Services

Cypher

Overview

Cypher at its core is a secure Key/Value store. But what makes cypher useful is the ability to securely store or generate credentials to connect to your instances. Not only are these credentials encrypted but by using a cypher you don’t have to burn in connection credentials between instances into your apps.

Cypher keys can be revoked, either through lease timeouts or manually. So even if somebody were to gain access to your keys you could revoke access to the keys and generate new ones for your applications.

Keys can have different behaviors depending on the specified mountpoint.

Mountpoints

password
Generates a secure password of specified character length in the key pattern (or 15) with symbols, numbers, upper case, and lower case letters (i.e. password/15/mypass generates a 15 character password).
secret
This is the standard secret module that stores a key/value in encrypted form.
uuid
Returns a new UUID by key name when requested and stores the generated UUID by key name for a given lease timeout period.
key

Generates a Base 64 encoded AES Key of specified bit length in the key pattern (i.e. key/128/mykey generates a 128-bit key)

  • Key lease times are entered in milliseconds and default to 32 days (2764800000 ms).
    • Quick MS Time Reference:
    • Day: 86400000
    • Week: 604800000
    • Month (30 days): 2592000000
    • Year: 31536000000

Creating Cypher Keys

  1. Navigate to Services - Cypher and select “+ ADD KEY”
  2. Configure one of the following types of Keys:

Password

A Cypher password generates a secure password of specified character length in the key pattern (or 15) with symbols, numbers, upper case, and lower case letters (i.e. password/15/mypass generates a 15 character password).

Key:: Pattern password/character_length/key

Example: password/10/mypassword

Value:: Leave the Value filed blank for a password, as it will be generated.

Lease: Enter lease time in milliseconds (ex. 604800000 for one week)

Save changes and the password will be generated and available for use.

If your user role has Cypher: Decrypt permissions, a “DECRYPT” button will be available in the Cypher section to view the generated password.

To delete the password key, select Actions -> Remove and confirm.

Secret

A Cypher secret is the standard secret module that stores a key/value in encrypted form.

Key

Pattern “secret/key”

  • EXAMPLE: secret/mysecret
Value
Add the secret value to be encrypted
Lease
Enter lease time in milliseconds (ex. 604800000 for one week)

Save changes and the secret will be encrypted and available for use.

If your Morpheus user role has Cypher: Decrypt permissions, a “DECRYPT” button will be available in the Cypher section to view the secret.

To delete the secret, select Actions -> Remove and confirm.

UUID

A Cypher UUID Returns a new UUID by key name when requested and stores the generated UUID by key name for a given lease timeout period.

Key

Pattern “uuid/key”

  • Example: uuid/myuuid
Value
Leave the Value filed blank for UUID, as it will be generated.
Lease
Enter lease time in milliseconds (ex. 604800000 for one week)

Save changes and the UUID will be generate and available for use.

If your user role has Cypher: Decrypt permissions, a “DECRYPT” button will be available in the Cypher section to view the generate UUID.

To delete the UUID, select Actions -> Remove and confirm.

Key

A Cypher Key generates a Base 64 encoded AES Key of specified bit length in the key pattern (i.e. key/128/mykey generates a 128-bit key).

Key

Pattern “key/bit_length/key”

  • Example: key/256/mykey
Value
Leave the Value filed blank for key, as it will be generated.
Lease
Enter lease time in milliseconds (ex. 604800000 for one week)

Save changes and the AES Key will be generate and available for use.

If your user role has Cypher: Decrypt permissions, a “DECRYPT” button will be available in the Cypher section to view the generate AES Key.

To delete the UUID, select Actions -> Remove and confirm.

Using Cypher Keys in Scripts

To use a cypher Key in a script, use the following syntax:

<%=cypher.read(‘var_name’)%>

Example:
PASSWORD=<%=cypher.read('secret/myuserpassword')%>

Archives

Overview

Archives provides a way to store your files and make them available for download by your Scripts and Users. Archives are organized by buckets. Each bucket has a unique name that is used to identify it in URLs and Scripts.

../_images/archives.gif

Storage Provider

Archive buckets are assigned a Storage Provider (Object Store). This is where the bucket will write its files. A Storage Provider can be configured to use the local appliance file system (Local), an Amazon S3 bucket, etc.

Every archive bucket generates and uses a random File Path to store its files under. This ensures two different archive buckets will not contend for the same backend storage location.

Permissions

Visibility

Visibility determines whether your files are secure or not.

Private
This secures your files. Only authorized users of the Owner and Tenants account may view the bucket and download its files. This is the default.
Public
This makes your files available to the public. Anyone, including anonymous users/scripts can download these files without any authentication.

Warning

Be careful not to store sensitive files in a Public archive.

Users of the Owner account may fully manage the files in a bucket.

Tenants

Users of the Owner account may fully manage the files in a bucket. Users of the Tenant account(s) will have read-only access. The may browse and download files in the bucket.

Both Owner and Tenants must have the Services: Archives permission to access a Private bucket. READ level access allows browsing and downloading files in the bucket.

FULL access allows full management of the bucket and its files. This includes modifying files and links, bucket settings and deleting it.

Files

To add a file to a bucket, click on the bucket name, and then click the + ADD FILE button. Once added, click on the file name to access the links, history and script section for the file.

Scripts

Morpheus automatically generates syntax for creating a link to a file in your Scripts. When the Script is generated, it will create a temporary link to download the file and return the URL of that link. This link is made available to the public. It is accessible to any user or script that can reach the appliance. Downloading the file only requires knowing the URL, which includes a secret token parameter. You can specify the number of seconds before the link expires. The default value is 1200 (20 minutes).