Controls configuration on AcraTranslator #

AcraTranslator can be configured from command line using CLI flags (see the whole list), or from a configuration file which should be defined as --config_file <options.yml> .

• Key management

  Telling Acra where the keys are stored, so it can perform crypto-related things.

  The main key, “Acra Master Key” is read from ACRA_MASTER_KEY environment var, but can also be fetched from HashiCorp Vault or other KMS.

  Then, there are client-specific keys, AcraTranslator can read them from filesystem (--keys_dir) or from Redis (--redis_* flags).

• Audit logging

  Ensuring that log produced by AcraTranslator itself is not altered/corrupted/truncated in any way.

  Enabled with --audit_log_enable. Requires additional preparation. Produced logs should be checked with acra-log-verifier.

• Transport security

  Configuring secure connection between AcraTranslator and clients.

  You can use TLS. For TLS, there are a plenty of --tls_* options. Also, make sure you know what client ID is as it’s something Acra-related, not a part of TLS or SQL. There are multiple ways of specifying client ID, including TLS certificate metadata, or simply passing it in RPC requests.