Amster

What is Amster?

Amster is a command-line interface built upon the ForgeRock Access Management REST interface. Use Amster in DevOps processes, such as continuous integration, command-line installations, and scripted cloud deployments.

Amster provides the following features:

  • Remote, scripted deployments. Script AM deployments by using the Groovy scripting support within Amster.

    For more information, refer to Scripts and Install AM with Amster.

  • AM configuration import and export. Amster can export all the configuration related to an AM instance, and import it back to the same, or a different instance.

    Note that Amster only manages configuration data. User information in data stores is not imported or exported, or modified in any way.

    For more information, refer to Export configuration data and Import configuration data.

  • Configuration stored in JSON. Amster exports configuration to a hierarchy of JSON format text files on the local filesystem.

    Global defaults and configuration are exported to the global folder, and the configuration for realms is exported into subfolders of the realms folder.

    The following is a simplified example of an exported hierarchy, including the top-level root realm:

    |-- global
    |   |-- ActiveDirectoryModule.json
    |   |-- GlobalScripts
    |   |   |-- 157298c0-7d31-4059-a95b-eeb08473b7e5.json
    |   |   `-- 36863ffb-40ec-48b9-94b1-9a99f71cc3b5.json
    |   |-- HotpModule.json
    |   |-- Realms
    |   |   `-- root.json
    |   |-- Servers
    |   |   `-- 01
    |   |       |-- CtsDataStoreProperties.json
    |   |       |-- SessionProperties.json
    |   |       `-- 01.json
    |   `-- Session.json
    `-- realms
        `-- root
            |-- AmsterModule
            |   `-- amster.json
            |-- AuthenticationChains
            |   |-- amsterService.json
            |   `-- myScriptedChain.json
            |-- DataStoreModule
            |   `-- datastore.json
            |-- ScriptedModule
            |   `-- myScriptedAuthModule.json
            `-- Scripts
                |-- 9de3eb62-f131-4fac-a294-7bd170fd4acb.json
                `-- c827d2b4-3608-4693-868e-bbcf86bd87c7.json

    Store these files in a version control system to manage and maintain AM configurations.

    For a list of the available entities, refer to the Entity reference.

  • Encryption of sensitive data. Amster can encrypt exported passwords and sensitive data in the configuration files that are stored on disk. Only a correctly configured AM instance with the required transport key installed is able to decrypt and import the values.

    For more information, refer to Create transport keys to export configuration data.