This document is a reference for the TOML format parameters, syntax, and structure for the following Baffle configuration files:
IMPORTANT! NOTE: Using the Baffle Configuration Editor to modify these files is an advanced procedure. We recommend that you consult with a Baffle Support representative before doing so.
TOML Format - BaffleCommonConfig
This section provides information on TOML parameters for BaffleCommonConfig, as well as the datatype and TOML representation with default value. For an example of a TOML Baffle Common Config file, see the TOML BaffleCommonConfig Template.
For information on other formats for this config file, see Baffle Common Config File Parameters Reference. For instructions on how to edit this file, see Modify and Deploy the Baffle Common Config File.
|
Original |
TOML Parameter |
Datatype |
Representation |
|
COMMON PARAMS |
|||
|
tier |
tier |
Integer |
[params] tier = 0 |
|
type |
type |
String |
[params] type = “bs” |
|
configType |
configType |
String |
[params] configType = “remote” |
|
useMarkers |
useMarkers |
Boolean |
[params] useMarkers = false |
|
configRefreshMilliSeconds |
configRefreshMilliSeconds |
Long |
[params] configRefreshMilliSeconds = 3000 |
|
nullEncryption |
nullEncryption |
Boolean |
[params] nullEncryption = false |
|
baffleID |
baffleID |
String |
[params] baffleID = “1” |
|
syncTime |
syncTime |
Integer |
[params] syncTime = 30 |
|
resourceLeakDetectorLevel |
resourceLeakDetectorLevel |
String |
[params] resourceLeakDetectorLevel= “paranoid” |
|
resourceLeakDetectorRecords |
resourceLeakDetectorRecords |
Integer |
[params] resourceLeakDetectorRecords = 200 |
|
KEY INFO |
|||
|
numKeyIds |
numKeyIds |
Integer |
[keyInfo] numKeyIds = 1 |
|
numRandomKeyIds |
numRandomKeyIds (default = numKeyIds) |
Integer |
[keyInfo] numRandomKeyIds = 1 |
|
keyRefreshSeconds |
keyRefreshSeconds |
Integer |
[keyInfo] keyRefreshSeconds = 60 |
|
multiKeyEnable |
enableMultiKey |
Boolean |
[keyInfo] enableMultiKey = true |
|
multiKeyWildCardEnable |
enableMultiKeyWildCard |
Boolean |
[keyInfo] enableMultiKeyWildCard = true |
|
LOG INFO |
|||
|
logPath |
logPath (default = jar path + /logs) |
String |
[logInfo] logPath = “/home/vagrant/shield/logs" |
|
logFiles |
logFiles |
Integer |
[logInfo] logFiles = 10 |
|
logSize |
logSize |
Integer |
[logInfo] logSize = “10MB” |
|
BAFFLE SHIELD CONFIG |
|||
|
bsMode |
mode |
Integer |
[baffleshield] mode = 0 |
|
debug |
debug |
Integer |
[baffleshield] debug = 0 |
|
bsClientPort |
clientPort |
Integer |
[baffleshield] clientPort = 8444 |
|
bsServerPort |
serverPort |
Integer |
[baffleshield] serverPort = 3306 |
|
bsDBServerHost |
dbServerHost |
String |
[baffleshield] dbServerHost = “127.0.0.1” |
|
bsDBServerUser |
dbServerUser |
String |
[baffleshield] dbServerUser = null |
|
bsDBServerPassword |
dbServerPassword |
String |
[baffleshield] dbServerPassword = null |
|
bsEnable |
enableShield |
Boolean |
[baffleshield] enableShield = true |
|
bsKeyCreate |
enableKeyCreation |
Boolean |
[baffleshield] enableKeyCreation = false |
|
isIntegrityCheckEnabled |
enableInegrityCheck |
Boolean |
[baffleshield] enableIntegrityCheck = false |
|
isMixedModeEnabled |
enableMixedMode |
Boolean |
[baffleshield] enableMixedMode = false |
|
diagnosticsEnabled |
enableDiagnosis |
Boolean |
[baffleshield] enableDiagnosis = false |
|
randomizedSearchStrings |
randomizedSearchStrings |
Boolean |
[baffleshield] randomizedSearchStrings = false |
|
caseSensitiveCompare |
caseSensitiveCompare |
Boolean |
[baffleshield] caseSensitiveCompare = true |
|
charset |
charset |
String |
[baffleshield] charset = “utf8” |
|
charsetMaxLen |
charsetMaxLen |
Integer |
[baffleshield] charsetMaxLen = 0 |
|
checkProxyPort |
checkProxyPort |
Boolean |
[baffleshield] checkProxyPort = false |
|
readReplica |
readReplica |
Boolean |
[baffleshield] readReplica = false |
|
encType |
encType |
String |
[baffleshield] encType = “ENC_DET” |
|
encMode |
encMode |
String |
[baffleshield] encMode = “M_ADD” |
|
threadPoolSize |
threadPoolSize |
Integer |
[baffleshield] threadPoolSize = 0 |
|
backPressureDisabled |
backPressureDisabled |
Boolean |
[baffleshield] backPressureDisabled = false |
|
configClientRetryLimit |
configClientRetryLimit |
Integer |
[baffleshield] configClientRetryLimit = 120 |
|
aggressiveHealthCheck |
aggressiveHealthCheck |
Boolean |
[baffleshield] aggressiveHealthCheck = false |
|
resultSetStreaming |
resultSetStreaming |
Boolean |
[baffleshield] resultSetStreaming = true |
|
loopbackServer |
loopbackServer |
String |
[baffleshield] loopbackServer = “BaffleShield” |
|
supportQuotedIdentifiers |
supportQuotedIdentifiers |
Boolean |
[baffleshield] supportQuotedIdentifiers = true |
|
bsMonitorPort |
monitorPort |
Integer |
[baffleshield] monitorPort = -1 |
|
useStoredProcedures |
useStoredProcedures |
Boolean |
[baffleshield] useStoredProcedures = false |
|
refreshOnDDL |
refreshOnDDL |
Boolean |
[baffleshield] refreshOnDDL = false |
|
filterMode |
filterMode |
Integer |
[baffleshield] filterMode = 0 |
|
verifyBPS |
verifyBPS |
Boolean |
[baffleshield] verifyBPS = true |
|
bsConfigClientDBName |
configClientDBName |
String |
[baffleshield] configClientDBName = ““ |
|
ROW LEVEL ENCRYPTION |
|||
|
rowLevelEncryption |
enableRLE |
Boolean |
[rowlevel] enableRLE = false |
|
isRowGlobalEncryption |
isRowGlobalEncryption |
Boolean |
[rowlevel] isRowGlobalEncryption = false |
|
isTHFTDisabled |
isTHFTDisabled |
Boolean |
[rowlevel] isTHFTDisabled = true |
|
sqlComments |
sqlComments |
String |
[rowlevel] sqlComments = ““ |
|
entityIdInWhereClause |
entityIdInWhereClause |
Boolean |
[rowlevel] entityIdInWhereClause = true |
|
enableAnyEntityIdDecryption |
enableAnyEntityIdDecryption |
Boolean |
[rowlevel] enableAnyEntityIdDecryption = false |
|
aggressivePreParseFilter |
aggressivePreParseFilter |
Boolean |
[rowlevel] aggressivePreParseFilter = true |
|
isSHAProxy |
isSHAProxy |
Boolean |
[rowlevel] isSHAProxy = false |
|
selectOnInvalidKey |
selectOnInvalidKey |
String |
[rowlevel] selectOnInvalidKey= ERROR |
|
PROXY CHANNEL CONFIG |
|||
|
clientSndBuf |
sendBuffer |
Integer |
[channel] [channel.client] sendBuffer = 0 |
|
clientRcvBuf |
receiveBuffer |
Integer |
[channel] [channel.client] receiveBuffer = 0 |
|
clientHighWaterMark |
highWaterMark |
Integer |
[channel] [channel.client] highWaterMark = 0 |
|
clientLowWaterMark |
lowWaterMark |
Integer |
[channel] [channel.client] lowWaterMark = 0 |
|
serverSndBuf |
sendBuffer |
Integer |
[channel] [channel.server] sendBuffer = 0 |
|
serverRcvBuf |
receiveBuffer |
Integer |
[channel] [channel.server] receiveBuffer = 0 |
|
serverHighWaterMark |
highWaterMark |
Integer |
[channel] [channel.server] highWaterMark = 0 |
|
serverLowWaterMark |
lowWaterMark |
Inteter |
[channel] [channel.server] lowWaterMark = 0 |
|
RUNTIME CONFIG |
|||
|
useTcp |
useTcp |
Boolean |
[runtime] useTcp = true |
|
bufferSize |
bufferSize |
Integer |
[runtime] bufferSize = 1000000 |
|
numBlindServers |
count (REQUIRED if type=br) |
Integer |
[runtime] [[runtime.servlet]] type = “blind” count = 1 |
|
blindServerPort |
port (REQUIRED if type=br) |
Integer |
[runtime] [[runtime.servlet]] type = “blind” port = 88888 |
|
numCompareServers |
count (REQUIRED if type=br) |
Integer |
[runtime] [[runtime.servlet]] type = “compare” count = 1 |
|
compareServerPort |
port (REQUIRED if type=br) |
Integer |
[runtime] [[runtime.servlet]] type = “compare” port = 88888 |
|
numConvertServers |
count (REQUIRED if type=br) |
Integer |
[runtime] [[runtime.servlet]] type = “convert” count = 1 |
|
convertServerPort |
port (REQUIRED if type=br) |
Integer |
[runtime] [[runtime.servlet]] type = “convert” port = 88888 |
|
numTrustedServers |
count (REQUIRED if type=br) |
Integer |
[runtime] [[runtime.servlet]] type = “trusted” count = 1 |
|
trustedServerPort |
port (REQUIRED if type=br) |
Integer |
[runtime] [[runtime.servlet]] type = “trusted” port = 88888 |
|
numBooleanConvertServers |
count (REQUIRED if type=br) |
Integer |
[runtime] [[runtime.servlet]] type = “booleanconvert” count = 1 |
|
booleanConvertServerPorts |
port (REQUIRED if type=br) |
List<Integer> |
[runtime] [[runtime.servlet]] type = “booleanconvert“ port = [88881,88882,88883,88884,88885] |
|
MONITOR CONFIG |
|||
|
restUrl |
url |
String |
[monitor] [monitor.rest] url = “http://localhost:8080/” |
|
restUrlResource |
resource |
String |
[monitor] [monitor.rest] resource = “bafflehealthinfo” |
|
enableBaffleHeartbeat |
enableHeartbeat |
Boolean |
[monitor] [monitor.heartbeat] enableHeartbeat = false |
|
baffleHeartbeatInterval |
interval |
Long |
[monitor] [monitor.heartbeat] interval = 3000 |
|
WORKLOAD CAPTURE |
|||
|
bsEnableWorkload |
enableCapture |
Boolean |
[workload] enableCapture = false |
|
bsWorkloadPath |
capturePath (default = baffle.config.path) |
String |
[workload] capturePath = “/home/vagrant/shield/“ |
|
bsWorkloadRefresh |
workloadRefresh |
Long |
[workload] workloadRefresh = 3000 |
|
bsWorkloadConfig |
workloadConfig |
Integer |
[workload] workloadConfig = 0 |
|
bsWorkloadProfile |
workloadProfile |
Boolean |
[workload] workloadProfile = false |
|
SSL CONFIG |
|||
|
defaultDatabase |
defaultDatabase (REQUIRED for baffler) |
String |
[baffler] defaultDatabase = “defaultDatabase“ |
|
defaultSchema |
defaultSchema (REQUIRED for baffler) |
String |
[baffler] defaultDatabase = “defaultSchema“ |
|
tdsMajorVersion |
tdsMajorVersion |
String |
[baffler] tdsMajorVersion = “7.4” |
|
packetSize |
packetSize |
Integer |
[baffler] packetSize = 4096 |
|
bafflerHaltOnErrors |
haltOnErrors |
Boolean |
[baffler] haltOnErrors = false |
|
DEPLOYMENT CONFIG |
|||
|
deploymentType |
deploymentType |
String |
[deploy] deploymentType = “local“ |
|
rdrTargetName |
rdrTargetName |
String |
[deploy] rdrTargetName = “baffle-target-group-reader“ |
|
wtrTargetName |
wtrTargetName |
String |
[deploy] wtrTargetName = “baffle-target-group-writer“ |
|
testMode |
testMode |
Integer |
[deploy] testMode = 0 |
|
testKey |
testKey |
Integer |
[deploy] testKey = 1 |
|
DATA MASKING CONFIG |
|||
|
typeSpecificDefaultMasks |
|
String |
[masking] [[masking.defaults]] type = “int“ mode = “FIXED“ pattern = “123“ [[masking.defaults]] type = "char" mode = "CHARACTER" [[masking.defaults]] type = "date" mode = "FIXED" pattern = "12/7/1941"
This will be converted to: ”int FIXED 123;char CHARACTER;date FIXED 12/7/1941” |
|
resultSetLimitMaskingThreshold |
resultSetLimitThreshold |
Integer |
[masking] resultSetLimitThreshold = 10 |
|
IP FILTER CONFIG |
|||
|
ipFilterPermittedSubnets |
permitted |
String |
[ip_filter] [[ip_filter.permitted]] cidr_address = "127.0.0.1/32" |
|
ipFilterBlockedSubnets |
blocked |
String |
[ip_filter] [[ip_filter.blocked]] cidr_address = "0.0.0.0/0" |
|
SDK (BAFFLE API) |
|||
|
dbServerType |
dbServerType |
String |
[sdk] dbServerType= "global" |
|
dbHierarchyLevels |
dbHierarchyLevels |
Integer |
[ip_filter] dbHierarchyLevels= 3 |
TOML BaffleCommonConfig Template
format = "TOML"
[params]
tier = 0
type = "br"
configType = "remote"
useMarkers = false
configRefreshMilliSeconds = 3000
nullEncryption = false
baffleID = "1"
syncTime = 30
[keyInfo]
numKeyIds = 1
numRandomKeyIds = 1
keyRefreshSeconds = 60
enableMultiKey = true
[logInfo]
logPath = "/home/vagrant/shield/logs"
logFiles = 10
logSize = "10MB"
[baffleshield]
mode = 0
debug = 0
clientPort = 8444
serverPort = 3306
dbServerHost = "127.0.0.1"
dbServerUser = "user"
dbServerPassword = "password"
enableShield = true
enableKeyCreation = false
enableIntegrityCheck = false
enableMixedMode = false
enableDiagnosis = false
randomizedSearchStrings = false
caseSensitiveCompare = true
charset = "utf8"
charsetMaxLen = 0
checkProxyPort = false
readReplica = false
encType = "ENC_DET"
encMode = "M_ADD"
threadPoolSize = 0
backPressureDisabled = false
configClientRetryLimit = 120
aggressiveHealthCheck = false
resultSetStreaming = true
loopbackServer = "BaffleShield"
supportQuotedIdentifiers = true
monitorPort = -1
useStoredProcedures = false
refreshOnDDL = false
filterMode = 0
verifyBPS = true
configClientDBName = "BaffleTest"
[rowlevel]
enableRLE = false
isRowGlobalEncryption = false
isTHFTDisabled = true
sqlComments = ""
entityIdInWhereClause = true
enableAnyEntityIdDecryption = false
aggressivePreParseFilter = true
isSHAProxy = false
[channel]
[channel.client]
sendBuffer = 0
receiveBuffer = 0
lowWaterMark = 0
highWaterMark = 0
[channel.server]
sendBuffer = 0
receiveBuffer = 0
lowWaterMark = 0
highWaterMark = 0
[runtime]
useTcp = true
bufferSize = 1000000
[[runtime.servlet]]
type = "blind"
count = 1
port = 88888
[[runtime.servlet]]
type = "compare"
count = 1
port = 88888
[[runtime.servlet]]
type = "convert"
count = 1
port = 88888
[[runtime.servlet]]
type = "trusted"
count = 1
port = 88888
[[runtime.servlet]]
type = "booleanconvert"
count = 1
port = [88881,88882,88883,88884,88885]
[monitor]
[monitor.rest]
url = "http://localhost:8080/"
resource = "bafflehealthinfo"
[monitor.heartbeat]
enableHeartbeat = false
interval = 3000
[workload]
enableCapture = false
capturePath = "/home/vagrant/shield"
workloadRefresh = 3000
workloadConfig = 0
workloadProfile = false
[ssl]
enableSSL = false
keystoreFile = "/home/vagrant/shield/baffleshield-keystore.jks"
truststoreFile = "/home/vagrant/shield/baffleshield-keystore.jks"
keystorePassword = "keystore"
truststorePassword = "keystore"
tlsVersion = "TLSv1,TLSv1.1,TLSv1.2"
disableServerValidation = false
[baffler]
defaultDatabase = "defaultDatabase"
defaultDatabase = "defaultSchema"
tdsMajorVersion = "7.4"
packetSize = 4096
haltOnErrors = false
[deploy]
deploymentType = "local"
rdrTargetName = "baffle-target-group-reader"
wtrTargetName = "baffle-target-group-writer"
testMode = 0
testKey = 1
[masking]
resultSetLimitThreshold = 0
[[masking.defaults]]
type = "int"
mode = "FIXED"
pattern = "123"
[[masking.defaults]]
type = "char"
mode = "CHARACTER"
[[masking.defaults]]
type = "date"
mode = "FIXED"
pattern = "12/7/1941"
[ip_filter]
[[ip_filter.permitted]]
cidr_address = "127.0.0.1/32"
[[ip_filter.blocked]]
cidr_address = "0.0.0.0/0"
Comments
Please sign in to leave a comment.