Security Baseline Guidelines

Securing your Eggplant Generator installation involves implementing best practices at both the infrastructure and application levels. This guide provides security recommendations to help you deploy and maintain a secure Eggplant Generator environment.

note

While threats to security are an ever-evolving challenge, this page provides considerations and information about methods you can use to help secure your Eggplant Generator installation.

User Access and Authentication

Manage Users with Keycloak

Eggplant Generator uses Keycloak to manage user access and authentication. Keycloak is a secure system that handles user login and access control.

Assign User Roles

Eggplant Generator has two main user roles:

• User (generator:user) - Can use Eggplant Generator to upload requirements, generate test cases, and view results.
• Admin (generator:admin) - Can do everything a User can do, plus manage other users and system settings.

We recommend that you:

• Assign only the necessary role to each user (User or Admin).
• Limit the number of administrators to only those who need to manage the system.
• Remove user access promptly when someone leaves your organization.

For detailed instructions on setting up Keycloak and managing users, see:

• Install Eggplant IAM - Setup instructions for Eggplant Generator

Use HTTPS with TLS/SSL Certificates

All external communication with Eggplant Generator should be encrypted using HTTPS with TLS/SSL certificates.

We recommend that you:

• Configure TLS certificates on all external-facing endpoints.
• Use certificates from a trusted certificate authority (CA) rather than self-signed certificates for production environments.
• Regularly renew and update your TLS certificates before they expire.
• Use strong TLS versions (1.2 or higher) and disable older, insecure versions.

For Kubernetes deployments, TLS termination is typically handled by an ingress controller. For Docker deployments, configure TLS at the reverse proxy level (e.g., nginx, Traefik).

Secure Infrastructure for Deployment

For Docker deployments, refer to the Docker Deployment Guide for secure configuration recommendations.

For Kubernetes deployments, refer to the Kubernetes Deployment Guide section below.

Data Protection

Protect Database Access

Eggplant Generator stores all application data, including requirements, generated test cases, and metadata, in a PostgreSQL database.

We recommend that you:

• Use strong, randomly generated passwords for all database accounts.
• Restrict network access to the PostgreSQL database to the application components only.
• Store database credentials securely using:
  • Docker: Store in environment variables passed securely (not in plain text).
  • Kubernetes: Use Kubernetes Secrets to manage database credentials.
• Regularly back up your database and test restore procedures.

Manage Database Backups Securely

We recommend that you:

• Store database backups in a separate, secure location from the production database.
• Test restore procedures regularly to ensure backup integrity.
• Implement access controls on backup storage to restrict who can access backups.
• Maintain an audit log of backup creation, access, and restoration events.
• Follow the Start and Stop Services Guide for proper backup procedures during maintenance windows.

Restrict Access to Installation Files and Configuration

We recommend that you:

• Restrict file system access to the Eggplant Generator installation directories to system administrators and authorized operators only.
• Protect configuration files (such as .env) with appropriate file system permissions.
• Regularly review file access logs to detect unauthorized access attempts.

Version Management and Updates

Keep All Components Updated

We recommend that you:

• Regularly update Eggplant Generator to the latest version to receive security patches and improvements.
• Follow Eggplant's Release Notes to understand what security updates are included in each version.
• Keep your operating system and container runtime (Docker/Kubernetes) updated with the latest security patches.
• Regularly update all third-party dependencies and libraries used by Eggplant Generator.
• Subscribe to Eggplant security announcements and advisories to stay informed about vulnerabilities.
• Test updates in a staging environment before applying them to production.
• Establish a change management process for applying updates:
  • Document all updates applied to the system
  • Obtain approval before applying updates to production
  • Schedule updates during maintenance windows
  • Conduct post-update testing to ensure functionality

Version Update Strategy

Consider the following when planning updates:

• Plan for 1-2 week testing cycles in staging environments before production deployment
• Consider your organization's risk tolerance when deciding between early adoption and proven stable releases
• Maintain at least one previous version in a test environment for quick rollback if needed
• Document all custom configurations and extensions that need to be re-applied after updates
• Maintain detailed update logs including dates, versions, and test results
• Have a rollback plan in case an update causes problems

Use Supported Versions

We recommend that you:

• Run Eggplant Generator only on supported versions of Docker and Kubernetes.
• Ensure your operating system is a recent, supported version.
• Avoid running unsupported or end-of-life versions of components, as they may not receive security updates.
• Check the Prerequisites page regularly for supported versions.
• Plan upgrade timelines well in advance when support for your current version is approaching end-of-life.
• Define a maximum age for any component in your deployment (e.g., no older than 2 years).

Container and Orchestration Security

For Docker Deployments

If you're running Eggplant Generator in Docker containers, we recommend that you:

• Use official, trusted container images.
• Scan container images regularly for security vulnerabilities.
• Run containers with limited privileges (non-root when possible).
• Set limits on how much memory and CPU each container can use to prevent one container from consuming all resources.
• Keep Docker updated with the latest security patches.

For detailed deployment instructions, see Docker Deployment Guide.

For Kubernetes Deployments

If you're running Eggplant Generator on Kubernetes, we recommend that you:

• Use Kubernetes security features to control who can access your cluster.
• Set up network rules to restrict communication between containers/pods.
• Store sensitive data (passwords, API keys) using Kubernetes Secrets.
• Enable logging for all administrative actions.
• Keep Kubernetes updated with the latest security patches.
• Regularly scan container images for vulnerabilities before deploying.
• Set resource limits to prevent any single pod from consuming all resources.

For detailed deployment instructions, see Kubernetes Deployment Guide.

Getting Help

If you have security-related questions or concerns about your Eggplant Generator deployment, contact Eggplant Support.

For general security guidance and best practices:

• Review the Getting Started Guide for initial setup recommendations.
• Refer to the Installation Overview for deployment considerations.
• See Install Eggplant IAM for authentication setup.
• Check the Prerequisites for supported versions and requirements.

Additional Resources

Eggplant Resources

• Eggplant Support Portal
• Eggplant Documentation Library

---

Last updated: February 12, 2026

This document should be reviewed and updated quarterly or whenever there are significant changes to your Eggplant Generator deployment or your organization's security requirements.