Encrypting your alert data

Install and set up the edge encryption application then use one of the three methods we provide to deploy it to your environment.

Set up the Edge Encryption application

Prerequisites

  • Contact customer success to have the Edge Encryption feature enabled on your account
  • Determine the domain you will use to deploy the edge encryption application

Steps

  1. Access your Opsgenie Settings page.
  2. Select the Edge Encryption tab.
  3. Add a new application.
  4. Fill in the name and URL fields.
    a. Provide the URL of your chosen domain to the URL field. If you want this application to process your data, you need to send your requests to this URL.
  5. Copy the public key and application ID after adding the application. You will need them to configure the app.
  6. Open the config file of the app.
  7. The public key is used for verifying requests between Opsgenie and the application. Save this key to a file and paste the path of this file as the jwtPublicKeyPath in the config file.
  8. Paste the application ID that you copied from the Edge Encryption page to the ogApplicationId field.
  9. Add an API Key of one of the API integrations that you configured to the conf file. In order to get the integration config to the application, this API Key will be used.
  10. According to your Opsgenie account domain, set the opGenieApiUrl:
    a. For US: https://api.opsgenie.com
    b. For EU: https://api.eu.opsgenie.com
  11. If monitoringEnabled is set as true, it means that the transactions in the application will be collected by Opsgenie.
  12. The application will use a master key for encrypting the alert. You need to create a new one and save it in a file and put the file path to the config file as encryptionMasterKeyPath.
  13. After the config file is ready, you can run the application.

File configuration instructions

In the configuration file, create a .og-edge-encryption-conf file under $USER_HOME directory with content like this:

{

"opsGenieApiUrl": <Opsgenie app url>,

"apiKey": <apiKey of one of your API integrations>

"monitoringEnabled": "false",

"encryptionMasterKeyPath": "$USER_HOME/.og-edge-encryption-master-key",

"ogApplicationId": <your application id>,

"jwtPublicKeyPath": "$USER_HOME/.og-edge-encryption-jwt-public-key"

}
  • Put your encryption master key into related file. $USER_HOME/.og-edge-encryption-master-key
  • Put the public key you copied from Opsgenie into related file. $USER_HOME/.og-edge-encryption-jwt-public-key
  1. Run the application.

How to use the encryption master key

Prerequisites

Check instructions for setting up the edge encryption application.

Steps

Our Edge Encryption application uses AWS encryption SDK for the encryption/decryption process, using a practice called Envelope Encryption. In Envelope Encryption practice, data keys are used to encrypt/decrypt data and a master key is used for encrypting/decrypting the data key. SDK itself rotates the data key, but you must be aware of the fact that the master key should not be rotated since it is used for encryption/decryption of data keys. For more information, read AWS’s developer guide on how it works.

The master key can be AES 128-bit or AES 256-bit. Providing and managing the master key is your responsibility. If you change the master key, you might not be able to decrypt the data key encrypted before.

How to deploy the edge encryption application via Docker image

Prerequisites

Check instructions for setting up the edge encryption application.

Steps

  1. Run ‘docker run -ti -v <configDir>:/home/opsgenie:ro -p 9200:9200 atlassian/opsgenie-edge-encryption’ command

    • <configDir> is the directory which contains your conf files
    • In the configuration file, create a .og-edge-encryption-conf file under $USER_HOME directory with content like this:
{

"opsGenieApiUrl": <Opsgenie app url>,

"apiKey": <apiKey of one of your API integrations>

"monitoringEnabled": "false",

"encryptionMasterKeyPath": "/home/opsgenie/.og-edge-encryption-master-key",

"ogApplicationId": <your application id>,

"jwtPublicKeyPath": "/home/opsgenie/.og-edge-encryption-jwt-public-key"

}
  • Put your encryption master key into related file. $USER_HOME/.og-edge-encryption-master-key
  • Put the public key you copied from Opsgenie into related file. $USER_HOME/.og-edge-encryption-jwt-public-key

How to deploy the edge encryption application via CloudFormation template

Prerequisites

Set up or log into your AWS account to access the CloudFormation template.

Steps

  1. Access the template here.
  2. Enter your stack name.
  3. Enter your encryption master key to the EncrytpionMasterKey field.
  4. Copy the JWT public key from Opsgenie (where? config file?) and paste it to the JWTPublicKey field.
  5. Set the MonitoringEnabled field to true if you want to send your application metrics to Opsgenie. It is false by default.
  6. Access Opsgenie > Settings > Edge Encryption tab and copy the applicationID and paste it to the OgAplicationId field in the template.
  7. Copy the API key from one of your API integrations via the integration setup page and paste it to the OpsGenieApiKey field in the template.
  8. Access Opsgenie > Settings > Edge Encryption tab and copy Opsgenie API key to theOpsGenieApiUrl field in the template. The default value is “https://api.opsgenie.com”, edit the url to use EU or Sandbox environments.
  9. Check the box to “I acknowledge that AWS CloudFormation might create IAM resources with custom names” under the Capabilities section.
  10. Click Create.

How to deploy the edge encryption application via Jar package

Prerequisites

Check instructions for setting up the edge encryption application.

Steps

  1. Download the jar package here.

It is normal to get a warning when downloading an executable file.

  1. In the configuration file, create a .og-edge-encryption-conf file under $USER_HOME directory with content like this:
{

"opsGenieApiUrl": <Opsgenie app url>,

"apiKey": <apiKey of one of your API integrations>

"monitoringEnabled": "false",

"encryptionMasterKeyPath": "$USER_HOME/.og-edge-encryption-master-key",

"ogApplicationId": <your application id>,

"jwtPublicKeyPath": "$USER_HOME/.og-edge-encryption-jwt-public-key"

}

  • Put your encryption master key into related file. $USER_HOME/.og-edge-encryption-master-key
  • Put the public key you copied from Opsgenie into related file. $USER_HOME/.og-edge-encryption-jwt-public-key
  1. Run the jar file

    a. java -jar filename.jar

Encrypting your alert data


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.