Order of precedence

Active configuration values are determined using the following order of precedence:

  1. Corporate rule

    For example: an expired license overrides everything else

  2. Command line or system property value (if appropriate for the language you are using)

    For example: -Dcontrast.enable

  3. Environment variables 

    For example: CONTRAST__ENABLE

  4. An application-specific configuration file (.NET Framework and .NET Core only)

    For example: web.config

  5. Configuration values in a YAML file are pulled from the first file found in the following order:

    1. A YAML file indicated by the user

      For example:

      Note

      For Java, if both the system property and the environment variable are set, the system property takes precedence. If neither are set, the agent looks for the YAML configuration file in the default location.

    2. A contrast_security.yaml file in the current working directory (all agents except Java)

      For example: ./contrast_security.yaml

    3. A contrast_security.yaml file in the application’s configuration directory (Ruby and Python only)

      For example:

      • Ruby on Rails: ./config/contrast_security.yaml

      • Django: ./settings/contrast_security.yaml

    4. A contrast_security.yaml file in an agent-specific configuration directory. For agents that use a service, use this directory if you need to use separate YAML files for agent and service.

      For example:

      • /etc/contrast/agentname/contrast_security.yaml (where agentname is one of: dotnet, go, java, node, python, ruby, or webserver)

      • %ProgramData%\Contrast\agentname\contrast_security.yaml (where agentname is one of: dotnet, go, java, node, python, ruby, or webserver)

    5. A contrast_security.yaml file within the server's /etc/contrast directory. For agents that use a service, use this directory if you need to share YAML files between agent and service.

      For example:

      • /etc/contrast/contrast_security.yaml

      • %ProgramData%\Contrast\contrast_security.yaml

  6. Values set in the Contrast web interface

    For example: Server mode toggles for Assess and Protect, which map to assess.enable and protect.enable

  7. Default value

In this section: