Local Komiser CLI (Single account)

Komiser now supports multiple cloud accounts by default. Account configuration is done through the config.toml file, just pass in your account Service principal environment variables as seen below.

Data persistence

We’ve also added 2 methods of persisting your account data.

Postgres

Add to config.toml file

[postgres]
uri="postgres://postgres:komiser@localhost:5432/komiser?sslmode=disable"
For Postgres, Komiser anticipates the existence of a role postgres and a database komiser on the local Postgres server.

SQLite

[sqlite]
  file = "komiser.db"

Configuring Credentials

The Azure credentials required to successfully integrate Komiser and Azure can be generated by using a “service principal”. An Azure service principal is an identity created for use with applications, hosted services, and automated tools to access Azure resources.

Once the Komiser service provider is created, we will add the associated environment variables to the config.toml file.

Creating a service principal

First, install the Azure CLI (az).

Then, login with the Azure CLI running:

 az login

Now, create the service principal and give it a name of your choice by running the following command:

export subscriptionId=<YOUR_SUBSCRIPTION_ID>
az account set --subscription $subscriptionId
az provider register --namespace 'Microsoft.Security'

# Create a service-principal for Komiser to use. 
az ad sp create-for-rbac --name komiser-sp --scopes /subscriptions/$subscriptionId --role Reader

WARNING: The output of the az ad sp create-for-rbac command contains sensitive credentials, don’t share the output publically.

Locate the environment variables

Find your environment variables by running:

az ad sp create-for-rbac

The output should look something like this:

{ 
    "appId": "clientId",
    "displayName": "komiser-sp",
    "password": "clientSecret",
    "tenant": "tenantId"
}

Add your Azure environment variables to your configuration file

Copy them from the output of az ad sp create-for-rbac. Check the mapping below for each value.

tenantId is tenant in the JSON.

clientId is appId in the JSON.

clientSecret is password in the JSON.

subscriptionId can be found here.

Copy your credentials as seen down below to integrate your Azure account to Komiser by adding a block to the config.toml file as follows:

[[azure]]
name="Azure-account-name"
tenantId=""
clientId=""
clientSecret=""
subscriptionId=""

[sqlite]
file="komiser.db

The above example integrates a single Azure account to Komiser, if you want to add more accounts you would add additional [[azure]] blocks, adding unique credentials to each block.

Currently, if you want to integrate your Azure account with Komiser’s Azure support (v1), the only option available is to add your sensitive credentials directly in the config.toml file. While this is a viable solution for testing and development environments, we recognize that it’s not a production-ready solution, and we’re actively working on delivering more secure and scalable authentication options in future updates.

Once you have added the environment variables to the configuration file, in the same directory, run the command:

komiser start

Point your browser to http://localhost:3000

Local Komiser CLI (Multiple accounts)

Simply add more authentication blocks to the configuration file

[[azure]]
name="Azure-account-name"
tenantId=""
clientId=""
clientSecret=""
subscriptionId=""

[[azure]]
name="Azure-account-name2"
tenantId=""
clientId=""
clientSecret=""
subscriptionId=""

[[azure]]
name="Azure-account-name3"
tenantId=""
clientId=""
clientSecret=""
subscriptionId=""

[sqlite]
file="komiser.db
Amazon Web ServicesCivo