERROR

PROXY CHANNEL CONFIG

clientSndBuf

sendBuffer

Integer

[channel]

   [channel.client]

       sendBuffer = 0

clientRcvBuf

receiveBuffer

Integer

[channel]

   [channel.client]

       receiveBuffer = 0

clientHighWaterMark

highWaterMark

Integer

[channel]

   [channel.client]

       highWaterMark = 0

clientLowWaterMark

lowWaterMark

Integer

[channel]

   [channel.client]

       lowWaterMark = 0

serverSndBuf

sendBuffer

Integer

[channel]

   [channel.server]

       sendBuffer = 0

serverRcvBuf

receiveBuffer

Integer

[channel]

   [channel.server]

       receiveBuffer = 0

serverHighWaterMark

highWaterMark

Integer

[channel]

   [channel.server]

       highWaterMark = 0

serverLowWaterMark

lowWaterMark

Inteter

[channel]

   [channel.server]

       lowWaterMark = 0

RUNTIME CONFIG

useTcp

useTcp

Boolean

[runtime]

   useTcp = true

bufferSize

bufferSize

Integer

[runtime]

   bufferSize = 1000000

numBlindServers

count

(REQUIRED if type=br)

Integer

[runtime]

   [[runtime.servlet]]

       type = “blind”

       count = 1

blindServerPort

port

(REQUIRED if type=br)

Integer

[runtime]

   [[runtime.servlet]]

       type = “blind”

       port = 88888

numCompareServers

count

(REQUIRED if type=br)

Integer

[runtime]

   [[runtime.servlet]]

       type = “compare”

       count = 1

compareServerPort

port

(REQUIRED if type=br)

Integer

[runtime]

   [[runtime.servlet]]

       type = “compare”

       port = 88888

numConvertServers

count

(REQUIRED if type=br)

Integer

[runtime]

   [[runtime.servlet]]

       type = “convert”

       count = 1

convertServerPort

port

(REQUIRED if type=br)

Integer

[runtime]

   [[runtime.servlet]]

       type = “convert”

       port = 88888

numTrustedServers

count

(REQUIRED if type=br)

Integer

[runtime]

   [[runtime.servlet]]

       type = “trusted”

       count = 1

trustedServerPort

port

(REQUIRED if type=br)

Integer

[runtime]

   [[runtime.servlet]]

       type = “trusted”

       port = 88888

numBooleanConvertServers

count

(REQUIRED if type=br)

Integer

[runtime]

   [[runtime.servlet]]

           type = “booleanconvert”

           count = 1

booleanConvertServerPorts

port

(REQUIRED if type=br)

List<Integer>

[runtime]

   [[runtime.servlet]]

           type = “booleanconvert“

           port = [88881,88882,88883,88884,88885]

MONITOR CONFIG

restUrl

url

String

[monitor]

   [monitor.rest]

       url = “http://localhost:8080/”

restUrlResource

resource

String

[monitor]

   [monitor.rest]

       resource = “bafflehealthinfo”

enableBaffleHeartbeat

enableHeartbeat

Boolean

[monitor]

   [monitor.heartbeat]

       enableHeartbeat = false

baffleHeartbeatInterval

interval

Long

[monitor]

   [monitor.heartbeat]

       interval = 3000

WORKLOAD CAPTURE

bsEnableWorkload

enableCapture

Boolean

[workload]

   enableCapture = false

bsWorkloadPath

capturePath

(default = baffle.config.path)

String

[workload]

   capturePath = “/home/vagrant/shield/“

bsWorkloadRefresh

workloadRefresh

Long

[workload]

   workloadRefresh = 3000

bsWorkloadConfig

workloadConfig

Integer

[workload]

   workloadConfig = 0

bsWorkloadProfile

workloadProfile

Boolean

[workload]

   workloadProfile = false

SSL CONFIG

defaultDatabase

defaultDatabase

(REQUIRED for baffler)

String

[baffler]

   defaultDatabase = “defaultDatabase“

defaultSchema

defaultSchema

(REQUIRED for baffler)

String

[baffler]

   defaultDatabase = “defaultSchema“

tdsMajorVersion

tdsMajorVersion

String

[baffler]

   tdsMajorVersion = “7.4”

packetSize

packetSize

Integer

[baffler]

   packetSize = 4096

bafflerHaltOnErrors

haltOnErrors

Boolean

[baffler]

   haltOnErrors = false

DEPLOYMENT CONFIG

deploymentType

deploymentType

String

[deploy]

   deploymentType = “local“

rdrTargetName

rdrTargetName

String

[deploy]

   rdrTargetName = “baffle-target-group-reader“

wtrTargetName

wtrTargetName

String

[deploy]

   wtrTargetName = “baffle-target-group-writer“

testMode

testMode

Integer

[deploy]

   testMode = 0

testKey

testKey

Integer

[deploy]

   testKey = 1

DATA MASKING CONFIG

typeSpecificDefaultMasks

  1. type
  2. mode
  3. pattern

String

[masking]

   [[masking.defaults]]

       type = “int“

       mode = “FIXED“

       pattern = “123“

   [[masking.defaults]]    

       type = "char"    

       mode = "CHARACTER"      

   [[masking.defaults]]    

       type = "date"    

       mode = "FIXED"    

       pattern = "12/7/1941"

 

This will be converted to:

”int FIXED 123;char CHARACTER;date FIXED 12/7/1941”

resultSetLimitMaskingThreshold

resultSetLimitThreshold

Integer

[masking]

   resultSetLimitThreshold = 10

IP FILTER CONFIG

ipFilterPermittedSubnets

permitted

String

[ip_filter]

   [[ip_filter.permitted]]

       cidr_address = "127.0.0.1/32"

ipFilterBlockedSubnets

blocked

String

[ip_filter]

   [[ip_filter.blocked]]

       cidr_address = "0.0.0.0/0"

SDK (BAFFLE API)

dbServerType

dbServerType

String

[sdk]

   dbServerType= "global"

dbHierarchyLevels

dbHierarchyLevels

Integer

[ip_filter]

   dbHierarchyLevels= 3



TOML BaffleCommonConfig Template

format = "TOML"

[params]
 tier = 0
 type = "br"
 configType = "remote"
 useMarkers = false
 configRefreshMilliSeconds = 3000
 nullEncryption  = false
 baffleID = "1"
 syncTime = 30

[keyInfo]
 numKeyIds = 1
 numRandomKeyIds = 1
 keyRefreshSeconds = 60
 enableMultiKey = true

[logInfo]
 logPath = "/home/vagrant/shield/logs"
 logFiles = 10
 logSize = "10MB"

[baffleshield]
 mode = 0
 debug = 0
 clientPort = 8444
 serverPort = 3306
 dbServerHost = "127.0.0.1"
 dbServerUser = "user"
 dbServerPassword = "password"
 enableShield = true
 enableKeyCreation = false
 enableIntegrityCheck = false
 enableMixedMode = false
 enableDiagnosis = false
 randomizedSearchStrings = false
 caseSensitiveCompare = true
 charset = "utf8"
 charsetMaxLen = 0
 checkProxyPort = false
 readReplica = false
 encType = "ENC_DET"
 encMode = "M_ADD"
 threadPoolSize = 0
 backPressureDisabled = false
 configClientRetryLimit = 120
 aggressiveHealthCheck = false
 resultSetStreaming = true
 loopbackServer = "BaffleShield"
 supportQuotedIdentifiers = true
 monitorPort = -1
 useStoredProcedures = false
 refreshOnDDL = false
 filterMode = 0
 verifyBPS = true
 configClientDBName = "BaffleTest"

[rowlevel]
 enableRLE = false
 isRowGlobalEncryption = false
 isTHFTDisabled = true
 sqlComments = ""
 entityIdInWhereClause = true
 enableAnyEntityIdDecryption = false
 aggressivePreParseFilter = true
 isSHAProxy = false

[channel]
 [channel.client]
   sendBuffer = 0
   receiveBuffer = 0
   lowWaterMark = 0
   highWaterMark = 0
 [channel.server]
   sendBuffer = 0
   receiveBuffer = 0
   lowWaterMark = 0
   highWaterMark = 0  

[runtime]
 useTcp = true
 bufferSize = 1000000
 [[runtime.servlet]]
   type = "blind"
   count = 1
   port = 88888
 [[runtime.servlet]]
   type = "compare"
   count = 1
   port = 88888
 [[runtime.servlet]]
   type = "convert"
   count = 1
   port = 88888
 [[runtime.servlet]]
   type = "trusted"
   count = 1
   port = 88888
 [[runtime.servlet]]
   type = "booleanconvert"
   count = 1
   port = [88881,88882,88883,88884,88885] 

[monitor]
 [monitor.rest]
   url = "http://localhost:8080/"
   resource = "bafflehealthinfo"
 [monitor.heartbeat]
   enableHeartbeat = false
   interval = 3000

[workload]
 enableCapture = false
 capturePath = "/home/vagrant/shield"
 workloadRefresh = 3000
 workloadConfig = 0
 workloadProfile = false

[ssl]
 enableSSL = false
 keystoreFile = "/home/vagrant/shield/baffleshield-keystore.jks"
 truststoreFile = "/home/vagrant/shield/baffleshield-keystore.jks"
 keystorePassword = "keystore"
 truststorePassword = "keystore"
 tlsVersion = "TLSv1,TLSv1.1,TLSv1.2"
 disableServerValidation = false

[baffler]
 defaultDatabase = "defaultDatabase"
 defaultDatabase = "defaultSchema"
 tdsMajorVersion = "7.4"
 packetSize = 4096
 haltOnErrors = false

[deploy]

 deploymentType = "local"
 rdrTargetName = "baffle-target-group-reader"
 wtrTargetName = "baffle-target-group-writer"
 testMode = 0
 testKey = 1

[masking]
 resultSetLimitThreshold = 0
 [[masking.defaults]]
   type = "int"
   mode = "FIXED"
   pattern = "123"
 [[masking.defaults]]
   type = "char"
   mode = "CHARACTER"
 [[masking.defaults]]
   type = "date"
   mode = "FIXED"
   pattern = "12/7/1941"

[ip_filter]
   [[ip_filter.permitted]]
       cidr_address = "127.0.0.1/32"
   [[ip_filter.blocked]]
        cidr_address = "0.0.0.0/0"        

 

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.