SeaLights Agent Token Security

The SeaLights Java Agent requires a valid SeaLights Agent token for authorization. This agent token can be passed as a string (using --token), in a text file (using --tokenfile) or as an environment variable.

Recommended Approach

We recommend storing sensitive data like your SeaLights Agent Token using secure Secrets in your pipeline.

An alternative/supplemental approach is described below.

Use Case: Encode a SL Agent Token for use with the SeaLights Java Agent

Background: The SeaLights Java Agent requires an Agent Token for authorization. In environments where using secure Secrets is not an option (or in the case that you wish to encode your token, in addition to storing it as a secret), the SeaLights Java agents and build plugins support the use of encoded token values.

Parameter: -encodeToken *See example below

Scope: The SeaLights Build Scanner can be used to generate an encoded version of your Agent Token.

Since:

• Java Agent: 4.0.2621

• Maven Plugin: 4.0.1135

• Gradle Plugin: 4.0.985

How to Encode a SeaLights Agent Token

Use the SeaLights Build Scanner to encode your SeaLights Agent Token

1. as a string:

   java -jar sl-build-scanner.jar -encodeToken -tokenfile sltoken.txt -outputfile encoded.txt

2. as a file

   java -jar sl-build-scanner.jar -encodeToken -token <token-value-to-encode> -outputfile encoded.txt

The encoded token will be saved in the specified output file (e.g., encoded.txt).

How to use an Encoded Token

The encoded SeaLights Agent Token can be used in the same way as the token you download from the SeaLights settings page.

The encoded value can be passed using either the token or tokenfile arguments.