Secured CLI JSON template

The Secured CLI JSON template, found in the config.prod.properties.secured.json file, is integral to the silent installation process outlined in Installation Flow of the RPA CLI installation. This file, generated in the installation flow, contains critical settings for installation, configuration, and file security.

Refer to the detailed descriptions for each parameter to understand its purpose and usage. The provided information serves as a helpful guide, and it is recommended to follow the outlined instructions without making unnecessary changes.

While we do not advise making changes to these parameters, you have the flexibility to do so at your own discretion. Please be aware that modifying these settings may result in a lack of support. Proceed with caution.

The default CLI command parameter descriptions apply to typical and common use cases. In most scenarios, you don't have to make any changes to achieve functionality. Advanced users and special cases may need custom configurations not covered in this topic. Ensure you review your specific requirements before making any changes to parameters outside of the defaults.
By default, all passwords are set to a random string that you can change to human-readable passwords. Changing the passwords for third-party applications will make them easier to remember when you log into their user interface.
When a parameter name is enclosed by dollar signs ($), the system automatically populates it with the information from the parameter that it is referred to. Specifically, any text or value between the dollar signs will be interpreted as a reference to another parameter, and its content will be used to fill in the referenced parameter. In the following example, $RABBITMQ_USER$ will be replaced with the user details from the parameter: RABBITMQ_USER.

"RABBIT": {

JSON Parameter with default value	Description
"RABBITMQ_USER": "nintex"	User is automatically created during the installation process. No changes are required, but it is case-sensitive. You can modify it; the system will use the provided value, and the default value is optional.
"RABBITMQ_AUTH": "getRandomAuth"	Automatically generated during the installation process. No changes are required, but it is case-sensitive. You can input any password instead of the random one; it should be 9 to 32 characters, including upper-case letters, lower-case letters, and numbers. Optionally, it can have an exclamation mark (!).
"RABBITMQ_ADMIN_USER": "admin"	Admin user is automatically created during the installation process. No changes are required, but it is case-sensitive. You can modify it; the system will use the provided value, and the default value is optional.
"RABBITMQ_ADMIN_AUTH": "getRandomAuth"	Automatically generated during the installation process. No changes are required, but it is case-sensitive. You can input any password instead of the random one; it should be 9 to 32 characters, including upper-case letters, lower-case letters, and numbers. Optionally, it can have an exclamation mark (!).
"RABBIT_USER": "$RABBITMQ_USER$"	Automatically populated based on information from another parameter. No changes required.
"RABBIT_PASSWORD": "$RABBITMQ_AUTH$"	Automatically populated based on information from another parameter. No changes required.

"CACHE": {

JSON Parameter with default value	Description
"CACHE_AUTH" : "getRandomAuth"	Generates the Redis password during installation. No changes are required, but it is case-sensitive. You can input any password instead of the random one; it should be 9 to 32 characters, including upper-case letters, lower-case letters, and numbers. Optionally, it can have an exclamation mark (!).

"AEROBASE": {

JSON Parameter with default value	Description
"AEROBASE_ADMIN_AUTH": "$IDP_AUTH_ADMIN_AUTH$"	Automatically generated and represents the admin user for managing Aerobase. No changes required.
"AEROBASE_SERVICE_LOGON_USERNAME" : ""	Is typically the same as the Watchdog `"SERVICE_LOGON_USER"`. If you require a different user, you can specify it here.
"AEROBASE_SERVICE_LOGON_PASS" : ""	Is typically the same as the Watchdog `"SERVICE_LOGON_PASSWORD"`. If you require a different password, you can specify it here.
"AEROBASE_DB_USER": "$MSSQL_USER$"	Automatically populated based on information from another parameter. No changes required.
"AEROBASE_DB_AUTH": "$MSSQL_USER_AUTH$"	Automatically populated based on information from another parameter. No changes required.
"AEROBASE_DB_ADMIN_USER": "$MSSQL_USER$"	Automatically populated based on information from another parameter. No changes required.
"AEROBASE_DB_ADMIN_AUTH": "$MSSQL_USER_AUTH$"	Automatically populated based on information from another parameter. No changes required.

"IDP": {

JSON Parameter with default value	Description
"IDP_ADMIN_CLI_CLIENT_SECRET": "getRandomAuth"	The value for this parameter is automatically generated during the installation process. No changes required.
"IDP_OAUTH_VALIDATOR_SECRET": "getRandomAuth"	The value for this parameter is automatically generated during the installation process. No changes required.
"IDP_PUBLIC_API_CLIENT_SECRET": "getRandomAuth"	The value for this parameter is automatically generated during the installation process. No changes required.
"IDP_AUTH_ADMIN_CLIENT_SECRET": "getRandomAuth"	The value for this parameter is automatically generated during the installation process. No changes required.
"IDP_KRYON_SERVER_SECRET": "getRandomAuth"	The value for this parameter is automatically generated during the installation process. No changes required.
"IDP_KRYON_SECRETS_ADMIN_SECRET": "getRandomAuth"	The value for this parameter is automatically generated during the installation process. No changes required.
"IDP_KRYON_SECRETS_READER_SECRET": "getRandomAuth"	The value for this parameter is automatically generated during the installation process. No changes required.
"IDP_AUTH_ADMIN_USERNAME": "authadmin"	This user is automatically created during the installation process. No changes required.
"IDP_AUTH_ADMIN_AUTH": "getRandomAuth"	The value for this parameter is automatically generated during the installation process. No changes required.
"IDP_APPLICATION_USER_USERNAME": "TestUser"	This user is automatically created during the installation process. No changes required.
"IDP_APPLICATION_USER_AUTH": "getRandomAuth"	The value for this parameter is automatically generated during the installation process. No changes required.
"FEDERATION_BIND_DN": ""	Should be configured when `"AEROBASE_FEDERATION_IS_ENABLED"` is set to true. Specify the username that Aerobase will use to connect to the Active Directory domain.
"FEDERATION_BIND_CREDENTIAL": ""	Should be configured when `"AEROBASE_FEDERATION_IS_ENABLED"` is set to true. Specify the password that Aerobase will use to connect to the Active Directory domain.

"MSSQL": {

JSON Parameter with default value	Description
"MSSQL_USER": "nintex"	If `"MSSQL_PRE_INSTALLED"` is set to true, fill in these details, otherwise leave the default for local installation.
"MSSQL_USER_AUTH": "getRandomAuth"	If `"MSSQL_PRE_INSTALLED"` is set to true, fill in these details, otherwise leave the default for local installation.
"MSSQL_USER_NAME": "$MSSQL_USER$"	If `"MSSQL_PRE_INSTALLED"` is set to true, fill in these details, otherwise leave the default for local installation.
"MSSQL_USER_PASSWORD": "$MSSQL_USER_AUTH$"	If `"MSSQL_PRE_INSTALLED"` is set to true, fill in these details, otherwise leave the default for local installation.

"SSL": {

JSON Parameter with default value Description

"SSL_PFX_PASSWORD" : "" If "SSL_USE_PFX" is set to true, provide the password.

"SSL_KEY_PASSWORD" : ""

JSON Parameter with default value	Description
"SSL_PFX_PASSWORD" : ""	If `"SSL_USE_PFX"` is set to true, provide the password.
"SSL_KEY_PASSWORD" : ""	If the SSL key is password-protected, enter it here. If you have already provided the PFX password and the SSL key is separate and has its own password, provide that password here. If the SSL key doesn't have a password, you can leave this field empty.
"PEM_PASSWORD" : ""	If you did not use PFX and instead used PEM, enter the password for the PEM file here. If the PEM file doesn't have a password, you can leave this field empty.

If the SSL key is password-protected, enter it here.

If you have already provided the PFX password and the SSL key is separate and has its own password, provide that password here.

If the SSL key doesn't have a password, you can leave this field empty.

"PEM_PASSWORD" : "" If you did not use PFX and instead used PEM, enter the password for the PEM file here. If the PEM file doesn't have a password, you can leave this field empty.

"WATCHDOG": {

JSON Parameter with default value	Description
"SERVICE_LOGON_USER": ""	If you want to enable SSPI (Security Support Provider Interface), you should provide a user with appropriate permissions for the service. If there is already data in this field, it means that a specific user account has been selected for the application services user. The default is empty, indicating that it runs with the local user. Local Admin permissions are necessary, and the format follows Windows username limitations.
"SERVICE_LOGON_PASSWORD": ""	If you want to enable SSPI, you should provide the password for a user with appropriate permissions for the service. If there is already data in this field, it means that a specific user account has been selected for the application services user. The format follows Windows password limitations string.

JSON Parameter with default value

Description

"SERVICE_LOGON_USER": ""

If you want to enable SSPI (Security Support Provider Interface), you should provide a user with appropriate permissions for the service. If there is already data in this field, it means that a specific user account has been selected for the application services user. The default is empty, indicating that it runs with the local user. Local Admin permissions are necessary, and the format follows Windows username limitations.

"SERVICE_LOGON_PASSWORD": ""

If you want to enable SSPI, you should provide the password for a user with appropriate permissions for the service. If there is already data in this field, it means that a specific user account has been selected for the application services user. The format follows Windows password limitations string.

Next step:

After making the necessary changes, return to the Silent Installation to continue the RPA installation.