flosumhub/agent
This repository has Docker image for Flosum Agent services.
10K+
Flosum Agent is a lightweight application designed to facilitate data transfer between your organization's data center and the Salesforce data center. This tool can be conveniently installed on-premise, whether within your organizational infrastructure or inside a customer-controlled DMZ (Demilitarized Zone). Flosum Agent is connected to the Salesforce data center and is also tied to the third-party applications used by the customers. Flosum Agent provides application-to-application authentication between the Flosum org and Flosum Agent, which can be further secured using certificate pinning. Certificates are exchanged between the Flosum Agent and the Flosum org, ensuring a secure data transfer between the Salesforce data center and on-premise applications. It's also important to note that all data transfers occur via the HTTPS protocol, guaranteeing encryption and thus solidifying the integrity of your data during transfers.
Flosum runs the Agent application using a Docker Compose file. Flosum also supports Docker secrets. As an alternative to passing sensitive information via environment variables, __FILE is prefixed to some environment variables, causing the initialization script to load the values for those variables from files present in the container. This requires making minor changes in the Docker Compose file. It is important to note that you don't need to obtain a license for Docker. Flosum will provide clients with the DockerHub details, allowing them to pull the images locally.
Use the following command to run the Docker Compose file:
sudo docker stack deploy -c <docker compose file name> --with-registry-auth <stack name>
Note: During the Agent installation, if any issues arise, the Flosum team will need certain information to resolve them. If the customer can share the tool they use for scanning the Docker image, it would be helpful, especially if there are problems with the image scan. Knowing this tool can assist the Flosum team in fixing the issue.
version: '3.8'
services:
node:
image: flosum/agent-node:4.x.x
environment:
NODE_ENV: production
SALESFORCE_TOKEN: xxxxxxxxxxxxxxxxxxxx
SMTP_HOST: 'xxxx'
SMTP_PORT: xxxx
SMTP_SECURE: false
SMTP_TRACK_OPENINGS: false
SMTP_FROM: 'sender@email.com'
SMTP_AUTH_TYPE: 'login'
SMTP_AUTH_USER: 'username'
SMTP_AUTH_PASSWORD: 'password'
volumes:
- <path to store agent data>:/home/node/data
version: '3.8'
services:
node:
image: flosum/agent-node:4.x.x
environment:
NODE_ENV: production
SMTP_HOST: 'xxxx'
SMTP_PORT: xxxx
SMTP_SECURE: false
SMTP_TRACK_OPENINGS: false
SMTP_FROM: 'sender@email.com'
SMTP_AUTH_TYPE: 'login'
SMTP_AUTH_USER: 'username'
SMTP_AUTH_PASSWORD: 'password'
SALESFORCE_TOKEN_FILE: /run/secrets/salesforce_token
secrets:
- salesforce_token
secrets:
salesforce_token:
external: true
Flosum keeps all the required authentication details for establishing connections with the Agent, Azure DevOps Git repository, and Azure DevOps Boards. The process of authorization is performed via an integration user. To ensure maximum security, no passwords are retained in Flosum; only tokens are stored in Flosum.
Flosum uses a connected app framework to generate SALESFORCE_TOKEN that enables an external application to integrate with Salesforce using APIs. The standard protocol, or method, we use for this is OAuth Connect. The connected app within your current organization generates a string that contains refresh_token, client_secret, and client_id (of the type OAuth 2.0). These keys are used to obtain an access token and allow the Agent to access the Salesforce org. A Connected app can be created by going to App Launcher | Flosum | Settings | Orgs | Connected App.
Keeping you updated with the status of your Flosum/Git commit activities is important to give you confidence in knowing whether your tasks are being completed or are running into issues that need to be addressed. Currently, you will receive email notifications upon initial synchronization and if your syncs and commits complete or fail. This works for both Git to Flosum and Flosum to Git commits.
Notifications for initial synchronization and Flosum to Git commits are sent to the email associated with the user who launched the processes. Notifications for a Git to Flosum commit use the email associated with the webhook of the connected Git Service, for example, the email of a user authorized in Git.
In the current implementation, email notifications will be sent for initial synchronization, commits from Git to Flosum and from Flosum to Git. For initial synchronization and Flosum to Git commits, the email of the user who launched these processes will be used. For a Git to Flosum commit, the email will be taken from the webhook of the connected Git service, i.e. it will be the email of a user authorized in Git.
docker pull flosumhub/agent