From 2edc3cac110c2cb61c49d25a5eebbe6b7fea41f4 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Tue, 20 Dec 2022 14:08:49 -0500 Subject: [PATCH] Clarify Kratos annotations --- salt/kratos/soc_kratos.yaml | 53 +++++++++++++------------------------ 1 file changed, 19 insertions(+), 34 deletions(-) diff --git a/salt/kratos/soc_kratos.yaml b/salt/kratos/soc_kratos.yaml index e98e7ff67..e26d865fb 100644 --- a/salt/kratos/soc_kratos.yaml +++ b/salt/kratos/soc_kratos.yaml @@ -7,7 +7,7 @@ kratos: helpLink: kratos.html whoami: required_aal: - description: Sets the Authenticator Assurance Level. + description: Sets the Authenticator Assurance Level. Leave as default to ensure proper security protections remain in place. global: True advanced: True helpLink: kratos.html @@ -15,71 +15,71 @@ kratos: methods: password: enabled: - description: The IP address to bind to. + description: Set to True to enable traditional password authentication. Leave as default to ensure proper security protections remain in place. global: True advanced: True helpLink: kratos.html config: haveibeenpwned_enabled: - description: The IP address to bind to. + description: Set to True to check if a newly chosen password has ever been found in a published list of previously-compromised passwords. Requires outbound Internet connectivity when enabled. global: True advanced: True helpLink: kratos.html totp: enabled: - description: The IP address to bind to. + description: Set to True to enable Time-based One-Time Password (TOTP) MFA authentication. Leave as default to ensure proper security protections remain in place. global: True advanced: True helpLink: kratos.html config: issuer: - description: The IP address to bind to. + description: The name to show in the MFA authenticator app. Useful for differentiating between installations that share the same user email address. global: True advanced: True helpLink: kratos.html flows: settings: ui_url: - description: The IP address to bind to. + description: User accessible URL containing the user self-service profile and security settings. Leave as default to ensure proper operation. global: True advanced: True helpLink: kratos.html required_aal: - description: The IP address to bind to. + description: Sets the Authenticator Assurance Level for accessing user self-service profile and security settings. Leave as default to ensure proper security enforcement remains in place. global: True advanced: True helpLink: kratos.html verification: ui_url: - description: The IP address to bind to. + description: User accessible URL containing the Security Onion login page. Leave as default to ensure proper operation. global: True advanced: True helpLink: kratos.html login: ui_url: - description: The IP address to bind to. + description: User accessible URL containing the Security Onion login page. Leave as default to ensure proper operation. global: True advanced: True helpLink: kratos.html error: ui_url: - description: The IP address to bind to. + description: User accessible URL containing the Security Onion login page. Leave as default to ensure proper operation. global: True advanced: True helpLink: kratos.html registration: ui_url: - description: The IP address to bind to. + description: User accessible URL containing the Security Onion login page. Leave as default to ensure proper operation. global: True advanced: True helpLink: kratos.html default_browser_return_url: - description: The IP address to bind to. + description: Security Onion Console landing page URL. Leave as default to ensure proper operation. global: True advanced: True helpLink: kratos.html allowed_return_urls: - description: The IP address to bind to. + description: Internal redirect URL. Leave as default to ensure proper operation. global: True advanced: True helpLink: kratos.html @@ -94,50 +94,35 @@ kratos: helpLink: kratos.html secrets: default: - description: The IP address to bind to. + description: Secret key used for protecting session cookie data. Generated during installation. global: True + sensitive: True advanced: True helpLink: kratos.html serve: public: base_url: - description: The IP address to bind to. + description: User accessible URL for authenticating to Kratos. Leave as default for proper operation. global: True advanced: True helpLink: kratos.html admin: base_url: - description: The IP address to bind to. + description: User accessible URL for accessing Kratos administration API. Leave as default for proper operation. global: True advanced: True helpLink: kratos.html hashers: bcrypt: cost: - description: The IP address to bind to. + description: Bcrypt hashing algorithm cost. Higher values consume more CPU and take longer to complete. Actual cost is computed as 2^X where X is the value in this setting. global: True advanced: True helpLink: kratos.html - identity: - default_schema_id: - description: The IP address to bind to. - global: True - advanced: True - helpLink: kratos.html - schemas: - description: - global: True - advanced: True - helpLink: kratos.html - url: - description: The IP address to bind to. - global: True - advanced: True - helpLink: kratos.html courier: smtp: connection_uri: - description: The IP address to bind to. + description: SMTPS URL for sending outbound account-related emails. Not utilized with the standard Security Onion installation. global: True advanced: True helpLink: kratos.html