On-premise agent
How to run the Moderne on-premise agent
The Moderne on-premise agent securely connects the Moderne SaaS to customers' environments. It's delivered as an OCI image and can be run using any OCI runtime (e.g., Docker, Podman).
The purpose of the Moderne on-premise agent is to encrypt and ship AST artifacts from artifact repositories (e.g., Artifactory) to the Moderne SaaS, provide the symmetric key to be used for decryption, and forward requests from the Moderne SaaS to your version control system (e.g., Github).

Getting Started

Basic Usage

Run the agent container

The Moderne on-premise agent is available as an OCI image or as a spring-boot executable jar artifact. Contact Moderne to obtain access. Moderne will provide access details appropriate for your chosen platform. In example commands below we will refer to this as ${MODERNE_AGENT_IMAGE_NAME}. The latest one will be displayed in the "Agent" section of the releases page.
OCI Container
Executable JAR
The agent container requires several environment variables:
  • MODERNE_AGENT_API_GATEWAY_RSOCKET_URI - URI used to connect to the Moderne API, provided by Moderne
  • MODERNE_AGENT_TOKEN - Moderne SaaS agent connection token, provided by Moderne
  • MODERNE_AGENT_CRYPTO_SYMMETRICKEY - 256 bit AES encryption key, hex encoded
    • example OpenSSL command to generate: openssl enc -aes-256-cbc -k secret -P (use key from the output)
  • MODERNE_AGENT_ARTIFACTORY_URL - Artifactory URL
  • MODERNE_AGENT_ARTIFACTORY_USERNAME - username used to connect to Artifactory, requires permission to run AQL queries
  • MODERNE_AGENT_ARTIFACTORY_PASSWORD - password used to connect to Artifactory
  • MODERNE_AGENT_ARTIFACTORY_ASTSQUERY - AQL query fragment used to select AST artifacts to send to Moderne
Example using Docker (note that agent token and symmetric key are random examples)
1
docker run \
2
-e MODERNE_AGENT_API_GATEWAY_RSOCKET_URI=https://api.tenant.moderne.io/rsocket \
3
-e MODERNE_AGENT_TOKEN=W43qp4h952T4w2qV \
4
-e MODERNE_AGENT_CRYPTO_SYMMETRICKEY=546A576E5A7234753778217A25432A462D4A614E645267556B58703273357638 \
5
-e MODERNE_AGENT_ARTIFACTORY_URL=https://myartifactory.example.com/artifactory/ \
6
-e MODERNE_AGENT_ARTIFACTORY_USERNAME=admin \
7
-e MODERNE_AGENT_ARTIFACTORY_PASSWORD=password \
8
-e MODERNE_AGENT_ARTIFACTORY_ASTSQUERY='{"repo":{"$eq":"example-maven"},"name":{"$match":"*-ast.jar"}}' \
9
${MODERNE_AGENT_IMAGE_NAME}
Copied!
The agent application requires several arguments:
  • --moderne.agent.api-gateway-rsocket-uri - URI used to connect to the Moderne API, provided by Moderne
  • --moderne.agent.token - Moderne SaaS agent connection token, provided by Moderne
  • --moderne.agent.crypto.symmetricKey - 256 bit AES encryption key, hex encoded
    • example openssl command to generate: openssl enc -aes-256-cbc -k secret -P (use key from the output)
  • --moderne.agent.artifactory.url - Artifactory URL
  • --moderne.agent.artifactory.username - username used to connect to Artifactory, requires permission to run AQL queries
  • --moderne.agent.artifactory.password - password used to connect to Artifactory
  • --moderne.agent.artifactory.astsQuery - AQL query fragment used to select AST artifacts to send to Moderne
Note: system properties can be used in place of arguments. As an example, use -Dmoderne.agent.token={token_value} as an argument instead of --moderne.agent.token={token_value} as an argument.
Example (note that agent token and symmetric key are random examples)
1
java -jar moderne-agent-{version}.jar \
2
--moderne.agent.api-gateway-roscket-uri==https://api.tenant.moderne.io/rsocket \
3
--moderne.agent.token=W43qp4h952T4w2qV \
4
--moderne.agent.crypto.symmetricKey=546A576E5A7234753778217A25432A462D4A614E645267556B58703273357638 \
5
--moderne.agent.artifactory.url=https://myartifactory.example.com/artifactory/ \
6
--moderne.agent.artifactory.username=admin \
7
--moderne.agent.artifactory.password==password \
8
--moderne.agent.artifactory.astsQuery='{"repo":{"$eq":"example-maven"},"name":{"$match":"*-ast.jar"}}'
Copied!

Upgrading Agent Version

OCI Container
Executable JAR
To upgrade your version of the OCI container, just follow the instructions above, but change ${MODERNE_AGENT_IMAGE_NAME} to the latest release of Agent on the releases page.
To update your version of the Executable JAR, change the numbered version of {agent} in the instructions above to the latest on the releases page.

Advanced Usage

Hashicorp Vault

The Moderne agent optionally fetches secret configuration from Vault. It reads from a KV secret engine named "secret", and reads secret keys at path "moderne-agent". To configure the secret key/value pairs, follow the following procedure:
  1. 1.
    In the Vault management web application, go to Secrets. If there's not already a KV engine named "secret", create it.
  2. 2.
    In the "secret" KV secrets engine, create a new secret using "moderne-agent" as the "Path for this secret".
  3. 3.
    Add the following keys to the moderne-agent secret:
    • moderne.agent.token - Moderne SaaS agent connection token, provided by Moderne
    • moderne.agent.crypto.symmetricKey - 256 bit AES encryption key, hex encoded
    • moderne.agent.artifactory.password - Artifactory user password
OCI Container
Executable JAR
To enable vault integration in the agent, omit environment variables that match keys specified in vault, and specify the following additional environment variables for the agent container:
  • SPRING_PROFILES_ACTIVE - vault
  • SPRING_CLOUD_VAULT_URI - Vault URI used to retrieve the secret configuration properties below
  • SPRING_CLOUD_VAULT_TOKEN - Vault authentication token
To enable vault integration in the agent, omit arguments that match keys specified in vault, and specify the following additional arguments for the agent application:
  • spring.profiles.active - vault
  • spring.cloud.vault.uri SPRING_CLOUD_VAULT_URI - Vault URI used to retrieve the secret configuration properties below
  • SPRING_CLOUD_VAULT_TOKEN - Vault authentication token