Skip to main content

Order of precedence

Active configuration values are determined using the following order of precedence:

  1. An expired license or exceeding a license quota disables all agent behavior regardless of configuration.

  2. Command line or system property value (if appropriate for the language you are using).

    For example: -Dcontrast.enable

  3. Environment variables

    For example: CONTRAST__ENABLE

  4. An application-specific configuration file (.NET Framework only).

    For example: web.config

  5. Configuration values in a YAML file are pulled from the first file found in the following order:

    1. A YAML file indicated by the user

      For example:

    2. A contrast_security.yaml file in the current working directory (all agents except Java)

      For example: ./contrast_security.yaml

    3. A contrast_security.yaml file in the application’s configuration directory (Ruby and Python only)

      For example:

      • Ruby on Rails: ./config/contrast_security.yaml

      • Django: ./settings/contrast_security.yaml

    4. A contrast_security.yaml file in an agent-specific configuration directory. For agents that use a service, use this directory if you need to use separate YAML files for agent and service.

      For example:

      • /etc/contrast/agentname/contrast_security.yaml (where agentname is one of: dotnet, go, java, node, python, ruby, or webserver)

      • %ProgramData%\Contrast\agentname\contrast_security.yaml (where agentname is one of: dotnet, dotnet-core, java, node, python, ruby, or webserver)

    5. A contrast_security.yaml file within the server's /etc/contrast directory (all agents except .NET Framework, and .NET Core). For agents that use a service, use this directory if you need to share YAML files between agent and service.

      For example:

      • /etc/contrast/contrast_security.yaml

      • %ProgramData%\Contrast\contrast_security.yaml

  6. Values set in the Contrast web interface.

    For example: Server mode toggles for Assess and Protect, which map to assess.enable and protect.enable

  7. The default value set by Contrast Security.

See also

Additional configuration