Edge Encryption

Opsgenie’s Edge Encryption encrypts your user data so that Opsgenie never receives the raw version of the payload directly. The encryption application is hosted on your own environment and acts as a bridge between Opsgenie and 3rd party tools.

The alert details are decrypted and displayed in your browser after you send a request to the encryption application. Similarly, when retrieving alert details via the Alert API, the API client sends the alert data to the encryptions application and retrieves it back, decrypted.

Supported integrations

Add the domain of your deployed edge encryption app to the integrations configuration page url field. Please notice that email integrations are not supported yet.

  • API
  • Airbrake
  • Amazon SNS
  • AppDynamics
  • CheckMK
  • CloudWatch
  • Datadog
  • Icinga
  • Icinga2
  • Jenkins
  • Jira
  • Jira ServiceDesk
  • LibreNMS
  • LogicMonitor
  • Nagios
  • NagiosXI
  • New Relic
  • Pingdom
  • PRTG
  • Rollbar
  • Runscope
  • ServiceNow
  • Site 24x7
  • Splunk
  • Splunk ITSI
  • Sumologic
  • XPackAlerting
  • Zabbix
  • Zendesk (v1)
  • Zenoss

Limitations

The Edge Encryption application encrypts all of the alert fields except alias, message, tags, and priority. At this time, incident data encryption is not available.

Alert data will not be encrypted if the requests are sent to Opsgenie instead of the encryption application, even if the Edge Encryption feature is enabled.

Alerts will not be received by Opsgenie if edge encryption is enabled but the application is not running, since the data is sent to the application first to be decrypted.

Since raw alert/payload data will never be retrieved by Opsgenie as it is only handling the encrypted data, using encrypted alert fields on any condition filtering (Routing rules, Policies, etc.) will not work. However, integration conditions will still work fine.

Firewall access

Please configure your firewall to allow 9200 port to be accessible for any incoming traffic.

If the 9200 port is not allowed, data cannot be retrieved from outside your environment to your application. You will be unable to create encrypted alerts in Opsgenie nor decrypt alert details from any browsers that are used outside of the browser running your application.

Number of servers

You may want to increase your number of proxy servers depending on your usage. The encryption process can run faster depending on server hardware, helping to reduce latency. This process can be costly, so you may want to use machines with faster or more CPUs and RAM. To determine the size of your server, take a look at some of these test results:

The average number of encrypted alerts created per second in c4.large machines is 32

This number is 69 in c4.xlarge machines

To handle more alerts at the same time, you should consider upgrading your current servers or adding new ones. The examples above are the minimum required server examples.

Load balancers

Consider adding a load balancer to distribute requests to different servers to prevent overload.

CPU utilization

The encryption process may consume a considerable amount of CPU, which can cause performance and latency issues. You may want to consider adding more servers when CPU utilization remains at more than 80% for a couple of minutes.

Memory

Server memory must be at least 3.75 GiB to 7.5 GiB.


What's Next

Now that you know how our encryption app works, set it up and begin encrypting your alert data

Encrypting your alert data

Edge Encryption


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.