Disconnect an open-appsec agent from Central Management

When working with open-appsec, there are two management systems: Declarative Management and Central Management. Depending on your setup, the steps to disconnect an agent may vary.

Agents can be deleted from central management using the Delete button, please note that while the agent won't be displayed in the Web UI it won't be uninstall.

Disconnecting from Central Management

The recommended and safest way to disconnect an agent from Central Management is to uninstall it and then redeploy. This ensures a clean disconnection and avoids potential issues.

However, if you need to disconnect the agent quickly and temporarily, follow these steps based on your environment.

Linux:

Currently, manual disconnection is not available. To disconnect, you must uninstall and reinstall the agent:

./open-appsec-install --uninstall
./open-appsec-install --auto

Docker:

Remove the AGENT_TOKEN Environment Variable

The agent authenticates with Central Management using the AGENT_TOKEN. To disconnect, remove it from your Docker configuration.

Modify your Docker command or Docker Compose file to exclude the AGENT_TOKEN:

  • Modify the Docker Command or Docker Compose File: Edit your Docker configuration by removing the AGENT_TOKEN environment variable,

    environment:
      - AGENT_TOKEN=

  • Remove the presistance folders: Delete the following persistent storage mounts to clear cached configuration and data:

${APPSEC_CONFIG}:/etc/cp/conf - 
${APPSEC_DATA}:/etc/cp/data - 
${APPSEC_LOGS}:/var/log/nano_agent
  • Ensure the Correct Policy Setup

    • If you are using Declarative Management, ensure that the local policy file is still mounted to /ext/appsec.

    • If you were using Central Management, you will need to add a local policy before restarting.

  • Restart the Agent: After making the change, restart the agent to apply the update:

    docker-compose up -d

Kubernetes:

  1. Uninstall the deployment.

helm list -n <namespace>
helm uninstall <release-name> -n <namespace>
  1. Verify that no persistent volumes remain.

  2. Redeploy, usimng instrcions bellow:

Start With Kubernetes

Last updated

Was this helpful?