From 5fdd5b1eac66709c5fba401da314f608c1c67d21 Mon Sep 17 00:00:00 2001
From: bkaiserinfosec <49665796+bkaiserinfosec@users.noreply.github.com>
Date: Tue, 12 Mar 2024 18:45:36 -0700
Subject: [PATCH 01/14] Update security_quality_gate.py

---
 src/vr/api/vulns/security_quality_gate.py | 128 +++++++++++-----------
 1 file changed, 64 insertions(+), 64 deletions(-)

diff --git a/src/vr/api/vulns/security_quality_gate.py b/src/vr/api/vulns/security_quality_gate.py
index 930c2a1b..b00c1b1e 100644
--- a/src/vr/api/vulns/security_quality_gate.py
+++ b/src/vr/api/vulns/security_quality_gate.py
@@ -51,38 +51,38 @@ def _add_sg_config_settings(config, job_id, app_id):
     job = SgConfigSettingsPerJob(
         AppID=app_id,
         PipelineJobID = job_id,
-        ThreshScaLow = config['thresholds']['sca']['low'],
-        ThreshScaMedium = config['thresholds']['sca']['medium'],
-        ThreshScaHigh = config['thresholds']['sca']['high'],
-        ThreshScaCritical = config['thresholds']['sca']['critical'],
-        ThreshContainerLow = config['thresholds']['container']['low'],
-        ThreshContainerMedium = config['thresholds']['container']['medium'],
-        ThreshContainerHigh = config['thresholds']['container']['high'],
-        ThreshContainerCritical = config['thresholds']['container']['critical'],
-        ThreshDastLow = config['thresholds']['dast']['low'],
-        ThreshDastMedium = config['thresholds']['dast']['medium'],
-        ThreshDastHigh = config['thresholds']['dast']['high'],
-        ThreshDastCritical = config['thresholds']['dast']['critical'],
-        ThreshDastApiLow = config['thresholds']['dastapi']['low'],
-        ThreshDastApiMedium = config['thresholds']['dastapi']['medium'],
-        ThreshDastApiHigh = config['thresholds']['dastapi']['high'],
-        ThreshDastApiCritical = config['thresholds']['dastapi']['critical'],
-        ThreshInfrastructureLow = config['thresholds']['infrastructure']['low'],
-        ThreshInfrastructureMedium = config['thresholds']['infrastructure']['medium'],
-        ThreshInfrastructureHigh = config['thresholds']['infrastructure']['high'],
-        ThreshInfrastructureCritical = config['thresholds']['infrastructure']['critical'],
-        ThreshSastLow = config['thresholds']['sast']['low'],
-        ThreshSastMedium = config['thresholds']['sast']['medium'],
-        ThreshSastHigh = config['thresholds']['sast']['high'],
-        ThreshSastCritical = config['thresholds']['sast']['critical'],
-        ThreshIacLow = config['thresholds']['iac']['low'],
-        ThreshIacMedium = config['thresholds']['iac']['medium'],
-        ThreshIacHigh = config['thresholds']['iac']['high'],
-        ThreshIacCritical = config['thresholds']['iac']['critical'],
-        ThreshSecretsLow = config['thresholds']['secret']['low'],
-        ThreshSecretsMedium = config['thresholds']['secret']['medium'],
-        ThreshSecretsHigh = config['thresholds']['secret']['high'],
-        ThreshSecretsCritical = config['thresholds']['secret']['critical'],
+        ThreshScaLow = config['sca']['low'],
+        ThreshScaMedium = config['sca']['medium'],
+        ThreshScaHigh = config['sca']['high'],
+        ThreshScaCritical = config['sca']['critical'],
+        ThreshContainerLow = config['container']['low'],
+        ThreshContainerMedium = config['container']['medium'],
+        ThreshContainerHigh = config['container']['high'],
+        ThreshContainerCritical = config['container']['critical'],
+        ThreshDastLow = config['dast']['low'],
+        ThreshDastMedium = config['dast']['medium'],
+        ThreshDastHigh = config['dast']['high'],
+        ThreshDastCritical = config['dast']['critical'],
+        ThreshDastApiLow = config['dastapi']['low'],
+        ThreshDastApiMedium = config['dastapi']['medium'],
+        ThreshDastApiHigh = config['dastapi']['high'],
+        ThreshDastApiCritical = config['dastapi']['critical'],
+        ThreshInfrastructureLow = config['infrastructure']['low'],
+        ThreshInfrastructureMedium = config['infrastructure']['medium'],
+        ThreshInfrastructureHigh = config['infrastructure']['high'],
+        ThreshInfrastructureCritical = config['infrastructure']['critical'],
+        ThreshSastLow = config['sast']['low'],
+        ThreshSastMedium = config['sast']['medium'],
+        ThreshSastHigh = config['sast']['high'],
+        ThreshSastCritical = config['sast']['critical'],
+        ThreshIacLow = config['iac']['low'],
+        ThreshIacMedium = config['iac']['medium'],
+        ThreshIacHigh = config['iac']['high'],
+        ThreshIacCritical = config['iac']['critical'],
+        ThreshSecretsLow = config['secret']['low'],
+        ThreshSecretsMedium = config['secret']['medium'],
+        ThreshSecretsHigh = config['secret']['high'],
+        ThreshSecretsCritical = config['secret']['critical'],
     )
     db.session.add(job)
     db_connection_handler(db)
@@ -92,38 +92,38 @@ def _add_sg_results(results, job_id, app_id):
     job = SgResultsPerJob(
         AppID=app_id,
         PipelineJobID=job_id,
-        ResultScaLow=results['report']['sca']['low'],
-        ResultScaMedium=results['report']['sca']['medium'],
-        ResultScaHigh=results['report']['sca']['high'],
-        ResultScaCritical=results['report']['sca']['critical'],
-        ResultContainerLow=results['report']['container']['low'],
-        ResultContainerMedium=results['report']['container']['medium'],
-        ResultContainerHigh=results['report']['container']['high'],
-        ResultContainerCritical=results['report']['container']['critical'],
-        ResultDastLow=results['report']['dast']['low'],
-        ResultDastMedium=results['report']['dast']['medium'],
-        ResultDastHigh=results['report']['dast']['high'],
-        ResultDastCritical=results['report']['dast']['critical'],
-        ResultDastApiLow=results['report']['dastapi']['low'],
-        ResultDastApiMedium=results['report']['dastapi']['medium'],
-        ResultDastApiHigh=results['report']['dastapi']['high'],
-        ResultDastApiCritical=results['report']['dastapi']['critical'],
-        ResultInfrastructureLow=results['report']['infrastructure']['low'],
-        ResultInfrastructureMedium=results['report']['infrastructure']['medium'],
-        ResultInfrastructureHigh=results['report']['infrastructure']['high'],
-        ResultInfrastructureCritical=results['report']['infrastructure']['critical'],
-        ResultSastLow=results['report']['sast']['low'],
-        ResultSastMedium=results['report']['sast']['medium'],
-        ResultSastHigh=results['report']['sast']['high'],
-        ResultSastCritical=results['report']['sast']['critical'],
-        ResultIacLow=results['report']['iac']['low'],
-        ResultIacMedium=results['report']['iac']['medium'],
-        ResultIacHigh=results['report']['iac']['high'],
-        ResultIacCritical=results['report']['iac']['critical'],
-        ResultSecretsLow=results['report']['secret']['low'],
-        ResultSecretsMedium=results['report']['secret']['medium'],
-        ResultSecretsHigh=results['report']['secret']['high'],
-        ResultSecretsCritical=results['report']['secret']['critical'],
+        ResultScaLow=results['sca']['low'],
+        ResultScaMedium=results['sca']['medium'],
+        ResultScaHigh=results['sca']['high'],
+        ResultScaCritical=results['sca']['critical'],
+        ResultContainerLow=results['container']['low'],
+        ResultContainerMedium=results['container']['medium'],
+        ResultContainerHigh=results['container']['high'],
+        ResultContainerCritical=results['container']['critical'],
+        ResultDastLow=results['dast']['low'],
+        ResultDastMedium=results['dast']['medium'],
+        ResultDastHigh=results['dast']['high'],
+        ResultDastCritical=results['dast']['critical'],
+        ResultDastApiLow=results['dastapi']['low'],
+        ResultDastApiMedium=results['dastapi']['medium'],
+        ResultDastApiHigh=results['dastapi']['high'],
+        ResultDastApiCritical=results['dastapi']['critical'],
+        ResultInfrastructureLow=results['infrastructure']['low'],
+        ResultInfrastructureMedium=results['infrastructure']['medium'],
+        ResultInfrastructureHigh=results['infrastructure']['high'],
+        ResultInfrastructureCritical=results['infrastructure']['critical'],
+        ResultSastLow=results['sast']['low'],
+        ResultSastMedium=results['sast']['medium'],
+        ResultSastHigh=results['sast']['high'],
+        ResultSastCritical=results['sast']['critical'],
+        ResultIacLow=results['iac']['low'],
+        ResultIacMedium=results['iac']['medium'],
+        ResultIacHigh=results['iac']['high'],
+        ResultIacCritical=results['iac']['critical'],
+        ResultSecretsLow=results['secret']['low'],
+        ResultSecretsMedium=results['secret']['medium'],
+        ResultSecretsHigh=results['secret']['high'],
+        ResultSecretsCritical=results['secret']['critical'],
     )
     db.session.add(job)
     db_connection_handler(db)

From 1a5e69ee64ab912c8ef32fd599938bac3dd7ef7e Mon Sep 17 00:00:00 2001
From: bkaiserinfosec <49665796+bkaiserinfosec@users.noreply.github.com>
Date: Tue, 12 Mar 2024 19:34:30 -0700
Subject: [PATCH 02/14] Update Jenkinsfile

---
 Jenkinsfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Jenkinsfile b/Jenkinsfile
index bac83770..f45ebce2 100644
--- a/Jenkinsfile
+++ b/Jenkinsfile
@@ -21,7 +21,7 @@ pipeline {
                     env.GLOBAL_BRANCH_LIST = config.global.defaultBranches.join(',')
                     env.CURRENT_STAGE_BRANCH_LIST = ""
 
-                    jslStageWrapper.initReport()
+                    jslStageWrapper.initReport(config)
 
                 }
             }

From 12cbbd2e263570bd76cfae4692eac374d6c432c1 Mon Sep 17 00:00:00 2001
From: bkaiserinfosec <49665796+bkaiserinfosec@users.noreply.github.com>
Date: Tue, 12 Mar 2024 20:16:37 -0700
Subject: [PATCH 03/14] Update security_quality_gate.py

---
 src/vr/api/vulns/security_quality_gate.py | 64 +++++++++++------------
 1 file changed, 32 insertions(+), 32 deletions(-)

diff --git a/src/vr/api/vulns/security_quality_gate.py b/src/vr/api/vulns/security_quality_gate.py
index b00c1b1e..29c4191a 100644
--- a/src/vr/api/vulns/security_quality_gate.py
+++ b/src/vr/api/vulns/security_quality_gate.py
@@ -51,38 +51,38 @@ def _add_sg_config_settings(config, job_id, app_id):
     job = SgConfigSettingsPerJob(
         AppID=app_id,
         PipelineJobID = job_id,
-        ThreshScaLow = config['sca']['low'],
-        ThreshScaMedium = config['sca']['medium'],
-        ThreshScaHigh = config['sca']['high'],
-        ThreshScaCritical = config['sca']['critical'],
-        ThreshContainerLow = config['container']['low'],
-        ThreshContainerMedium = config['container']['medium'],
-        ThreshContainerHigh = config['container']['high'],
-        ThreshContainerCritical = config['container']['critical'],
-        ThreshDastLow = config['dast']['low'],
-        ThreshDastMedium = config['dast']['medium'],
-        ThreshDastHigh = config['dast']['high'],
-        ThreshDastCritical = config['dast']['critical'],
-        ThreshDastApiLow = config['dastapi']['low'],
-        ThreshDastApiMedium = config['dastapi']['medium'],
-        ThreshDastApiHigh = config['dastapi']['high'],
-        ThreshDastApiCritical = config['dastapi']['critical'],
-        ThreshInfrastructureLow = config['infrastructure']['low'],
-        ThreshInfrastructureMedium = config['infrastructure']['medium'],
-        ThreshInfrastructureHigh = config['infrastructure']['high'],
-        ThreshInfrastructureCritical = config['infrastructure']['critical'],
-        ThreshSastLow = config['sast']['low'],
-        ThreshSastMedium = config['sast']['medium'],
-        ThreshSastHigh = config['sast']['high'],
-        ThreshSastCritical = config['sast']['critical'],
-        ThreshIacLow = config['iac']['low'],
-        ThreshIacMedium = config['iac']['medium'],
-        ThreshIacHigh = config['iac']['high'],
-        ThreshIacCritical = config['iac']['critical'],
-        ThreshSecretsLow = config['secret']['low'],
-        ThreshSecretsMedium = config['secret']['medium'],
-        ThreshSecretsHigh = config['secret']['high'],
-        ThreshSecretsCritical = config['secret']['critical'],
+        ThreshScaLow = config['sca']['low'] if 'low' in 'sca' else '',
+        ThreshScaMedium = config['sca']['medium'] if 'medium' in 'sca' else '',
+        ThreshScaHigh = config['sca']['high'] if 'high' in 'sca' else '',
+        ThreshScaCritical = config['sca']['critical'] if 'critical' in 'sca' else '',
+        ThreshContainerLow = config['container']['low'] if 'low' in 'container' else '',
+        ThreshContainerMedium = config['container']['medium'] if 'medium' in 'container' else '',
+        ThreshContainerHigh = config['container']['high'] if 'high' in 'container' else '',
+        ThreshContainerCritical = config['container']['critical'] if 'critical' in 'container' else '',
+        ThreshDastLow = config['dast']['low'] if 'low' in 'dast' else '',
+        ThreshDastMedium = config['dast']['medium'] if 'medium' in 'dast' else '',
+        ThreshDastHigh = config['dast']['high'] if 'high' in 'dast' else '',
+        ThreshDastCritical = config['dast']['critical'] if 'critical' in 'dast' else '',
+        ThreshDastApiLow = config['dastapi']['low'] if 'low' in 'dastapi' else '',
+        ThreshDastApiMedium = config['dastapi']['medium'] if 'medium' in 'dastapi' else '',
+        ThreshDastApiHigh = config['dastapi']['high'] if 'high' in 'dastapi' else '',
+        ThreshDastApiCritical = config['dastapi']['critical'] if 'critical' in 'dastapi' else '',
+        ThreshInfrastructureLow = config['infrastructure']['low'] if 'low' in 'infrastructure' else '',
+        ThreshInfrastructureMedium = config['infrastructure']['medium'] if 'medium' in 'infrastructure' else '',
+        ThreshInfrastructureHigh = config['infrastructure']['high'] if 'high' in 'infrastructure' else '',
+        ThreshInfrastructureCritical = config['infrastructure']['critical'] if 'critical' in 'infrastructure' else '',
+        ThreshSastLow = config['sast']['low'] if 'low' in 'sast' else '',
+        ThreshSastMedium = config['sast']['medium'] if 'medium' in 'sast' else '',
+        ThreshSastHigh = config['sast']['high'] if 'high' in 'sast' else '',
+        ThreshSastCritical = config['sast']['critical'] if 'critical' in 'sast' else '',
+        ThreshIacLow = config['iac']['low'] if 'low' in 'iac' else '',
+        ThreshIacMedium = config['iac']['medium'] if 'medium' in 'iac' else '',
+        ThreshIacHigh = config['iac']['high'] if 'high' in 'iac' else '',
+        ThreshIacCritical = config['iac']['critical'] if 'critical' in 'iac' else '',
+        ThreshSecretsLow = config['secret']['low'] if 'low' in 'secret' else '',
+        ThreshSecretsMedium = config['secret']['medium'] if 'medium' in 'secret' else '',
+        ThreshSecretsHigh = config['secret']['high'] if 'high' in 'secret' else '',
+        ThreshSecretsCritical = config['secret']['critical'] if 'critical' in 'secret' else '',
     )
     db.session.add(job)
     db_connection_handler(db)

From c5242c921e8af6ec7aee9320f94de9bba4254722 Mon Sep 17 00:00:00 2001
From: bkaiserinfosec <49665796+bkaiserinfosec@users.noreply.github.com>
Date: Sun, 17 Mar 2024 18:13:34 -0700
Subject: [PATCH 04/14] update settings and groups

---
 src/vr/admin/models.py               |  37 ++++
 src/vr/admin/routes/settings.py      | 303 +++++++++++++++++++++++----
 src/vr/db_models/setup.py            |  37 ++++
 src/vr/templates/admin/settings.html | 281 ++++++++++++++++++++++++-
 4 files changed, 615 insertions(+), 43 deletions(-)

diff --git a/src/vr/admin/models.py b/src/vr/admin/models.py
index 1048b3d0..89785772 100644
--- a/src/vr/admin/models.py
+++ b/src/vr/admin/models.py
@@ -416,6 +416,43 @@ class AppConfig(db.Model):
     __tablename__ = 'AppConfig'
     id = db.Column(db.Integer, primary_key=True)
     first_access = db.Column(db.Boolean, nullable=False, default=True)
+    settings_initialized = db.Column(db.Boolean, nullable=False, default=False)
+    APP_EXT_URL = db.Column(db.String(200))
+    AUTH_TYPE = db.Column(db.String(200))
+    AZAD_AUTHORITY = db.Column(db.String(200))
+    AZAD_CLIENT_ID = db.Column(db.String(200))
+    AZAD_CLIENT_SECRET = db.Column(db.String(200))
+    AZURE_KEYVAULT_NAME = db.Column(db.String(200))
+    ENV = db.Column(db.String(200))
+    INSECURE_OAUTH = db.Column(db.String(200))
+    JENKINS_HOST = db.Column(db.String(200))
+    JENKINS_KEY = db.Column(db.String(200))
+    JENKINS_PROJECT = db.Column(db.String(200))
+    JENKINS_STAGING_PROJECT = db.Column(db.String(200))
+    JENKINS_TOKEN = db.Column(db.String(200))
+    JENKINS_USER = db.Column(db.String(200))
+    LDAP_BASE_DN = db.Column(db.String(200))
+    LDAP_BIND_USER_DN = db.Column(db.String(200))
+    LDAP_BIND_USER_PASSWORD = db.Column(db.String(200))
+    LDAP_GROUP_DN = db.Column(db.String(200))
+    LDAP_HOST = db.Column(db.String(200))
+    LDAP_PORT = db.Column(db.String(200))
+    LDAP_USER_DN = db.Column(db.String(200))
+    LDAP_USER_LOGIN_ATTR = db.Column(db.String(200))
+    LDAP_USER_RDN_ATTR = db.Column(db.String(200))
+    PROD_DB_URI = db.Column(db.String(200))
+    SMTP_ADMIN_EMAIL = db.Column(db.String(200))
+    SMTP_HOST = db.Column(db.String(200))
+    SMTP_PASSWORD = db.Column(db.String(200))
+    SMTP_USER = db.Column(db.String(200))
+    SNOW_CLIENT_ID = db.Column(db.String(200))
+    SNOW_CLIENT_SECRET = db.Column(db.String(200))
+    SNOW_INSTANCE_NAME = db.Column(db.String(200))
+    SNOW_PASSWORD = db.Column(db.String(200))
+    SNOW_USERNAME = db.Column(db.String(200))
+    VERSION = db.Column(db.String(200))
+    JENKINS_ENABLED = db.Column(db.String(200))
+    SNOW_ENABLED = db.Column(db.String(200))
 
 
 class SuSiteConfiguration(db.Model):
diff --git a/src/vr/admin/routes/settings.py b/src/vr/admin/routes/settings.py
index c366ce43..a3125e54 100644
--- a/src/vr/admin/routes/settings.py
+++ b/src/vr/admin/routes/settings.py
@@ -1,4 +1,4 @@
-from flask import session, redirect, url_for, render_template
+from flask import session, redirect, url_for, render_template, request
 from flask_login import login_required
 from vr import db, app
 import os
@@ -10,14 +10,18 @@
     AZAD_CLIENT_ID, AZAD_CLIENT_SECRET, AZAD_AUTHORITY, JENKINS_USER, AZURE_KEYVAULT_NAME, INSECURE_OAUTH, \
     JENKINS_HOST, JENKINS_KEY, JENKINS_PROJECT, JENKINS_STAGING_PROJECT, JENKINS_TOKEN, SMTP_ADMIN_EMAIL, \
     SMTP_HOST, SMTP_PASSWORD, SMTP_USER, SNOW_CLIENT_ID, SNOW_CLIENT_SECRET, SNOW_INSTANCE_NAME, SNOW_PASSWORD, \
-    SNOW_USERNAME, VERSION
+    SNOW_USERNAME, VERSION, JENKINS_ENABLED, SNOW_ENABLED
 from flask_sqlalchemy import SQLAlchemy
+from vr.admin.models import AppConfig
+from vr.admin.functions import db_connection_handler
+from sqlalchemy import text
+
 
 NAV = {
     'CAT': { "name": "Settings", "url": "admin.admin_dashboard"}
 }
 
-@admin.route('/settings', methods=['GET'])
+@admin.route('/settings', methods=['GET', 'POST'])
 @login_required
 def settings():
     NAV['curpage'] = {"name": "Settings"}
@@ -27,44 +31,263 @@ def settings():
     elif status == 403:
         return render_template('403.html', user=user, nav_cat={}, nav_subcat='', \
                                nav_subsubcat='', nav_curpage={"name": "Unauthorized"})
-    current_settings = {
-        "APP_EXT_URL": APP_EXT_URL,
-        "AUTH_TYPE": AUTH_TYPE,
-        "AZAD_AUTHORITY":AZAD_AUTHORITY,
-        "AZAD_CLIENT_ID": AZAD_CLIENT_ID,
-        "AZAD_CLIENT_SECRET": AZAD_CLIENT_SECRET,
-        "AZURE_KEYVAULT_NAME": AZURE_KEYVAULT_NAME,
-        "ENV": ENV,
-        "INSECURE_OAUTH": INSECURE_OAUTH,
-        "JENKINS_HOST": JENKINS_HOST,
-        "JENKINS_KEY": JENKINS_KEY,
-        "JENKINS_PROJECT": JENKINS_PROJECT,
-        "JENKINS_STAGING_PROJECT": JENKINS_STAGING_PROJECT,
-        "JENKINS_TOKEN": JENKINS_TOKEN,
-        "JENKINS_USER": JENKINS_USER,
-        "LDAP_BASE_DN": LDAP_BASE_DN,
-        "LDAP_BIND_USER_DN": LDAP_BIND_USER_DN,
-        "LDAP_BIND_USER_PASSWORD": LDAP_BIND_USER_PASSWORD,
-        "LDAP_GROUP_DN": LDAP_GROUP_DN,
-        "LDAP_HOST": LDAP_HOST,
-        "LDAP_PORT": LDAP_PORT,
-        "LDAP_USER_DN": LDAP_USER_DN,
-        "LDAP_USER_LOGIN_ATTR": LDAP_USER_LOGIN_ATTR,
-        "LDAP_USER_RDN_ATTR": LDAP_USER_RDN_ATTR,
-        "PROD_DB_URI": PROD_DB_URI,
-        "SMTP_ADMIN_EMAIL": SMTP_ADMIN_EMAIL,
-        "SMTP_HOST": SMTP_HOST,
-        "SMTP_PASSWORD": SMTP_PASSWORD,
-        "SMTP_USER": SMTP_USER,
-        "SNOW_CLIENT_ID": SNOW_CLIENT_ID,
-        "SNOW_CLIENT_SECRET": SNOW_CLIENT_SECRET,
-        "SNOW_INSTANCE_NAME": SNOW_INSTANCE_NAME,
-        "SNOW_PASSWORD": SNOW_PASSWORD,
-        "SNOW_USERNAME": SNOW_USERNAME,
-        "VERSION": VERSION,
-    }
+    if request.method == 'POST':
+        app_config = AppConfig.query.first()
+
+        all = request.form
+        update_json = {
+                AppConfig.JENKINS_ENABLED: all["JENKINS_ENABLED"],
+                AppConfig.SNOW_ENABLED: all["SNOW_ENABLED"],
+                AppConfig.APP_EXT_URL: all["APP_EXT_URL"],
+                AppConfig.AUTH_TYPE: all["AUTH_TYPE"],
+                AppConfig.AZAD_AUTHORITY: all["AZAD_AUTHORITY"],
+                AppConfig.AZAD_CLIENT_ID: all["AZAD_CLIENT_ID"],
+                AppConfig.AZAD_CLIENT_SECRET: all["AZAD_CLIENT_SECRET"],
+                AppConfig.AZURE_KEYVAULT_NAME: all["AZURE_KEYVAULT_NAME"],
+                AppConfig.ENV: all["ENV"],
+                AppConfig.INSECURE_OAUTH: all["INSECURE_OAUTH"],
+                AppConfig.JENKINS_HOST: all["JENKINS_HOST"],
+                AppConfig.JENKINS_KEY: all["JENKINS_KEY"],
+                AppConfig.JENKINS_PROJECT: all["JENKINS_PROJECT"],
+                AppConfig.JENKINS_STAGING_PROJECT: all["JENKINS_STAGING_PROJECT"],
+                AppConfig.JENKINS_TOKEN: all["JENKINS_TOKEN"],
+                AppConfig.JENKINS_USER: all["JENKINS_USER"],
+                AppConfig.LDAP_BASE_DN: all["LDAP_BASE_DN"],
+                AppConfig.LDAP_BIND_USER_DN: all["LDAP_BIND_USER_DN"],
+                AppConfig.LDAP_BIND_USER_PASSWORD: all["LDAP_BIND_USER_PASSWORD"],
+                AppConfig.LDAP_GROUP_DN: all["LDAP_GROUP_DN"],
+                AppConfig.LDAP_HOST: all["LDAP_HOST"],
+                AppConfig.LDAP_PORT: all["LDAP_PORT"],
+                AppConfig.LDAP_USER_DN: all["LDAP_USER_DN"],
+                AppConfig.LDAP_USER_LOGIN_ATTR: all["LDAP_USER_LOGIN_ATTR"],
+                AppConfig.LDAP_USER_RDN_ATTR: all["LDAP_USER_RDN_ATTR"],
+                AppConfig.PROD_DB_URI: all["PROD_DB_URI"],
+                AppConfig.SMTP_ADMIN_EMAIL: all["SMTP_ADMIN_EMAIL"],
+                AppConfig.SMTP_HOST: all["SMTP_HOST"],
+                AppConfig.SMTP_PASSWORD: all["SMTP_PASSWORD"],
+                AppConfig.SMTP_USER: all["SMTP_USER"],
+                AppConfig.SNOW_CLIENT_ID: all["SNOW_CLIENT_ID"],
+                AppConfig.SNOW_CLIENT_SECRET: all["SNOW_CLIENT_SECRET"],
+                AppConfig.SNOW_INSTANCE_NAME: all["SNOW_INSTANCE_NAME"],
+                AppConfig.SNOW_PASSWORD: all["SNOW_PASSWORD"],
+                AppConfig.SNOW_USERNAME: all["SNOW_USERNAME"],
+                AppConfig.VERSION: all["VERSION"],
+            }
+        if not app_config.settings_initialized:
+            update_json[AppConfig.settings_initialized] = True
+        db.session.query(AppConfig) \
+            .update(update_json, synchronize_session=False)
+        db_connection_handler(db)
+        set_env_variables(all)
+        current_settings = {
+            "JENKINS_ENABLED": all["JENKINS_ENABLED"],
+            "SNOW_ENABLED": all["SNOW_ENABLED"],
+            "APP_EXT_URL": all["APP_EXT_URL"],
+            "AUTH_TYPE": all["AUTH_TYPE"],
+            "AZAD_AUTHORITY": all["AZAD_AUTHORITY"],
+            "AZAD_CLIENT_ID": all["AZAD_CLIENT_ID"],
+            "AZAD_CLIENT_SECRET": all["AZAD_CLIENT_SECRET"],
+            "AZURE_KEYVAULT_NAME": all["AZURE_KEYVAULT_NAME"],
+            "ENV": all["ENV"],
+            "INSECURE_OAUTH": all["INSECURE_OAUTH"],
+            "JENKINS_HOST": all["JENKINS_HOST"],
+            "JENKINS_KEY": all["JENKINS_KEY"],
+            "JENKINS_PROJECT": all["JENKINS_PROJECT"],
+            "JENKINS_STAGING_PROJECT": all["JENKINS_STAGING_PROJECT"],
+            "JENKINS_TOKEN": all["JENKINS_TOKEN"],
+            "JENKINS_USER": all["JENKINS_USER"],
+            "LDAP_BASE_DN": all["LDAP_BASE_DN"],
+            "LDAP_BIND_USER_DN": all["LDAP_BIND_USER_DN"],
+            "LDAP_BIND_USER_PASSWORD": all["LDAP_BIND_USER_PASSWORD"],
+            "LDAP_GROUP_DN": all["LDAP_GROUP_DN"],
+            "LDAP_HOST": all["LDAP_HOST"],
+            "LDAP_PORT": all["LDAP_PORT"],
+            "LDAP_USER_DN": all["LDAP_USER_DN"],
+            "LDAP_USER_LOGIN_ATTR": all["LDAP_USER_LOGIN_ATTR"],
+            "LDAP_USER_RDN_ATTR": all["LDAP_USER_RDN_ATTR"],
+            "PROD_DB_URI": all["PROD_DB_URI"],
+            "SMTP_ADMIN_EMAIL": all["SMTP_ADMIN_EMAIL"],
+            "SMTP_HOST": all["SMTP_HOST"],
+            "SMTP_PASSWORD": all["SMTP_PASSWORD"],
+            "SMTP_USER": all["SMTP_USER"],
+            "SNOW_CLIENT_ID": all["SNOW_CLIENT_ID"],
+            "SNOW_CLIENT_SECRET": all["SNOW_CLIENT_SECRET"],
+            "SNOW_INSTANCE_NAME": all["SNOW_INSTANCE_NAME"],
+            "SNOW_PASSWORD": all["SNOW_PASSWORD"],
+            "SNOW_USERNAME": all["SNOW_USERNAME"],
+            "VERSION": all["VERSION"],
+        }
+    else:
+        app_config = AppConfig.query.first()
+        if app_config.settings_initialized:
+            current_settings = {
+                "JENKINS_ENABLED": app_config.JENKINS_ENABLED,
+                "SNOW_ENABLED": app_config.SNOW_ENABLED,
+                "APP_EXT_URL": app_config.APP_EXT_URL,
+                "AUTH_TYPE": app_config.AUTH_TYPE,
+                "AZAD_AUTHORITY": app_config.AZAD_AUTHORITY,
+                "AZAD_CLIENT_ID": app_config.AZAD_CLIENT_ID,
+                "AZAD_CLIENT_SECRET": app_config.AZAD_CLIENT_SECRET,
+                "AZURE_KEYVAULT_NAME": app_config.AZURE_KEYVAULT_NAME,
+                "ENV": app_config.ENV,
+                "INSECURE_OAUTH": app_config.INSECURE_OAUTH,
+                "JENKINS_HOST": app_config.JENKINS_HOST,
+                "JENKINS_KEY": app_config.JENKINS_KEY,
+                "JENKINS_PROJECT": app_config.JENKINS_PROJECT,
+                "JENKINS_STAGING_PROJECT": app_config.JENKINS_STAGING_PROJECT,
+                "JENKINS_USER": app_config.JENKINS_USER,
+                "JENKINS_TOKEN": app_config.JENKINS_TOKEN,
+                "LDAP_BASE_DN": app_config.LDAP_BASE_DN,
+                "LDAP_BIND_USER_DN": app_config.LDAP_BIND_USER_DN,
+                "LDAP_BIND_USER_PASSWORD": app_config.LDAP_BIND_USER_PASSWORD,
+                "LDAP_GROUP_DN": app_config.LDAP_GROUP_DN,
+                "LDAP_HOST": app_config.LDAP_HOST,
+                "LDAP_PORT": app_config.LDAP_PORT,
+                "LDAP_USER_DN": app_config.LDAP_USER_DN,
+                "LDAP_USER_LOGIN_ATTR": app_config.LDAP_USER_LOGIN_ATTR,
+                "LDAP_USER_RDN_ATTR": app_config.LDAP_USER_RDN_ATTR,
+                "PROD_DB_URI": app_config.PROD_DB_URI,
+                "SMTP_ADMIN_EMAIL": app_config.SMTP_ADMIN_EMAIL,
+                "SMTP_HOST": app_config.SMTP_HOST,
+                "SMTP_USER": app_config.SMTP_USER,
+                "SMTP_PASSWORD": app_config.SMTP_PASSWORD,
+                "SNOW_CLIENT_ID": app_config.SNOW_CLIENT_ID,
+                "SNOW_CLIENT_SECRET": app_config.SNOW_CLIENT_SECRET,
+                "SNOW_INSTANCE_NAME": app_config.SNOW_INSTANCE_NAME,
+                "SNOW_USERNAME": app_config.SNOW_USERNAME,
+                "SNOW_PASSWORD": app_config.SNOW_PASSWORD,
+                "VERSION": app_config.VERSION,
+            }
+        else:
+            current_settings = {
+                "JENKINS_ENABLED": JENKINS_ENABLED,
+                "SNOW_ENABLED": SNOW_ENABLED,
+                "APP_EXT_URL": APP_EXT_URL,
+                "AUTH_TYPE": AUTH_TYPE,
+                "AZAD_AUTHORITY":AZAD_AUTHORITY,
+                "AZAD_CLIENT_ID": AZAD_CLIENT_ID,
+                "AZAD_CLIENT_SECRET": AZAD_CLIENT_SECRET,
+                "AZURE_KEYVAULT_NAME": AZURE_KEYVAULT_NAME,
+                "ENV": ENV,
+                "INSECURE_OAUTH": INSECURE_OAUTH,
+                "JENKINS_HOST": JENKINS_HOST,
+                "JENKINS_KEY": JENKINS_KEY,
+                "JENKINS_PROJECT": JENKINS_PROJECT,
+                "JENKINS_STAGING_PROJECT": JENKINS_STAGING_PROJECT,
+                "JENKINS_USER": JENKINS_USER,
+                "JENKINS_TOKEN": JENKINS_TOKEN,
+                "LDAP_BASE_DN": LDAP_BASE_DN,
+                "LDAP_BIND_USER_DN": LDAP_BIND_USER_DN,
+                "LDAP_BIND_USER_PASSWORD": LDAP_BIND_USER_PASSWORD,
+                "LDAP_GROUP_DN": LDAP_GROUP_DN,
+                "LDAP_HOST": LDAP_HOST,
+                "LDAP_PORT": LDAP_PORT,
+                "LDAP_USER_DN": LDAP_USER_DN,
+                "LDAP_USER_LOGIN_ATTR": LDAP_USER_LOGIN_ATTR,
+                "LDAP_USER_RDN_ATTR": LDAP_USER_RDN_ATTR,
+                "PROD_DB_URI": PROD_DB_URI,
+                "SMTP_ADMIN_EMAIL": SMTP_ADMIN_EMAIL,
+                "SMTP_HOST": SMTP_HOST,
+                "SMTP_USER": SMTP_USER,
+                "SMTP_PASSWORD": SMTP_PASSWORD,
+                "SNOW_CLIENT_ID": SNOW_CLIENT_ID,
+                "SNOW_CLIENT_SECRET": SNOW_CLIENT_SECRET,
+                "SNOW_INSTANCE_NAME": SNOW_INSTANCE_NAME,
+                "SNOW_USERNAME": SNOW_USERNAME,
+                "SNOW_PASSWORD": SNOW_PASSWORD,
+                "VERSION": VERSION,
+            }
+    cat_general = [
+        'APP_EXT_URL',
+        'AUTH_TYPE',
+        'ENV',
+        'INSECURE_OAUTH',
+        'PROD_DB_URI',
+        'VERSION',
+        'AZURE_KEYVAULT_NAME'
+    ]
+    cat_azad = [
+        'AZAD_AUTHORITY',
+        'AZAD_CLIENT_ID',
+        'AZAD_CLIENT_SECRET'
+    ]
+    cat_jenkins = [
+        'JENKINS_ENABLED',
+        'JENKINS_HOST',
+        'JENKINS_KEY',
+        'JENKINS_PROJECT',
+        'JENKINS_STAGING_PROJECT',
+        'JENKINS_TOKEN',
+        'JENKINS_USER'
+    ]
+    cat_ldap = [
+        'LDAP_BASE_DN',
+        'LDAP_BIND_USER_DN',
+        'LDAP_BIND_USER_PASSWORD',
+        'LDAP_GROUP_DN',
+        'LDAP_HOST',
+        'LDAP_PORT',
+        'LDAP_USER_DN',
+        'LDAP_USER_LOGIN_ATTR',
+        'LDAP_USER_RDN_ATTR'
+    ]
+    smtp_settings = [
+        'SMTP_ADMIN_EMAIL',
+        'SMTP_HOST',
+        'SMTP_PASSWORD',
+        'SMTP_USER'
+    ]
+    snow_settings = [
+        'SNOW_ENABLED',
+        'SNOW_CLIENT_ID',
+        'SNOW_CLIENT_SECRET',
+        'SNOW_INSTANCE_NAME',
+        'SNOW_PASSWORD',
+        'SNOW_USERNAME'
+    ]
     return render_template('admin/settings.html', user_roles=user_roles, NAV=NAV,
-                           user=user, settings=current_settings)
+                           user=user, settings=current_settings, cat_general=cat_general,
+                           cat_azad=cat_azad, cat_jenkins=cat_jenkins, cat_ldap=cat_ldap,
+                           smtp_settings=smtp_settings, snow_settings=snow_settings)
+
+def set_env_variables(form):
+    os.environ['APP_EXT_URL'] = form["APP_EXT_URL"]
+    os.environ['AUTH_TYPE'] = form["AUTH_TYPE"]
+    os.environ['AZAD_AUTHORITY'] = form["AZAD_AUTHORITY"]
+    os.environ['AZAD_CLIENT_ID'] = form["AZAD_CLIENT_ID"]
+    os.environ['AZAD_CLIENT_SECRET'] = form["AZAD_CLIENT_SECRET"]
+    os.environ['AZURE_KEYVAULT_NAME'] = form["AZURE_KEYVAULT_NAME"]
+    os.environ['ENV'] = form["ENV"]
+    os.environ['INSECURE_OAUTH'] = form["INSECURE_OAUTH"]
+    os.environ['JENKINS_ENABLED'] = form["JENKINS_ENABLED"]
+    os.environ['JENKINS_HOST'] = form["JENKINS_HOST"]
+    os.environ['JENKINS_KEY'] = form["JENKINS_KEY"]
+    os.environ['JENKINS_PROJECT'] = form["JENKINS_PROJECT"]
+    os.environ['JENKINS_STAGING_PROJECT'] = form["JENKINS_STAGING_PROJECT"]
+    os.environ['JENKINS_TOKEN'] = form["JENKINS_TOKEN"]
+    os.environ['JENKINS_USER'] = form["JENKINS_USER"]
+    os.environ['LDAP_BASE_DN'] = form["LDAP_BASE_DN"]
+    os.environ['LDAP_BIND_USER_DN'] = form["LDAP_BIND_USER_DN"]
+    os.environ['LDAP_BIND_USER_PASSWORD'] = form["LDAP_BIND_USER_PASSWORD"]
+    os.environ['LDAP_GROUP_DN'] = form["LDAP_GROUP_DN"]
+    os.environ['LDAP_HOST'] = form["LDAP_HOST"]
+    os.environ['LDAP_PORT'] = form["LDAP_PORT"]
+    os.environ['LDAP_USER_DN'] = form["LDAP_USER_DN"]
+    os.environ['LDAP_USER_LOGIN_ATTR'] = form["LDAP_USER_LOGIN_ATTR"]
+    os.environ['LDAP_USER_RDN_ATTR'] = form["LDAP_USER_RDN_ATTR"]
+    os.environ['PROD_DB_URI'] = form["PROD_DB_URI"]
+    os.environ['SMTP_ADMIN_EMAIL'] = form["SMTP_ADMIN_EMAIL"]
+    os.environ['SMTP_HOST'] = form["SMTP_HOST"]
+    os.environ['SMTP_PASSWORD'] = form["SMTP_PASSWORD"]
+    os.environ['SMTP_USER'] = form["SMTP_USER"]
+    os.environ['SNOW_ENABLED'] = form["SNOW_ENABLED"]
+    os.environ['SNOW_CLIENT_ID'] = form["SNOW_CLIENT_ID"]
+    os.environ['SNOW_CLIENT_SECRET'] = form["SNOW_CLIENT_SECRET"]
+    os.environ['SNOW_INSTANCE_NAME'] = form["SNOW_INSTANCE_NAME"]
+    os.environ['SNOW_PASSWORD'] = form["SNOW_PASSWORD"]
+    os.environ['SNOW_USERNAME'] = form["SNOW_USERNAME"]
+    os.environ['VERSION'] = form["VERSION"]
+
 
 @admin.route('/dangerous/delete_all', methods=['POST'])
 def delete_all_data():
diff --git a/src/vr/db_models/setup.py b/src/vr/db_models/setup.py
index 67adfc3b..b36fdc22 100644
--- a/src/vr/db_models/setup.py
+++ b/src/vr/db_models/setup.py
@@ -117,6 +117,43 @@ class AppConfig(db.Model):
         __table_args__ = {'extend_existing': True}
         id = db.Column(db.Integer, primary_key=True)
         first_access = db.Column(db.Boolean, nullable=False, default=True)
+        settings_initialized = db.Column(db.Boolean, nullable=False, default=False)
+        APP_EXT_URL = db.Column(db.String(200))
+        AUTH_TYPE = db.Column(db.String(200))
+        AZAD_AUTHORITY = db.Column(db.String(200))
+        AZAD_CLIENT_ID = db.Column(db.String(200))
+        AZAD_CLIENT_SECRET = db.Column(db.String(200))
+        AZURE_KEYVAULT_NAME = db.Column(db.String(200))
+        ENV = db.Column(db.String(200))
+        INSECURE_OAUTH = db.Column(db.String(200))
+        JENKINS_HOST = db.Column(db.String(200))
+        JENKINS_KEY = db.Column(db.String(200))
+        JENKINS_PROJECT = db.Column(db.String(200))
+        JENKINS_STAGING_PROJECT = db.Column(db.String(200))
+        JENKINS_TOKEN = db.Column(db.String(200))
+        JENKINS_USER = db.Column(db.String(200))
+        LDAP_BASE_DN = db.Column(db.String(200))
+        LDAP_BIND_USER_DN = db.Column(db.String(200))
+        LDAP_BIND_USER_PASSWORD = db.Column(db.String(200))
+        LDAP_GROUP_DN = db.Column(db.String(200))
+        LDAP_HOST = db.Column(db.String(200))
+        LDAP_PORT = db.Column(db.String(200))
+        LDAP_USER_DN = db.Column(db.String(200))
+        LDAP_USER_LOGIN_ATTR = db.Column(db.String(200))
+        LDAP_USER_RDN_ATTR = db.Column(db.String(200))
+        PROD_DB_URI = db.Column(db.String(200))
+        SMTP_ADMIN_EMAIL = db.Column(db.String(200))
+        SMTP_HOST = db.Column(db.String(200))
+        SMTP_PASSWORD = db.Column(db.String(200))
+        SMTP_USER = db.Column(db.String(200))
+        SNOW_CLIENT_ID = db.Column(db.String(200))
+        SNOW_CLIENT_SECRET = db.Column(db.String(200))
+        SNOW_INSTANCE_NAME = db.Column(db.String(200))
+        SNOW_PASSWORD = db.Column(db.String(200))
+        SNOW_USERNAME = db.Column(db.String(200))
+        VERSION = db.Column(db.String(200))
+        JENKINS_ENABLED = db.Column(db.String(200))
+        SNOW_ENABLED = db.Column(db.String(200))
 
     AppConfig()
 
diff --git a/src/vr/templates/admin/settings.html b/src/vr/templates/admin/settings.html
index 06a4bee5..a7564e1a 100644
--- a/src/vr/templates/admin/settings.html
+++ b/src/vr/templates/admin/settings.html
@@ -113,13 +113,135 @@ <h2>Application Settings</h2>
             </nav>
             <!-- Settings Form -->
             <form method="post">
+                <input type="hidden" name="csrf_token" value="{{ csrf_token() }}"/>
                 <!-- Dynamically generate form fields based on settings -->
+
+                <div id="general_container">
+                <h3 style="margin-bottom: 1em;">General Settings</h3>
+                {% for key, value in settings.items() %}
+                    {% if key in cat_general %}
+                        <div class="form-group">
+                            <label for="{{ key }}">{{ key }}</label>
+                            {% if key == "AUTH_TYPE" %}
+                                <select class="form-control" id="{{ key }}" name="{{ key }}" onchange="changeAuth(this)">
+                                    <option value="local" {% if value == 'local' %}selected="selected"{% endif %}>Local</option>
+                                    <option value="azuread" {% if value == 'azuread' %}selected="selected"{% endif %}>Azure AD</option>
+                                    <option value="ldap" {% if value == 'ldap' %}selected="selected"{% endif %}>LDAP</option>
+                                </select>
+                            {% elif key == "INSECURE_OAUTH" %}
+                                <select class="form-control" id="{{ key }}" name="{{ key }}">
+                                    <option value="True" {% if value == 'True' %}selected="selected"{% endif %}>True</option>
+                                    <option value="False" {% if value == 'False' %}selected="selected"{% endif %}>False</option>
+                                </select>
+                            {% elif key == "PROD_DB_URI" %}
+                                <input type="password" class="form-control" id="{{ key }}" name="{{ key }}" value="{{ value }}"><div id="mask_db_pw_vis" class="fa-solid fa-eye" onclick="toggleDbPw(this)"></div><div id="mask_db_pw_novis" class="fa-solid fa-eye-slash" style="display: none;" onclick="toggleDbPw(this)"></div>
+                            {% elif key == "ENV" or key == "VERSION" %}
+                                <input disabled="disabled" type="text" class="form-control" id="{{ key }}" name="{{ key }}" value="{{ value }}">
+                            {% else %}
+                                <input type="text" class="form-control" id="{{ key }}" name="{{ key }}" value="{{ value }}">
+                            {% endif %}
+                        </div>
+                    {% endif %}
+                {% endfor %}
+                </div>
+
+                <div id="ldap_container" style="display:{% if settings['AUTH_TYPE'] == "ldap" %}block{% else %}none{% endif %};">
+                <h3 style="margin-bottom: 1em;">LDAP Settings</h3>
                 {% for key, value in settings.items() %}
-                <div class="form-group">
-                    <label for="{{ key }}">{{ key }}</label>
-                    <input type="text" class="form-control" id="{{ key }}" name="{{ key }}" value="{{ value }}">
+                    {% if key in cat_ldap %}
+                        <div class="form-group">
+                            <label for="{{ key }}">{{ key }}</label>
+                            <input type="text" class="form-control" id="{{ key }}" name="{{ key }}" value="{{ value }}">
+                        </div>
+                    {% endif %}
+                {% endfor %}
                 </div>
+
+                <div id="azad_container" style="display:{% if settings['AUTH_TYPE'] == "azad" %}block{% else %}none{% endif %};">
+                <h3 style="margin-bottom: 1em;">Azure Active Directory Settings</h3>
+                {% for key, value in settings.items() %}
+                    {% if key in cat_azad %}
+                        <div class="form-group">
+                            <label for="{{ key }}">{{ key }}</label>
+                            <input type="text" class="form-control" id="{{ key }}" name="{{ key }}" value="{{ value }}">
+                        </div>
+                    {% endif %}
                 {% endfor %}
+                </div>
+
+                <div id="smtp_container">
+                <h3 style="margin-bottom: 1em;">SMTP Settings</h3>
+                {% for key, value in settings.items() %}
+                    {% if key in smtp_settings %}
+                        <div class="form-group">
+                            <label for="{{ key }}">{{ key }}</label>
+                            {% if key == 'SMTP_PASSWORD' %}
+                                <input type="password" class="form-control" id="{{ key }}" name="{{ key }}" value="{{ value }}"><div id="mask_smtp_pw_vis" class="fa-solid fa-eye" onclick="toggleSmtpPw(this)"></div><div id="mask_smtp_pw_novis" class="fa-solid fa-eye-slash" style="display: none;" onclick="toggleSmtpPw(this)"></div>
+                            {% else %}
+                                <input type="text" class="form-control" id="{{ key }}" name="{{ key }}" value="{{ value }}">
+                            {% endif %}
+
+                        </div>
+                    {% endif %}
+                {% endfor %}
+                </div>
+
+                <div id="jenkins_container">
+                <h3 style="margin-bottom: 1em;">Jenkins Settings</h3>
+                {% for key, value in settings.items() %}
+                    {% if key in cat_jenkins %}
+                        <div class="form-group">
+                            {% if key == 'JENKINS_ENABLED' %}
+                                <label for="{{ key }}">{{ key }}</label>
+                                <select class="form-control" id="{{ key }}" name="{{ key }}" onchange="changeJenkins(this)">
+                                    <option value="no" {% if value == 'no' %}selected="selected"{% endif %}>No</option>
+                                    <option value="yes" {% if value == 'yes' %}selected="selected"{% endif %}>Yes</option>
+                                </select>
+                            {% elif key == 'JENKINS_KEY' %}
+                                <label id="{{ key }}_l" for="{{ key }}" style="display: {% if settings['JENKINS_ENABLED'] == 'yes' %}block{% else %}none{% endif %};">{{ key }}</label>
+                                <div id="{{ key }}_i" {% if settings['JENKINS_ENABLED'] != 'yes' %}style="display:none;"{% else %}style="display:contents;"{% endif %}><input type="password" class="form-control" id="{{ key }}" name="{{ key }}" value="{{ value }}"><div id="mask_jenkins_key_vis" class="fa-solid fa-eye" onclick="toggleJenkinsKey(this)"></div><div id="mask_jenkins_key_novis" class="fa-solid fa-eye-slash" style="display: none;" onclick="toggleJenkinsKey(this)"></div></div>
+                            {% elif key == 'JENKINS_TOKEN' %}
+                                <label id="{{ key }}_l" for="{{ key }}" style="display: {% if settings['JENKINS_ENABLED'] == 'yes' %}block{% else %}none{% endif %};">{{ key }}</label>
+                                <div id="{{ key }}_i" {% if settings['JENKINS_ENABLED'] != 'yes' %}style="display:none;"{% else %}style="display:contents;"{% endif %}><input type="password" class="form-control" id="{{ key }}" name="{{ key }}" value="{{ value }}"><div id="mask_jenkins_token_vis" class="fa-solid fa-eye" onclick="toggleJenkinsToken(this)"></div><div id="mask_jenkins_token_novis" class="fa-solid fa-eye-slash" style="display: none;" onclick="toggleJenkinsToken(this)"></div></div>
+                            {% else %}
+                                <label id="{{ key }}_l" for="{{ key }}" style="display: {% if settings['JENKINS_ENABLED'] == 'yes' %}block{% else %}none{% endif %};">{{ key }}</label>
+                                <input type="text" class="form-control" id="{{ key }}" name="{{ key }}" value="{{ value }}" style="display: {% if settings['JENKINS_ENABLED'] == 'yes' %}block{% else %}none{% endif %};">
+                            {% endif %}
+                        </div>
+                    {% endif %}
+                {% endfor %}
+                </div>
+
+
+
+
+
+                <div id="snow_container">
+                <h3 style="margin-bottom: 1em;">ServiceNOW Settings</h3>
+                {% for key, value in settings.items() %}
+                    {% if key in snow_settings %}
+                        <div class="form-group">
+                            {% if key == 'SNOW_ENABLED' %}
+                                <label for="{{ key }}">{{ key }}</label>
+                                <select class="form-control" id="{{ key }}" name="{{ key }}" onchange="changeSnow(this)">
+                                    <option value="no" {% if value == 'no' %}selected="selected"{% endif %}>No</option>
+                                    <option value="yes" {% if value == 'yes' %}selected="selected"{% endif %}>Yes</option>
+                                </select>
+                            {% elif key == 'SNOW_CLIENT_SECRET' %}
+                                <label id="{{ key }}_l" for="{{ key }}" style="display: {% if settings['SNOW_ENABLED'] == 'yes' %}block{% else %}none{% endif %};">{{ key }}</label>
+                                <div id="{{ key }}_i" {% if settings['SNOW_ENABLED'] != 'yes' %}style="display:none;"{% else %}style="display:contents;"{% endif %}><input type="password" class="form-control" id="{{ key }}" name="{{ key }}" value="{{ value }}"><div id="mask_snow_secret_vis" class="fa-solid fa-eye" onclick="toggleSnowSecret(this)"></div><div id="mask_snow_secret_novis" class="fa-solid fa-eye-slash" style="display: none;" onclick="toggleSnowSecret(this)"></div></div>
+                            {% elif key == 'SNOW_PASSWORD' %}
+                                <label id="{{ key }}_l" for="{{ key }}" style="display: {% if settings['SNOW_ENABLED'] == 'yes' %}block{% else %}none{% endif %};">{{ key }}</label>
+                                <div id="{{ key }}_i" {% if settings['SNOW_ENABLED'] != 'yes' %}style="display:none;"{% else %}style="display:contents;"{% endif %}><input type="password" class="form-control" id="{{ key }}" name="{{ key }}" value="{{ value }}"><div id="mask_snow_pw_vis" class="fa-solid fa-eye" onclick="toggleSnowPW(this)"></div><div id="mask_snow_pw_novis" class="fa-solid fa-eye-slash" style="display: none;" onclick="toggleSnowPW(this)"></div></div>
+                            {% else %}
+                                <label id="{{ key }}_l" for="{{ key }}" style="display: {% if settings['SNOW_ENABLED'] == 'yes' %}block{% else %}none{% endif %};">{{ key }}</label>
+                                <input type="text" class="form-control" id="{{ key }}" name="{{ key }}" value="{{ value }}" style="display: {% if settings['SNOW_ENABLED'] == 'yes' %}block{% else %}none{% endif %};">
+                            {% endif %}
+                        </div>
+                    {% endif %}
+                {% endfor %}
+                </div>
+
                 <button type="submit" class="btn btn-primary">Update Settings</button>
             </form>
         </div>
@@ -128,4 +250,157 @@ <h2>Application Settings</h2>
   </div>
     <!-- Optional: Include JavaScript for dynamic form handling -->
 
+<script>
+function toggleSmtpPw(obj) {
+    var answer = obj.id;
+    if (answer == "mask_smtp_pw_vis") {
+        obj.style.display = 'none';
+        document.getElementById('mask_smtp_pw_novis').style.display = 'block';
+        document.getElementById('SMTP_PASSWORD').type = 'text';
+    } else if (answer == "mask_smtp_pw_novis") {
+        obj.style.display = 'none';
+        document.getElementById('mask_smtp_pw_vis').style.display = 'block';
+        document.getElementById('SMTP_PASSWORD').type = 'password';
+    }
+}
+
+function toggleDbPw(obj) {
+    var answer = obj.id;
+    if (answer == "mask_db_pw_vis") {
+        obj.style.display = 'none';
+        document.getElementById('mask_db_pw_novis').style.display = 'block';
+        document.getElementById('PROD_DB_URI').type = 'text';
+    } else if (answer == "mask_db_pw_novis") {
+        obj.style.display = 'none';
+        document.getElementById('mask_db_pw_vis').style.display = 'block';
+        document.getElementById('PROD_DB_URI').type = 'password';
+    }
+}
+
+function toggleJenkinsKey(obj) {
+    var answer = obj.id;
+    if (answer == "mask_jenkins_key_vis") {
+        obj.style.display = 'none';
+        document.getElementById('mask_jenkins_key_novis').style.display = 'block';
+        document.getElementById('JENKINS_KEY').type = 'text';
+    } else if (answer == "mask_jenkins_key_novis") {
+        obj.style.display = 'none';
+        document.getElementById('mask_jenkins_key_vis').style.display = 'block';
+        document.getElementById('JENKINS_KEY').type = 'password';
+    }
+}
+
+function toggleJenkinsToken(obj) {
+    var answer = obj.id;
+    if (answer == "mask_jenkins_token_vis") {
+        obj.style.display = 'none';
+        document.getElementById('mask_jenkins_token_novis').style.display = 'block';
+        document.getElementById('JENKINS_TOKEN').type = 'text';
+    } else if (answer == "mask_jenkins_token_novis") {
+        obj.style.display = 'none';
+        document.getElementById('mask_jenkins_token_vis').style.display = 'block';
+        document.getElementById('JENKINS_TOKEN').type = 'password';
+    }
+}
+
+function toggleSnowSecret(obj) {
+    var answer = obj.id;
+    if (answer == "mask_snow_secret_vis") {
+        obj.style.display = 'none';
+        document.getElementById('mask_snow_secret_novis').style.display = 'block';
+        document.getElementById('SNOW_CLIENT_SECRET').type = 'text';
+    } else if (answer == "mask_snow_secret_novis") {
+        obj.style.display = 'none';
+        document.getElementById('mask_snow_secret_vis').style.display = 'block';
+        document.getElementById('SNOW_CLIENT_SECRET').type = 'password';
+    }
+}
+
+function toggleSnowPW(obj) {
+    var answer = obj.id;
+    if (answer == "mask_snow_pw_vis") {
+        obj.style.display = 'none';
+        document.getElementById('mask_snow_pw_novis').style.display = 'block';
+        document.getElementById('SNOW_PASSWORD').type = 'text';
+    } else if (answer == "mask_snow_pw_novis") {
+        obj.style.display = 'none';
+        document.getElementById('mask_snow_pw_vis').style.display = 'block';
+        document.getElementById('SNOW_PASSWORD').type = 'password';
+    }
+}
+
+function changeAuth(obj) {
+    var value = obj.value;
+    if (value == "azuread") {
+        document.getElementById("azad_container").style.display = "block";
+        document.getElementById("ldap_container").style.display = "none";
+    } else if (value == "ldap") {
+        document.getElementById("azad_container").style.display = "none";
+        document.getElementById("ldap_container").style.display = "block";
+    } else if (value == "local") {
+        document.getElementById("azad_container").style.display = "none";
+        document.getElementById("ldap_container").style.display = "none";
+    }
+
+}
+
+function changeJenkins(obj) {
+    var value = obj.value;
+    if (value == "no") {
+        document.getElementById("JENKINS_HOST").style.display = "none";
+        document.getElementById("JENKINS_KEY_i").style.display = "none";
+        document.getElementById("JENKINS_PROJECT").style.display = "none";
+        document.getElementById("JENKINS_STAGING_PROJECT").style.display = "none";
+        document.getElementById("JENKINS_TOKEN_i").style.display = "none";
+        document.getElementById("JENKINS_USER").style.display = "none";
+        document.getElementById("JENKINS_HOST_l").style.display = "none";
+        document.getElementById("JENKINS_KEY_l").style.display = "none";
+        document.getElementById("JENKINS_PROJECT_l").style.display = "none";
+        document.getElementById("JENKINS_STAGING_PROJECT_l").style.display = "none";
+        document.getElementById("JENKINS_TOKEN_l").style.display = "none";
+        document.getElementById("JENKINS_USER_l").style.display = "none";
+    } else {
+        document.getElementById("JENKINS_HOST").style.display = "block";
+        document.getElementById("JENKINS_KEY_i").style.display = "contents";
+        document.getElementById("JENKINS_PROJECT").style.display = "block";
+        document.getElementById("JENKINS_STAGING_PROJECT").style.display = "block";
+        document.getElementById("JENKINS_TOKEN_i").style.display = "contents";
+        document.getElementById("JENKINS_USER").style.display = "block";
+        document.getElementById("JENKINS_HOST_l").style.display = "block";
+        document.getElementById("JENKINS_KEY_l").style.display = "block";
+        document.getElementById("JENKINS_PROJECT_l").style.display = "block";
+        document.getElementById("JENKINS_STAGING_PROJECT_l").style.display = "block";
+        document.getElementById("JENKINS_TOKEN_l").style.display = "block";
+        document.getElementById("JENKINS_USER_l").style.display = "block";
+    }
+}
+
+function changeSnow(obj) {
+    var value = obj.value;
+    if (value == "no") {
+        document.getElementById("SNOW_CLIENT_ID").style.display = "none";
+        document.getElementById("SNOW_CLIENT_SECRET_i").style.display = "none";
+        document.getElementById("SNOW_INSTANCE_NAME").style.display = "none";
+        document.getElementById("SNOW_PASSWORD_i").style.display = "contents";
+        document.getElementById("SNOW_USERNAME").style.display = "none";
+        document.getElementById("SNOW_CLIENT_ID_l").style.display = "none";
+        document.getElementById("SNOW_CLIENT_SECRET_l").style.display = "none";
+        document.getElementById("SNOW_INSTANCE_NAME_l").style.display = "none";
+        document.getElementById("SNOW_PASSWORD_l").style.display = "none";
+        document.getElementById("SNOW_USERNAME_l").style.display = "none";
+    } else {
+        document.getElementById("SNOW_CLIENT_ID").style.display = "block";
+        document.getElementById("SNOW_CLIENT_SECRET_i").style.display = "contents";
+        document.getElementById("SNOW_INSTANCE_NAME").style.display = "block";
+        document.getElementById("SNOW_PASSWORD_i").style.display = "contents";
+        document.getElementById("SNOW_USERNAME").style.display = "block";
+        document.getElementById("SNOW_CLIENT_ID_l").style.display = "block";
+        document.getElementById("SNOW_CLIENT_SECRET_l").style.display = "block";
+        document.getElementById("SNOW_INSTANCE_NAME_l").style.display = "block";
+        document.getElementById("SNOW_PASSWORD_l").style.display = "block";
+        document.getElementById("SNOW_USERNAME_l").style.display = "block";
+    }
+}
+</script>
+
 {% endblock %}

From 21ff0cd41580558c684fbfe7a5210fe55b87abfc Mon Sep 17 00:00:00 2001
From: bkaiserinfosec <49665796+bkaiserinfosec@users.noreply.github.com>
Date: Sun, 17 Mar 2024 21:45:15 -0700
Subject: [PATCH 05/14] add function for table updates

---
 src/vr/__init__.py          |  5 ++++
 src/vr/db_models/updates.py | 56 +++++++++++++++++++++++++++++++++++++
 2 files changed, 61 insertions(+)
 create mode 100644 src/vr/db_models/updates.py

diff --git a/src/vr/__init__.py b/src/vr/__init__.py
index e1bc03cf..a35d9183 100644
--- a/src/vr/__init__.py
+++ b/src/vr/__init__.py
@@ -29,6 +29,7 @@
 from Crypto.PublicKey import RSA
 from Crypto.Cipher import PKCS1_OAEP
 from requests.auth import HTTPBasicAuth
+from vr.db_models.updates import createNewTables
 
 if AUTH_TYPE == 'azuread':
     from flask_session import Session
@@ -180,6 +181,10 @@ def base64encode(value):
         return None
 
 
+## Release-based updates ##
+cwd = os.getcwd()
+createNewTables(DB_URI)
+print()
 ## Cronjob-like tasks section ##
 def train_model_every_six_hours():
     scheduler = BackgroundScheduler()
diff --git a/src/vr/db_models/updates.py b/src/vr/db_models/updates.py
new file mode 100644
index 00000000..d6028a0f
--- /dev/null
+++ b/src/vr/db_models/updates.py
@@ -0,0 +1,56 @@
+from flask_sqlalchemy import SQLAlchemy
+from flask import Flask
+
+
+def createNewTables(db_uri):
+    mock_app = Flask(__name__)
+    # Example database URI, replace it with your actual database URI
+    mock_app.config['SQLALCHEMY_DATABASE_URI'] = db_uri
+    mock_app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False
+    db = SQLAlchemy(mock_app)
+
+    class AppConfig(db.Model):
+        __tablename__ = 'AppConfig'
+        __table_args__ = {'extend_existing': True}
+        id = db.Column(db.Integer, primary_key=True)
+        first_access = db.Column(db.Boolean, nullable=False, default=True)
+        settings_initialized = db.Column(db.Boolean, nullable=False, default=False)
+        APP_EXT_URL = db.Column(db.String(200))
+        AUTH_TYPE = db.Column(db.String(200))
+        AZAD_AUTHORITY = db.Column(db.String(200))
+        AZAD_CLIENT_ID = db.Column(db.String(200))
+        AZAD_CLIENT_SECRET = db.Column(db.String(200))
+        AZURE_KEYVAULT_NAME = db.Column(db.String(200))
+        ENV = db.Column(db.String(200))
+        INSECURE_OAUTH = db.Column(db.String(200))
+        JENKINS_HOST = db.Column(db.String(200))
+        JENKINS_KEY = db.Column(db.String(200))
+        JENKINS_PROJECT = db.Column(db.String(200))
+        JENKINS_STAGING_PROJECT = db.Column(db.String(200))
+        JENKINS_TOKEN = db.Column(db.String(200))
+        JENKINS_USER = db.Column(db.String(200))
+        LDAP_BASE_DN = db.Column(db.String(200))
+        LDAP_BIND_USER_DN = db.Column(db.String(200))
+        LDAP_BIND_USER_PASSWORD = db.Column(db.String(200))
+        LDAP_GROUP_DN = db.Column(db.String(200))
+        LDAP_HOST = db.Column(db.String(200))
+        LDAP_PORT = db.Column(db.String(200))
+        LDAP_USER_DN = db.Column(db.String(200))
+        LDAP_USER_LOGIN_ATTR = db.Column(db.String(200))
+        LDAP_USER_RDN_ATTR = db.Column(db.String(200))
+        PROD_DB_URI = db.Column(db.String(200))
+        SMTP_ADMIN_EMAIL = db.Column(db.String(200))
+        SMTP_HOST = db.Column(db.String(200))
+        SMTP_PASSWORD = db.Column(db.String(200))
+        SMTP_USER = db.Column(db.String(200))
+        SNOW_CLIENT_ID = db.Column(db.String(200))
+        SNOW_CLIENT_SECRET = db.Column(db.String(200))
+        SNOW_INSTANCE_NAME = db.Column(db.String(200))
+        SNOW_PASSWORD = db.Column(db.String(200))
+        SNOW_USERNAME = db.Column(db.String(200))
+        VERSION = db.Column(db.String(200))
+        JENKINS_ENABLED = db.Column(db.String(200))
+        SNOW_ENABLED = db.Column(db.String(200))
+
+    with mock_app.app_context():
+        db.create_all()

From cfcaab32d347f5e31733fd0067d968ad987be7c4 Mon Sep 17 00:00:00 2001
From: bkaiserinfosec <49665796+bkaiserinfosec@users.noreply.github.com>
Date: Sun, 17 Mar 2024 23:00:43 -0700
Subject: [PATCH 06/14] updated function for db updates

---
 src/vr/__init__.py          |   5 +-
 src/vr/db_models/updates.py | 140 ++++++++++++++++++++++--------------
 2 files changed, 90 insertions(+), 55 deletions(-)

diff --git a/src/vr/__init__.py b/src/vr/__init__.py
index a35d9183..42a86ea1 100644
--- a/src/vr/__init__.py
+++ b/src/vr/__init__.py
@@ -182,9 +182,8 @@ def base64encode(value):
 
 
 ## Release-based updates ##
-cwd = os.getcwd()
-createNewTables(DB_URI)
-print()
+createNewTables(app)
+
 ## Cronjob-like tasks section ##
 def train_model_every_six_hours():
     scheduler = BackgroundScheduler()
diff --git a/src/vr/db_models/updates.py b/src/vr/db_models/updates.py
index d6028a0f..93106286 100644
--- a/src/vr/db_models/updates.py
+++ b/src/vr/db_models/updates.py
@@ -1,56 +1,92 @@
-from flask_sqlalchemy import SQLAlchemy
-from flask import Flask
+import mysql.connector
+import sqlite3
+import os
 
 
-def createNewTables(db_uri):
-    mock_app = Flask(__name__)
-    # Example database URI, replace it with your actual database URI
-    mock_app.config['SQLALCHEMY_DATABASE_URI'] = db_uri
-    mock_app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False
-    db = SQLAlchemy(mock_app)
+def get_client(app):
+    if app.config['RUNTIME_ENV'] == 'test':
+        cur_path = os.getcwd()
+        if 'www' in cur_path and 'html' in cur_path:
+            db_uri = '/var/www/html/src/instance/database.db'
+        else:
+            db_uri = 'instance/database.db'
+        db = sqlite3.connect(db_uri)
+        cur = db.cursor()
+        return cur, db
+    else:
+        db_uri = app.config['SQLALCHEMY_DATABASE_URI']
+        main_part = db_uri.split('://')[1]
+        un = main_part.split(':', 1)[0]
+        db_name = main_part.rsplit('/', 1)[1]
+        host_and_port = main_part.rsplit('@', 1)[1].replace(f"/{db_name}", '')
+        host = host_and_port.split(':')[0]
+        port = int(host_and_port.split(':')[1])
+        pw = main_part.split(':', 1)[1].replace(f"@{host}", '').replace(f"/{db_name}", '').replace(f":{port}", "")
+        db = mysql.connector.connect(host=host, database=db_name, user=un, password=pw, port=port)
+        cur = db.cursor()
+        return cur, db
 
-    class AppConfig(db.Model):
-        __tablename__ = 'AppConfig'
-        __table_args__ = {'extend_existing': True}
-        id = db.Column(db.Integer, primary_key=True)
-        first_access = db.Column(db.Boolean, nullable=False, default=True)
-        settings_initialized = db.Column(db.Boolean, nullable=False, default=False)
-        APP_EXT_URL = db.Column(db.String(200))
-        AUTH_TYPE = db.Column(db.String(200))
-        AZAD_AUTHORITY = db.Column(db.String(200))
-        AZAD_CLIENT_ID = db.Column(db.String(200))
-        AZAD_CLIENT_SECRET = db.Column(db.String(200))
-        AZURE_KEYVAULT_NAME = db.Column(db.String(200))
-        ENV = db.Column(db.String(200))
-        INSECURE_OAUTH = db.Column(db.String(200))
-        JENKINS_HOST = db.Column(db.String(200))
-        JENKINS_KEY = db.Column(db.String(200))
-        JENKINS_PROJECT = db.Column(db.String(200))
-        JENKINS_STAGING_PROJECT = db.Column(db.String(200))
-        JENKINS_TOKEN = db.Column(db.String(200))
-        JENKINS_USER = db.Column(db.String(200))
-        LDAP_BASE_DN = db.Column(db.String(200))
-        LDAP_BIND_USER_DN = db.Column(db.String(200))
-        LDAP_BIND_USER_PASSWORD = db.Column(db.String(200))
-        LDAP_GROUP_DN = db.Column(db.String(200))
-        LDAP_HOST = db.Column(db.String(200))
-        LDAP_PORT = db.Column(db.String(200))
-        LDAP_USER_DN = db.Column(db.String(200))
-        LDAP_USER_LOGIN_ATTR = db.Column(db.String(200))
-        LDAP_USER_RDN_ATTR = db.Column(db.String(200))
-        PROD_DB_URI = db.Column(db.String(200))
-        SMTP_ADMIN_EMAIL = db.Column(db.String(200))
-        SMTP_HOST = db.Column(db.String(200))
-        SMTP_PASSWORD = db.Column(db.String(200))
-        SMTP_USER = db.Column(db.String(200))
-        SNOW_CLIENT_ID = db.Column(db.String(200))
-        SNOW_CLIENT_SECRET = db.Column(db.String(200))
-        SNOW_INSTANCE_NAME = db.Column(db.String(200))
-        SNOW_PASSWORD = db.Column(db.String(200))
-        SNOW_USERNAME = db.Column(db.String(200))
-        VERSION = db.Column(db.String(200))
-        JENKINS_ENABLED = db.Column(db.String(200))
-        SNOW_ENABLED = db.Column(db.String(200))
 
-    with mock_app.app_context():
-        db.create_all()
+def createNewTables(app):
+    cur, db = get_client(app)
+    if app.config['RUNTIME_ENV'] == 'test':
+        sql = "PRAGMA table_info('AppConfig')"
+    else:
+        sql = "SELECT column_name FROM information_schema.columns WHERE table_schema = 'vulnremediator' AND table_name = 'AppConfig'"
+    cur.execute(sql)
+    rows = cur.fetchall()
+    fields = []
+    for i in rows:
+        fields.append(i[1])
+    new_fields = [
+        {"name": "APP_EXT_URL", "type": "VARCHAR", "char_num": 200},
+        {"name": "AUTH_TYPE", "type": "VARCHAR", "char_num": 200},
+        {"name": "AZAD_AUTHORITY", "type": "VARCHAR", "char_num": 200},
+        {"name": "AZAD_CLIENT_ID", "type": "VARCHAR", "char_num": 200},
+        {"name": "AZAD_CLIENT_SECRET", "type": "VARCHAR", "char_num": 200},
+        {"name": "AZURE_KEYVAULT_NAME", "type": "VARCHAR", "char_num": 200},
+        {"name": "ENV", "type": "VARCHAR", "char_num": 200},
+        {"name": "INSECURE_OAUTH", "type": "VARCHAR", "char_num": 200},
+        {"name": "JENKINS_HOST", "type": "VARCHAR", "char_num": 200},
+        {"name": "JENKINS_KEY", "type": "VARCHAR", "char_num": 200},
+        {"name": "JENKINS_PROJECT", "type": "VARCHAR", "char_num": 200},
+        {"name": "JENKINS_STAGING_PROJECT", "type": "VARCHAR", "char_num": 200},
+        {"name": "JENKINS_TOKEN", "type": "VARCHAR", "char_num": 200},
+        {"name": "JENKINS_USER", "type": "VARCHAR", "char_num": 200},
+        {"name": "LDAP_BASE_DN", "type": "VARCHAR", "char_num": 200},
+        {"name": "LDAP_BIND_USER_DN", "type": "VARCHAR", "char_num": 200},
+        {"name": "LDAP_BIND_USER_PASSWORD", "type": "VARCHAR", "char_num": 200},
+        {"name": "LDAP_GROUP_DN", "type": "VARCHAR", "char_num": 200},
+        {"name": "LDAP_HOST", "type": "VARCHAR", "char_num": 200},
+        {"name": "LDAP_PORT", "type": "VARCHAR", "char_num": 200},
+        {"name": "LDAP_USER_DN", "type": "VARCHAR", "char_num": 200},
+        {"name": "LDAP_USER_LOGIN_ATTR", "type": "VARCHAR", "char_num": 200},
+        {"name": "LDAP_USER_RDN_ATTR", "type": "VARCHAR", "char_num": 200},
+        {"name": "PROD_DB_URI", "type": "VARCHAR", "char_num": 200},
+        {"name": "SMTP_ADMIN_EMAIL", "type": "VARCHAR", "char_num": 200},
+        {"name": "SMTP_HOST", "type": "VARCHAR", "char_num": 200},
+        {"name": "SMTP_PASSWORD", "type": "VARCHAR", "char_num": 200},
+        {"name": "SMTP_USER", "type": "VARCHAR", "char_num": 200},
+        {"name": "SNOW_CLIENT_ID", "type": "VARCHAR", "char_num": 200},
+        {"name": "SNOW_CLIENT_SECRET", "type": "VARCHAR", "char_num": 200},
+        {"name": "SNOW_INSTANCE_NAME", "type": "VARCHAR", "char_num": 200},
+        {"name": "SNOW_PASSWORD", "type": "VARCHAR", "char_num": 200},
+        {"name": "SNOW_USERNAME", "type": "VARCHAR", "char_num": 200},
+        {"name": "VERSION", "type": "VARCHAR", "char_num": 200},
+        {"name": "JENKINS_ENABLED", "type": "VARCHAR", "char_num": 200},
+        {"name": "SNOW_ENABLED", "type": "VARCHAR", "char_num": 200}
+    ]
+
+    for i in new_fields:
+        if i['name'] not in fields:
+            if app.config['RUNTIME_ENV'] == 'test':
+                if i['type'] == 'VARCHAR':
+                    var_stmt = f"VARCHAR({i['char_num']})"
+                sql = "ALTER TABLE AppConfig ADD COLUMN" + i['name'] + var_stmt
+            else:
+                if i['type'] == 'VARCHAR':
+                    var_stmt = "TEXT"
+                sql = "ALTER TABLE AppConfig ADD COLUMN" + i['name'] + var_stmt
+            cur.execute(sql)
+            db.commit()
+

From fe6982798edee75a849db61adb9cbafac4141dee Mon Sep 17 00:00:00 2001
From: bkaiserinfosec <49665796+bkaiserinfosec@users.noreply.github.com>
Date: Mon, 18 Mar 2024 06:50:36 -0700
Subject: [PATCH 07/14] Update updates.py

---
 src/vr/db_models/updates.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/vr/db_models/updates.py b/src/vr/db_models/updates.py
index 93106286..d9a2c8c8 100644
--- a/src/vr/db_models/updates.py
+++ b/src/vr/db_models/updates.py
@@ -37,7 +37,10 @@ def createNewTables(app):
     rows = cur.fetchall()
     fields = []
     for i in rows:
-        fields.append(i[1])
+        if app.config['RUNTIME_ENV'] == 'test':
+            fields.append(i[1])
+        else:
+            fields.append(i[0])
     new_fields = [
         {"name": "APP_EXT_URL", "type": "VARCHAR", "char_num": 200},
         {"name": "AUTH_TYPE", "type": "VARCHAR", "char_num": 200},

From b84553ccf452ae2eb6e077a36c801a7600064d54 Mon Sep 17 00:00:00 2001
From: bkaiserinfosec <49665796+bkaiserinfosec@users.noreply.github.com>
Date: Mon, 18 Mar 2024 07:07:43 -0700
Subject: [PATCH 08/14] Update updates.py

---
 src/vr/db_models/updates.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/vr/db_models/updates.py b/src/vr/db_models/updates.py
index d9a2c8c8..a3105305 100644
--- a/src/vr/db_models/updates.py
+++ b/src/vr/db_models/updates.py
@@ -85,11 +85,11 @@ def createNewTables(app):
             if app.config['RUNTIME_ENV'] == 'test':
                 if i['type'] == 'VARCHAR':
                     var_stmt = f"VARCHAR({i['char_num']})"
-                sql = "ALTER TABLE AppConfig ADD COLUMN" + i['name'] + var_stmt
+                sql = "ALTER TABLE AppConfig ADD COLUMN " + i['name'] + " " + var_stmt
             else:
                 if i['type'] == 'VARCHAR':
                     var_stmt = "TEXT"
-                sql = "ALTER TABLE AppConfig ADD COLUMN" + i['name'] + var_stmt
+                sql = "ALTER TABLE AppConfig ADD COLUMN " + i['name'] + " " + var_stmt
             cur.execute(sql)
             db.commit()
 

From fa8075437fd0be26df3f1d8469966281b32cef32 Mon Sep 17 00:00:00 2001
From: bkaiserinfosec <49665796+bkaiserinfosec@users.noreply.github.com>
Date: Mon, 18 Mar 2024 07:36:08 -0700
Subject: [PATCH 09/14] Update updates.py

---
 src/vr/db_models/updates.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/vr/db_models/updates.py b/src/vr/db_models/updates.py
index a3105305..f1e28b1b 100644
--- a/src/vr/db_models/updates.py
+++ b/src/vr/db_models/updates.py
@@ -42,6 +42,7 @@ def createNewTables(app):
         else:
             fields.append(i[0])
     new_fields = [
+        {"name": "settings_initialized", "type": "BOOLEAN", "default": 0},
         {"name": "APP_EXT_URL", "type": "VARCHAR", "char_num": 200},
         {"name": "AUTH_TYPE", "type": "VARCHAR", "char_num": 200},
         {"name": "AZAD_AUTHORITY", "type": "VARCHAR", "char_num": 200},
@@ -85,10 +86,14 @@ def createNewTables(app):
             if app.config['RUNTIME_ENV'] == 'test':
                 if i['type'] == 'VARCHAR':
                     var_stmt = f"VARCHAR({i['char_num']})"
+                elif i['type'] == 'BOOLEAN':
+                    var_stmt = f"BOOLEAN DEFAULT {i['default']}"
                 sql = "ALTER TABLE AppConfig ADD COLUMN " + i['name'] + " " + var_stmt
             else:
                 if i['type'] == 'VARCHAR':
                     var_stmt = "TEXT"
+                elif i['type'] == 'BOOLEAN':
+                    var_stmt = f"BOOLEAN DEFAULT {i['default']}"
                 sql = "ALTER TABLE AppConfig ADD COLUMN " + i['name'] + " " + var_stmt
             cur.execute(sql)
             db.commit()

From 7db0df8feb1932dfb4119a86a90ff5c5db558381 Mon Sep 17 00:00:00 2001
From: bkaiserinfosec <49665796+bkaiserinfosec@users.noreply.github.com>
Date: Tue, 19 Mar 2024 19:12:02 -0700
Subject: [PATCH 10/14] Update settings.py

---
 src/vr/admin/routes/settings.py | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/src/vr/admin/routes/settings.py b/src/vr/admin/routes/settings.py
index a3125e54..fea3e3b5 100644
--- a/src/vr/admin/routes/settings.py
+++ b/src/vr/admin/routes/settings.py
@@ -44,7 +44,7 @@ def settings():
                 AppConfig.AZAD_CLIENT_ID: all["AZAD_CLIENT_ID"],
                 AppConfig.AZAD_CLIENT_SECRET: all["AZAD_CLIENT_SECRET"],
                 AppConfig.AZURE_KEYVAULT_NAME: all["AZURE_KEYVAULT_NAME"],
-                AppConfig.ENV: all["ENV"],
+                AppConfig.ENV: ENV,
                 AppConfig.INSECURE_OAUTH: all["INSECURE_OAUTH"],
                 AppConfig.JENKINS_HOST: all["JENKINS_HOST"],
                 AppConfig.JENKINS_KEY: all["JENKINS_KEY"],
@@ -71,7 +71,7 @@ def settings():
                 AppConfig.SNOW_INSTANCE_NAME: all["SNOW_INSTANCE_NAME"],
                 AppConfig.SNOW_PASSWORD: all["SNOW_PASSWORD"],
                 AppConfig.SNOW_USERNAME: all["SNOW_USERNAME"],
-                AppConfig.VERSION: all["VERSION"],
+                AppConfig.VERSION: VERSION,
             }
         if not app_config.settings_initialized:
             update_json[AppConfig.settings_initialized] = True
@@ -88,7 +88,7 @@ def settings():
             "AZAD_CLIENT_ID": all["AZAD_CLIENT_ID"],
             "AZAD_CLIENT_SECRET": all["AZAD_CLIENT_SECRET"],
             "AZURE_KEYVAULT_NAME": all["AZURE_KEYVAULT_NAME"],
-            "ENV": all["ENV"],
+            "ENV": ENV,
             "INSECURE_OAUTH": all["INSECURE_OAUTH"],
             "JENKINS_HOST": all["JENKINS_HOST"],
             "JENKINS_KEY": all["JENKINS_KEY"],
@@ -115,7 +115,7 @@ def settings():
             "SNOW_INSTANCE_NAME": all["SNOW_INSTANCE_NAME"],
             "SNOW_PASSWORD": all["SNOW_PASSWORD"],
             "SNOW_USERNAME": all["SNOW_USERNAME"],
-            "VERSION": all["VERSION"],
+            "VERSION": VERSION,
         }
     else:
         app_config = AppConfig.query.first()
@@ -257,7 +257,7 @@ def set_env_variables(form):
     os.environ['AZAD_CLIENT_ID'] = form["AZAD_CLIENT_ID"]
     os.environ['AZAD_CLIENT_SECRET'] = form["AZAD_CLIENT_SECRET"]
     os.environ['AZURE_KEYVAULT_NAME'] = form["AZURE_KEYVAULT_NAME"]
-    os.environ['ENV'] = form["ENV"]
+    os.environ['ENV'] = ENV
     os.environ['INSECURE_OAUTH'] = form["INSECURE_OAUTH"]
     os.environ['JENKINS_ENABLED'] = form["JENKINS_ENABLED"]
     os.environ['JENKINS_HOST'] = form["JENKINS_HOST"]
@@ -286,7 +286,7 @@ def set_env_variables(form):
     os.environ['SNOW_INSTANCE_NAME'] = form["SNOW_INSTANCE_NAME"]
     os.environ['SNOW_PASSWORD'] = form["SNOW_PASSWORD"]
     os.environ['SNOW_USERNAME'] = form["SNOW_USERNAME"]
-    os.environ['VERSION'] = form["VERSION"]
+    os.environ['VERSION'] = VERSION
 
 
 @admin.route('/dangerous/delete_all', methods=['POST'])

From 1e5bddf41c725c48117442ce88cd6b6b365f46a3 Mon Sep 17 00:00:00 2001
From: bkaiserinfosec <49665796+bkaiserinfosec@users.noreply.github.com>
Date: Fri, 22 Mar 2024 07:48:03 -0700
Subject: [PATCH 11/14] update to settings update without restart

---
 src/config_engine.py                      | 430 +++++++++++-----------
 src/vr/__init__.py                        | 102 +++--
 src/vr/admin/auth_functions.py            |   4 +-
 src/vr/admin/email_alerts.py              |   8 +-
 src/vr/admin/models.py                    |   9 +-
 src/vr/admin/routes/forgotpw.py           |   3 +-
 src/vr/admin/routes/forgotun.py           |   3 +-
 src/vr/admin/routes/login.py              |  15 +-
 src/vr/admin/routes/logout.py             |   6 +-
 src/vr/admin/routes/register.py           |   3 +-
 src/vr/admin/routes/settings.py           | 130 ++++---
 src/vr/admin/routes/users.py              |   3 +-
 src/vr/api/integrations/servicenow.py     |  13 +-
 src/vr/api/vulns/jenkins_webhook.py       |   6 +-
 src/vr/api/vulns/vulnerabilities.py       |   3 +-
 src/vr/db_models/setup.py                 |   9 +-
 src/vr/db_models/setup_2.py               |   4 +-
 src/vr/orchestration/web/pipeline_jobs.py |   7 +-
 src/vr/templates/admin/settings.html      |  12 +-
 src/vr/vulns/web/findings.py              |   3 +-
 src/vr/vulns/web/testing.py               |   8 +-
 21 files changed, 420 insertions(+), 361 deletions(-)

diff --git a/src/config_engine.py b/src/config_engine.py
index 07400d06..7ee859ad 100644
--- a/src/config_engine.py
+++ b/src/config_engine.py
@@ -14,98 +14,229 @@
 from settings import SET_SNOW_INSTANCE_NAME, SET_SNOW_CLIENT_ID, SET_SNOW_CLIENT_SECRET, SET_SNOW_USERNAME, SET_SNOW_PASSWORD, SET_SNOW_CLIENT_SECRET_REF, SET_SNOW_PASSWORD_REF
 
 
-VERSION = '0.1.0-beta'
-
-if os.getenv('AZURE_KEYVAULT_NAME'):
-    AZURE_KEYVAULT_NAME = os.getenv('AZURE_KEYVAULT_NAME')
-else:
-    AZURE_KEYVAULT_NAME = SET_AZURE_KEYVAULT_NAME
-
-if os.getenv('AUTH_TYPE'):
-    AUTH_TYPE = os.getenv('AUTH_TYPE')
-else:
-    AUTH_TYPE = SET_AUTH_TYPE
-
-if os.getenv('INSECURE_OAUTH'):
-    INSECURE_OAUTH = os.getenv('INSECURE_OAUTH')
-else:
-    INSECURE_OAUTH = SET_INSECURE_OAUTH
-
-if INSECURE_OAUTH:
-    os.environ['AUTHLIB_INSECURE_TRANSPORT'] = '1'
-
-if os.getenv('APP_EXT_URL'):
-    APP_EXT_URL = os.getenv('APP_EXT_URL')
-else:
-    APP_EXT_URL = SET_APP_EXT_URL
-
-if os.getenv('SMTP_HOST'):
-    SMTP_HOST = os.getenv('SMTP_HOST')
-else:
-    SMTP_HOST = SET_SMTP_HOST
-
-if os.getenv('SMTP_USER'):
-    SMTP_USER = os.getenv('SMTP_USER')
-else:
-    SMTP_USER = SET_SMTP_USER
-
-if os.getenv('SMTP_ADMIN_EMAIL'):
-    SMTP_ADMIN_EMAIL = os.getenv('SMTP_ADMIN_EMAIL')
-else:
-    SMTP_ADMIN_EMAIL = SET_SMTP_ADMIN_EMAIL
-
-if os.getenv('LDAP_HOST'):
-    LDAP_HOST = os.getenv('LDAP_HOST')
-else:
-    LDAP_HOST = SET_LDAP_HOST
-
-if os.getenv('LDAP_PORT'):
-    LDAP_PORT = os.getenv('LDAP_PORT')
-else:
-    LDAP_PORT = SET_LDAP_PORT
-
-if os.getenv('LDAP_BASE_DN'):
-    LDAP_BASE_DN = os.getenv('LDAP_BASE_DN')
-else:
-    LDAP_BASE_DN = SET_LDAP_BASE_DN
-
-if os.getenv('LDAP_USER_DN'):
-    LDAP_USER_DN = os.getenv('LDAP_USER_DN')
-else:
-    LDAP_USER_DN = SET_LDAP_USER_DN
-
-if os.getenv('LDAP_GROUP_DN'):
-    LDAP_GROUP_DN = os.getenv('LDAP_GROUP_DN')
-else:
-    LDAP_GROUP_DN = SET_LDAP_GROUP_DN
-
-if os.getenv('LDAP_USER_RDN_ATTR'):
-    LDAP_USER_RDN_ATTR = os.getenv('LDAP_USER_RDN_ATTR')
-else:
-    LDAP_USER_RDN_ATTR = SET_LDAP_USER_RDN_ATTR
-
-if os.getenv('LDAP_USER_LOGIN_ATTR'):
-    LDAP_USER_LOGIN_ATTR = os.getenv('LDAP_USER_LOGIN_ATTR')
-else:
-    LDAP_USER_LOGIN_ATTR = SET_LDAP_USER_LOGIN_ATTR
-
-if os.getenv('LDAP_BIND_USER_DN'):
-    LDAP_BIND_USER_DN = os.getenv('LDAP_BIND_USER_DN')
-else:
-    LDAP_BIND_USER_DN = SET_LDAP_BIND_USER_DN
-
-if os.getenv('LDAP_BIND_USER_PASSWORD'):
-    LDAP_BIND_USER_PASSWORD = os.getenv('LDAP_BIND_USER_PASSWORD')
-else:
-    LDAP_BIND_USER_PASSWORD = SET_LDAP_BIND_USER_PASSWORD
+def getConfigs(config):
+    config['TEST_SETTING'] = 'set'
+
+    config['VERSION'] = '0.1.0-beta'
+
+    if os.getenv('AZURE_KEYVAULT_NAME'):
+        config['AZURE_KEYVAULT_NAME'] = os.getenv('AZURE_KEYVAULT_NAME')
+    else:
+        config['AZURE_KEYVAULT_NAME'] = SET_AZURE_KEYVAULT_NAME
+
+    if os.getenv('AUTH_TYPE'):
+        config['AUTH_TYPE'] = os.getenv('AUTH_TYPE')
+    else:
+        config['AUTH_TYPE'] = SET_AUTH_TYPE
+
+    if os.getenv('INSECURE_OAUTH'):
+        config['INSECURE_OAUTH'] = os.getenv('INSECURE_OAUTH')
+    else:
+        config['INSECURE_OAUTH'] = SET_INSECURE_OAUTH
+
+    if config['INSECURE_OAUTH']:
+        os.environ['AUTHLIB_INSECURE_TRANSPORT'] = '1'
+
+    if os.getenv('APP_EXT_URL'):
+        config['APP_EXT_URL'] = os.getenv('APP_EXT_URL')
+    else:
+        config['APP_EXT_URL'] = SET_APP_EXT_URL
+
+    if os.getenv('SMTP_HOST'):
+        config['SMTP_HOST'] = os.getenv('SMTP_HOST')
+    else:
+        config['SMTP_HOST'] = SET_SMTP_HOST
+
+    if os.getenv('SMTP_USER'):
+        config['SMTP_USER'] = os.getenv('SMTP_USER')
+    else:
+        config['SMTP_USER'] = SET_SMTP_USER
+
+    if os.getenv('SMTP_ADMIN_EMAIL'):
+        config['SMTP_ADMIN_EMAIL'] = os.getenv('SMTP_ADMIN_EMAIL')
+    else:
+        config['SMTP_ADMIN_EMAIL'] = SET_SMTP_ADMIN_EMAIL
+
+    if os.getenv('LDAP_HOST'):
+        config['LDAP_HOST'] = os.getenv('LDAP_HOST')
+    else:
+        config['LDAP_HOST'] = SET_LDAP_HOST
+
+    if os.getenv('LDAP_PORT'):
+        config['LDAP_PORT'] = os.getenv('LDAP_PORT')
+    else:
+        config['LDAP_PORT'] = SET_LDAP_PORT
+
+    if os.getenv('LDAP_BASE_DN'):
+        config['LDAP_BASE_DN'] = os.getenv('LDAP_BASE_DN')
+    else:
+        config['LDAP_BASE_DN'] = SET_LDAP_BASE_DN
+
+    if os.getenv('LDAP_USER_DN'):
+        config['LDAP_USER_DN'] = os.getenv('LDAP_USER_DN')
+    else:
+        config['LDAP_USER_DN'] = SET_LDAP_USER_DN
+
+    if os.getenv('LDAP_GROUP_DN'):
+        config['LDAP_GROUP_DN'] = os.getenv('LDAP_GROUP_DN')
+    else:
+        config['LDAP_GROUP_DN'] = SET_LDAP_GROUP_DN
+
+    if os.getenv('LDAP_USER_RDN_ATTR'):
+        config['LDAP_USER_RDN_ATTR'] = os.getenv('LDAP_USER_RDN_ATTR')
+    else:
+        config['LDAP_USER_RDN_ATTR'] = SET_LDAP_USER_RDN_ATTR
+
+    if os.getenv('LDAP_USER_LOGIN_ATTR'):
+        config['LDAP_USER_LOGIN_ATTR'] = os.getenv('LDAP_USER_LOGIN_ATTR')
+    else:
+        config['LDAP_USER_LOGIN_ATTR'] = SET_LDAP_USER_LOGIN_ATTR
+
+    if os.getenv('LDAP_BIND_USER_DN'):
+        config['LDAP_BIND_USER_DN'] = os.getenv('LDAP_BIND_USER_DN')
+    else:
+        config['LDAP_BIND_USER_DN'] = SET_LDAP_BIND_USER_DN
+
+    if os.getenv('LDAP_BIND_USER_PASSWORD'):
+        config['LDAP_BIND_USER_PASSWORD'] = os.getenv('LDAP_BIND_USER_PASSWORD')
+    else:
+        config['LDAP_BIND_USER_PASSWORD'] = SET_LDAP_BIND_USER_PASSWORD
+
+    ## CORE Config Variables ##
+    if os.getenv('ENV'):
+        config['ENV'] = os.getenv('ENV')
+    else:
+        config['ENV'] = SET_ENV
+
+    if config['ENV'] == 'prod':
+        if os.getenv('PROD_DB_URI_REF'):
+            config['PROD_DB_URI'] = KeyVaultManager(config).get_secret(os.getenv('PROD_DB_URI_REF'))
+        else:
+            config['PROD_DB_URI'] = KeyVaultManager(config).get_secret(SET_PROD_DB_URI_REF)
+    else:
+        config['PROD_DB_URI'] = SET_PROD_DB_URI
+
+    if config['AUTH_TYPE'] == 'azuread':
+        if os.getenv('AZAD_CLIENT_ID'):
+            config['AZAD_CLIENT_ID'] = os.getenv('AZAD_CLIENT_ID')
+        else:
+            config['AZAD_CLIENT_ID'] = SET_AZAD_CLIENT_ID
+        if os.getenv('AZAD_CLIENT_SECRET'):
+            config['AZAD_CLIENT_SECRET'] = KeyVaultManager(config).get_secret(os.getenv('AZAD_CLIENT_SECRET'))
+        else:
+            config['AZAD_CLIENT_SECRET'] = KeyVaultManager(config).get_secret(SET_AZAD_CLIENT_SECRET)
+        if os.getenv('AZAD_AUTHORITY'):
+            config['AZAD_AUTHORITY'] = os.getenv('AZAD_AUTHORITY')
+        else:
+            config['AZAD_AUTHORITY'] = SET_AZAD_AUTHORITY
+    else:
+        config['AZAD_CLIENT_ID'] = ""
+        config['AZAD_CLIENT_SECRET'] = ""
+        config['AZAD_AUTHORITY'] = ""
+
+    ## Email Variables ##
+    if config['ENV'] == 'prod':
+        if os.getenv('SMTP_PW_REF'):
+            config['SMTP_PASSWORD'] = KeyVaultManager(config).get_secret(os.getenv('SMTP_PW_REF'))
+        else:
+            config['SMTP_PASSWORD'] = KeyVaultManager(config).get_secret(SET_SMTP_PW_REF)
+    else:
+        config['SMTP_PASSWORD'] = SET_SMTP_PW
+
+    ##
+    ## GitHub to Jenkins Webhook ##
+    if os.getenv('JENKINS_ENABLED'):
+        config['JENKINS_ENABLED'] = os.getenv('JENKINS_ENABLED')
+    else:
+        config['JENKINS_ENABLED'] = SET_JENKINS_ENABLED
+    if config['JENKINS_ENABLED'] == 'yes':
+        if config['ENV'] == 'prod':
+            if os.getenv('JENKINS_USER'):
+                config['JENKINS_USER'] = KeyVaultManager(config).get_secret(os.getenv('JENKINS_USER'))
+            else:
+                config['JENKINS_USER'] = KeyVaultManager(config).get_secret(SET_JENKINS_USER_REF)
+            if os.getenv('JENKINS_KEY'):
+                config['JENKINS_KEY'] = KeyVaultManager(config).get_secret(os.getenv('JENKINS_KEY'))
+            else:
+                config['JENKINS_KEY'] = KeyVaultManager(config).get_secret(SET_JENKINS_KEY_REF)
+            if os.getenv('JENKINS_TOKEN'):
+                config['JENKINS_TOKEN'] = KeyVaultManager(config).get_secret(os.getenv('JENKINS_TOKEN'))
+            else:
+                config['JENKINS_TOKEN'] = KeyVaultManager(config).get_secret(SET_JENKINS_TOKEN_REF)
+        else:
+            config['JENKINS_USER'] = SET_JENKINS_USER
+            config['JENKINS_KEY'] = SET_JENKINS_KEY
+            config['JENKINS_TOKEN'] = SET_JENKINS_TOKEN
+
+        if os.getenv('JENKINS_PROJECT'):
+            config['JENKINS_PROJECT'] = os.getenv('JENKINS_PROJECT')
+        else:
+            config['JENKINS_PROJECT'] = SET_JENKINS_PROJECT
+
+        if os.getenv('JENKINS_HOST'):
+            config['JENKINS_HOST'] = os.getenv('JENKINS_HOST')
+        else:
+            config['JENKINS_HOST'] = SET_JENKINS_HOST
+
+        if os.getenv('JENKINS_STAGING_PROJECT'):
+            config['JENKINS_STAGING_PROJECT'] = os.getenv('JENKINS_STAGING_PROJECT')
+        else:
+            config['JENKINS_STAGING_PROJECT'] = SET_JENKINS_STAGING_PROJECT
+    else:
+        config['JENKINS_USER'] = ""
+        config['JENKINS_KEY'] = ""
+        config['JENKINS_TOKEN'] = ""
+        config['JENKINS_PROJECT'] = ""
+        config['JENKINS_HOST'] = ""
+        config['JENKINS_STAGING_PROJECT'] = ""
+
+    ## ServiceNOW Integration
+    if os.getenv('SNOW_ENABLED'):
+        config['SNOW_ENABLED'] = os.getenv('SNOW_ENABLED')
+    else:
+        config['SNOW_ENABLED'] = SET_SNOW_ENABLED
+    if config['SNOW_ENABLED'] == 'yes':
+        if config['ENV'] == 'prod':
+            if os.getenv('SNOW_PASSWORD'):
+                config['SNOW_PASSWORD'] = KeyVaultManager(config).get_secret(os.getenv('SNOW_PASSWORD'))
+            else:
+                config['SNOW_PASSWORD'] = KeyVaultManager(config).get_secret(SET_SNOW_PASSWORD_REF)
+            if os.getenv('SNOW_CLIENT_SECRET'):
+                config['SNOW_CLIENT_SECRET'] = KeyVaultManager(config).get_secret(os.getenv('SNOW_CLIENT_SECRET'))
+            else:
+                config['SNOW_CLIENT_SECRET'] = KeyVaultManager(config).get_secret(SET_SNOW_CLIENT_SECRET_REF)
+            if os.getenv('SNOW_INSTANCE_NAME'):
+                config['SNOW_INSTANCE_NAME'] = os.getenv('SNOW_INSTANCE_NAME')
+            else:
+                config['SNOW_INSTANCE_NAME'] = SET_SNOW_INSTANCE_NAME
+            if os.getenv('SNOW_CLIENT_ID'):
+                config['SNOW_CLIENT_ID'] = os.getenv('SNOW_CLIENT_ID')
+            else:
+                config['SNOW_CLIENT_ID'] = SET_SNOW_CLIENT_ID
+            if os.getenv('SNOW_USERNAME'):
+                config['SNOW_USERNAME'] = os.getenv('SNOW_USERNAME')
+            else:
+                config['SNOW_USERNAME'] = SET_SNOW_USERNAME
+        else:
+            config['SNOW_PASSWORD'] = SET_SNOW_PASSWORD
+            config['SNOW_CLIENT_SECRET'] = SET_SNOW_CLIENT_SECRET
+            config['SNOW_INSTANCE_NAME'] = SET_SNOW_INSTANCE_NAME
+            config['SNOW_CLIENT_ID'] = SET_SNOW_CLIENT_ID
+            config['SNOW_USERNAME'] = SET_SNOW_USERNAME
+    else:
+        config['SNOW_PASSWORD'] = ""
+        config['SNOW_CLIENT_SECRET'] = ""
+        config['SNOW_INSTANCE_NAME'] = ""
+        config['SNOW_CLIENT_ID'] = ""
+        config['SNOW_USERNAME'] = ""
 
 
 class KeyVaultManager(object):
-    def __init__(self):
+    def __init__(self, config=None):
         if os.getenv('AZURE_KEYVAULT_NAME'):
             key_vault_uri = f"https://{os.getenv('AZURE_KEYVAULT_NAME')}.vault.azure.net"
         else:
-            key_vault_uri = f"https://{AZURE_KEYVAULT_NAME}.vault.azure.net"
+            key_vault_uri = f"https://{config['AZURE_KEYVAULT_NAME']}.vault.azure.net"
         if os.getenv('AZURE_AUTH_METHOD'):
             if os.getenv('AZURE_AUTH_METHOD') == 'env':
                 self.credential = EnvironmentCredential(
@@ -162,130 +293,3 @@ def delete_cert(self, secret_name):
         return deleted_secret
 
 
-## CORE Config Variables ##
-if os.getenv('ENV'):
-    ENV = os.getenv('ENV')
-else:
-    ENV = SET_ENV
-
-if ENV == 'prod':
-    if os.getenv('PROD_DB_URI_REF'):
-        PROD_DB_URI = KeyVaultManager().get_secret(os.getenv('PROD_DB_URI_REF'))
-    else:
-        PROD_DB_URI = KeyVaultManager().get_secret(SET_PROD_DB_URI_REF)
-else:
-    PROD_DB_URI = SET_PROD_DB_URI
-
-if AUTH_TYPE == 'azuread':
-    if os.getenv('AZAD_CLIENT_ID'):
-        AZAD_CLIENT_ID = os.getenv('AZAD_CLIENT_ID')
-    else:
-        AZAD_CLIENT_ID = SET_AZAD_CLIENT_ID
-    if os.getenv('AZAD_CLIENT_SECRET'):
-        AZAD_CLIENT_SECRET = KeyVaultManager().get_secret(os.getenv('AZAD_CLIENT_SECRET'))
-    else:
-        AZAD_CLIENT_SECRET = KeyVaultManager().get_secret(SET_AZAD_CLIENT_SECRET)
-    if os.getenv('AZAD_AUTHORITY'):
-        AZAD_AUTHORITY = os.getenv('AZAD_AUTHORITY')
-    else:
-        AZAD_AUTHORITY = SET_AZAD_AUTHORITY
-else:
-    AZAD_CLIENT_ID = ""
-    AZAD_CLIENT_SECRET = ""
-    AZAD_AUTHORITY = ""
-
-## Email Variables ##
-if ENV == 'prod':
-    if os.getenv('SMTP_PW_REF'):
-        SMTP_PASSWORD = KeyVaultManager().get_secret(os.getenv('SMTP_PW_REF'))
-    else:
-        SMTP_PASSWORD = KeyVaultManager().get_secret(SET_SMTP_PW_REF)
-else:
-    SMTP_PASSWORD = SET_SMTP_PW
-
-##
-## GitHub to Jenkins Webhook ##
-if os.getenv('JENKINS_ENABLED'):
-    JENKINS_ENABLED = os.getenv('JENKINS_ENABLED')
-else:
-    JENKINS_ENABLED = SET_JENKINS_ENABLED
-if JENKINS_ENABLED == 'yes':
-    if ENV == 'prod':
-        if os.getenv('JENKINS_USER'):
-            JENKINS_USER = KeyVaultManager().get_secret(os.getenv('JENKINS_USER'))
-        else:
-            JENKINS_USER = KeyVaultManager().get_secret(SET_JENKINS_USER_REF)
-        if os.getenv('JENKINS_KEY'):
-            JENKINS_KEY = KeyVaultManager().get_secret(os.getenv('JENKINS_KEY'))
-        else:
-            JENKINS_KEY = KeyVaultManager().get_secret(SET_JENKINS_KEY_REF)
-        if os.getenv('JENKINS_TOKEN'):
-            JENKINS_TOKEN = KeyVaultManager().get_secret(os.getenv('JENKINS_TOKEN'))
-        else:
-            JENKINS_TOKEN = KeyVaultManager().get_secret(SET_JENKINS_TOKEN_REF)
-    else:
-        JENKINS_USER = SET_JENKINS_USER
-        JENKINS_KEY = SET_JENKINS_KEY
-        JENKINS_TOKEN = SET_JENKINS_TOKEN
-
-    if os.getenv('JENKINS_PROJECT'):
-        JENKINS_PROJECT = os.getenv('JENKINS_PROJECT')
-    else:
-        JENKINS_PROJECT = SET_JENKINS_PROJECT
-
-    if os.getenv('JENKINS_HOST'):
-        JENKINS_HOST = os.getenv('JENKINS_HOST')
-    else:
-        JENKINS_HOST = SET_JENKINS_HOST
-
-    if os.getenv('JENKINS_STAGING_PROJECT'):
-        JENKINS_STAGING_PROJECT = os.getenv('JENKINS_STAGING_PROJECT')
-    else:
-        JENKINS_STAGING_PROJECT = SET_JENKINS_STAGING_PROJECT
-else:
-    JENKINS_USER = ""
-    JENKINS_KEY = ""
-    JENKINS_TOKEN = ""
-    JENKINS_PROJECT = ""
-    JENKINS_HOST = ""
-    JENKINS_STAGING_PROJECT = ""
-
-## ServiceNOW Integration
-if os.getenv('SNOW_ENABLED'):
-    SNOW_ENABLED = os.getenv('SNOW_ENABLED')
-else:
-    SNOW_ENABLED = SET_SNOW_ENABLED
-if SNOW_ENABLED == 'yes':
-    if ENV == 'prod':
-        if os.getenv('SNOW_PASSWORD'):
-            SNOW_PASSWORD = KeyVaultManager().get_secret(os.getenv('SNOW_PASSWORD'))
-        else:
-            SNOW_PASSWORD = KeyVaultManager().get_secret(SET_SNOW_PASSWORD_REF)
-        if os.getenv('SNOW_CLIENT_SECRET'):
-            SNOW_CLIENT_SECRET = KeyVaultManager().get_secret(os.getenv('SNOW_CLIENT_SECRET'))
-        else:
-            SNOW_CLIENT_SECRET = KeyVaultManager().get_secret(SET_SNOW_CLIENT_SECRET_REF)
-        if os.getenv('SNOW_INSTANCE_NAME'):
-            SNOW_INSTANCE_NAME = os.getenv('SNOW_INSTANCE_NAME')
-        else:
-            SNOW_INSTANCE_NAME = SET_SNOW_INSTANCE_NAME
-        if os.getenv('SNOW_CLIENT_ID'):
-            SNOW_CLIENT_ID = os.getenv('SNOW_CLIENT_ID')
-        else:
-            SNOW_CLIENT_ID = SET_SNOW_CLIENT_ID
-        if os.getenv('SNOW_USERNAME'):
-            SNOW_USERNAME = os.getenv('SNOW_USERNAME')
-        else:
-            SNOW_USERNAME = SET_SNOW_USERNAME
-    else:
-        SNOW_PASSWORD = SET_SNOW_PASSWORD
-        SNOW_CLIENT_SECRET = SET_SNOW_CLIENT_SECRET
-        SNOW_INSTANCE_NAME = SET_SNOW_INSTANCE_NAME
-        SNOW_CLIENT_ID = SET_SNOW_CLIENT_ID
-        SNOW_USERNAME = SET_SNOW_USERNAME
-else:
-    SNOW_PASSWORD = ""
-    SNOW_CLIENT_SECRET = ""
-    SNOW_INSTANCE_NAME = ""
-    SNOW_CLIENT_ID = ""
-    SNOW_USERNAME = ""
diff --git a/src/vr/__init__.py b/src/vr/__init__.py
index 42a86ea1..2f3ccf73 100644
--- a/src/vr/__init__.py
+++ b/src/vr/__init__.py
@@ -1,8 +1,6 @@
 import datetime
 import requests
-from config_engine import ENV, PROD_DB_URI, AUTH_TYPE, APP_EXT_URL, LDAP_HOST, LDAP_PORT, LDAP_BASE_DN, \
-    LDAP_USER_DN, LDAP_GROUP_DN, LDAP_USER_RDN_ATTR, LDAP_USER_LOGIN_ATTR, LDAP_BIND_USER_DN, LDAP_BIND_USER_PASSWORD, \
-    AZAD_CLIENT_ID, AZAD_CLIENT_SECRET, AZAD_AUTHORITY, JENKINS_USER, JENKINS_ENABLED
+from config_engine import getConfigs
 from flask import Flask
 from flask_bootstrap import Bootstrap
 from flask_login import LoginManager
@@ -11,8 +9,7 @@
 from flask_wtf.csrf import CSRFProtect
 from flaskext.markdown import Markdown
 from vr.db_models.setup import _init_db
-if AUTH_TYPE == 'ldap':
-    from flask_ldap3_login import LDAP3LoginManager
+
 import base64
 import logging
 import sys
@@ -31,48 +28,41 @@
 from requests.auth import HTTPBasicAuth
 from vr.db_models.updates import createNewTables
 
-if AUTH_TYPE == 'azuread':
+
+app = Flask(__name__)
+
+getConfigs(app.config)
+
+if app.config['AUTH_TYPE'] == 'azuread':
     from flask_session import Session
     import msal
     from flask import session, url_for
 
+if app.config['AUTH_TYPE'] == 'ldap':
+    from flask_ldap3_login import LDAP3LoginManager
 
-app = Flask(__name__)
 moment = Moment(app)
 Markdown(app)
 csrf = CSRFProtect(app)
 
-app.config['APP_EXT_URL'] = APP_EXT_URL
-
-app.config['RUNTIME_ENV'] = ENV
+app.config['RUNTIME_ENV'] = app.config['ENV']
 if app.config['RUNTIME_ENV'] == 'test':
     DB_URI = 'sqlite:///database.db'
     import sqlite3
 else:
-    DB_URI = PROD_DB_URI
+    DB_URI = app.config['PROD_DB_URI']
     import mysql.connector
 
 app.config['SQLALCHEMY_DATABASE_URI'] = DB_URI
 app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False
 
-if AUTH_TYPE == 'ldap':
-    # LDAP Configuration
-    app.config['LDAP_HOST'] = LDAP_HOST
-    app.config['LDAP_PORT'] = LDAP_PORT
-    app.config['LDAP_BASE_DN'] = LDAP_BASE_DN
-    app.config['LDAP_USER_DN'] = LDAP_USER_DN
-    app.config['LDAP_GROUP_DN'] = LDAP_GROUP_DN
-    app.config['LDAP_USER_RDN_ATTR'] = LDAP_USER_RDN_ATTR
-    app.config['LDAP_USER_LOGIN_ATTR'] = LDAP_USER_LOGIN_ATTR
-    app.config['LDAP_BIND_USER_DN'] = LDAP_BIND_USER_DN
-    app.config['LDAP_BIND_USER_PASSWORD'] = LDAP_BIND_USER_PASSWORD
-
+if app.config['AUTH_TYPE'] == 'ldap':
     # Flask-LDAP3-Login Manager
     ldap_manager = LDAP3LoginManager(app)
-elif AUTH_TYPE == 'azuread':
-    app.config['CLIENT_ID'] = AZAD_CLIENT_ID
-    app.config['CLIENT_SECRET'] = AZAD_CLIENT_SECRET
-    app.config['AUTHORITY'] = AZAD_AUTHORITY
+elif app.config['AUTH_TYPE'] == 'azuread':
+    app.config['CLIENT_ID'] = app.config['AZAD_CLIENT_ID']
+    app.config['CLIENT_SECRET'] = app.config['AZAD_CLIENT_SECRET']
+    app.config['AUTHORITY'] = app.config['AZAD_AUTHORITY']
     app.config['REDIRECT_PATH'] = "/getAToken"
     app.config['ENDPOINT'] = 'https://graph.microsoft.com/v1.0/me/memberOf'
     app.config['SCOPE'] = ["User.ReadBasic.All", "Group.Read.All", "Application.Read.All"]
@@ -151,7 +141,7 @@ def _get_token_from_cache(scope=None):
 app.register_blueprint(api)
 
 bootstrap = Bootstrap(app)
-if AUTH_TYPE == 'local' or AUTH_TYPE == 'azuread':
+if app.config['AUTH_TYPE'] == 'local' or app.config['AUTH_TYPE'] == 'azuread':
     login_manager.init_app(app)
     login_manager.login_view = 'admin.login'
 
@@ -162,9 +152,10 @@ def _get_token_from_cache(scope=None):
 app.logger.addHandler(stdout_handler)
 
 
+
 @app.template_filter('format_datetime')
 def format_datetime(value):
-    if ENV == 'test':
+    if app.config['ENV'] == 'test':
         try:
             formatted = datetime.datetime.strptime(value, "%Y-%m-%dT%H:%M:%S.%f")
         except:
@@ -185,6 +176,8 @@ def base64encode(value):
 createNewTables(app)
 
 ## Cronjob-like tasks section ##
+
+
 def train_model_every_six_hours():
     scheduler = BackgroundScheduler()
     scheduler.add_job(train_model, 'interval', hours=6)
@@ -220,6 +213,53 @@ def connect_to_db():
         cur = db.cursor()
         return cur, db
 
+def getPersistentConfig():
+    try:
+        cur, db = connect_to_db()
+        sql = 'SELECT * FROM AppConfig WHERE 1=1'
+        cur.execute(sql)
+        row = cur.fetchone()
+        if row[2]:
+            app.config['APP_EXT_URL'] = row[3]
+            app.config['AUTH_TYPE'] = row[4]
+            app.config['AZAD_AUTHORITY'] = row[5]
+            app.config['AZAD_CLIENT_ID'] = row[6]
+            app.config['AZAD_CLIENT_SECRET'] = row[7]
+            app.config['AZURE_KEYVAULT_NAME'] = row[8]
+            app.config['ENV'] = row[9]
+            app.config['INSECURE_OAUTH'] = row[10]
+            app.config['JENKINS_ENABLED'] = row[37]
+            app.config['JENKINS_HOST'] = row[11]
+            app.config['JENKINS_KEY'] = row[12]
+            app.config['JENKINS_PROJECT'] = row[13]
+            app.config['JENKINS_STAGING_PROJECT'] = row[14]
+            app.config['JENKINS_TOKEN'] = row[15]
+            app.config['JENKINS_USER'] = row[16]
+            app.config['LDAP_BASE_DN'] = row[17]
+            app.config['LDAP_BIND_USER_DN'] = row[18]
+            app.config['LDAP_BIND_USER_PASSWORD'] = row[19]
+            app.config['LDAP_GROUP_DN'] = row[20]
+            app.config['LDAP_HOST'] = row[21]
+            app.config['LDAP_PORT'] = row[22]
+            app.config['LDAP_USER_DN'] = row[23]
+            app.config['LDAP_USER_LOGIN_ATTR'] = row[24]
+            app.config['LDAP_USER_RDN_ATTR'] = row[25]
+            app.config['PROD_DB_URI'] = row[26]
+            app.config['SMTP_ADMIN_EMAIL'] = row[27]
+            app.config['SMTP_HOST'] = row[28]
+            app.config['SMTP_PASSWORD'] = row[29]
+            app.config['SMTP_USER'] = row[30]
+            app.config['SNOW_ENABLED'] = row[38]
+            app.config['SNOW_CLIENT_ID'] = row[31]
+            app.config['SNOW_CLIENT_SECRET'] = row[32]
+            app.config['SNOW_INSTANCE_NAME'] = row[33]
+            app.config['SNOW_PASSWORD'] = row[34]
+            app.config['SNOW_USERNAME'] = row[35]
+            app.config['VERSION'] = row[36]
+    except:
+        print('AppConfig Database table is either unreachable or not setup.')
+
+getPersistentConfig()
 
 def train_model():
     try:
@@ -337,7 +377,7 @@ def rsa_long_decrypt(priv_obj, msg, length=256):
 
 
 def get_jenkins_data():
-    user_check = JENKINS_USER
+    user_check = app.config['JENKINS_USER']
     if user_check != 'changeme':
         app.logger.info('Getting Jenkins Data')
         cur, db = connect_to_db()
@@ -452,5 +492,5 @@ def get_jenkins_data():
 
 # Call the Jobs Here #
 train_model_every_six_hours()
-if JENKINS_ENABLED == 'yes':
+if app.config['JENKINS_ENABLED'] == 'yes':
     get_jenkins_data_every_hour()
diff --git a/src/vr/admin/auth_functions.py b/src/vr/admin/auth_functions.py
index 20ddf7ca..885020c6 100644
--- a/src/vr/admin/auth_functions.py
+++ b/src/vr/admin/auth_functions.py
@@ -1,7 +1,7 @@
 import jwt
 from time import time
 from vr.functions.mysql_db import connect_to_db
-from config_engine import ENV
+from vr import app
 
 
 # Error handler
@@ -49,7 +49,7 @@ def create_api_key(user_id, otp_secret, expires_in=2592000):
 def verify_api_key(token):
     try:
         cur, db = connect_to_db()
-        if ENV == 'test':
+        if app.config['ENV'] == 'test':
             sql = 'SELECT oc.user_id, u.is_admin FROM oauth2_client oc JOIN oauth2_token ot ON oc.client_id=ot.client_id JOIN User u ON oc.user_id=u.id WHERE ot.id=?'
         else:
             sql = 'SELECT oc.user_id, u.is_admin FROM oauth2_client oc JOIN oauth2_token ot ON oc.client_id=ot.client_id JOIN User u ON oc.user_id=u.id WHERE ot.id=%s'
diff --git a/src/vr/admin/email_alerts.py b/src/vr/admin/email_alerts.py
index a1c48da3..698b5138 100644
--- a/src/vr/admin/email_alerts.py
+++ b/src/vr/admin/email_alerts.py
@@ -1,7 +1,7 @@
 import smtplib
 from email.mime import multipart
 from email.mime import text as mimetext
-from config_engine import SMTP_HOST, SMTP_USER, SMTP_PASSWORD, SMTP_ADMIN_EMAIL
+from vr import app
 
 
 def send_email(msg_fromaddr, msg_toaddr, msg_subject, msg_body):
@@ -11,9 +11,9 @@ def send_email(msg_fromaddr, msg_toaddr, msg_subject, msg_body):
     msg['To'] = msg_toaddr
     msg['Subject'] = msg_subject
     msg.attach(mimetext.MIMEText(message, 'html'))
-    server = smtplib.SMTP(SMTP_HOST)
+    server = smtplib.SMTP(app.config['SMTP_HOST'])
     server.starttls()
-    server.login(SMTP_USER, SMTP_PASSWORD)
+    server.login(app.config['SMTP_USER'], app.config['SMTP_PASSWORD'])
     server.ehlo()
     text = msg.as_string()
     server.sendmail(msg_fromaddr, msg_toaddr, text)
@@ -24,7 +24,7 @@ def send_registration_email(ext_url, username, first_name, last_name, token, ema
     msg_subject = "SecuSphere User Registration"
     msg_body = generate_registration_msg(ext_url, username, first_name, last_name, token)
     try:
-        send_email(SMTP_ADMIN_EMAIL, email_to, msg_subject, msg_body)
+        send_email(app.config['SMTP_ADMIN_EMAIL'], email_to, msg_subject, msg_body)
     except:
         return 'error'
 
diff --git a/src/vr/admin/models.py b/src/vr/admin/models.py
index 89785772..d5d5e4ad 100644
--- a/src/vr/admin/models.py
+++ b/src/vr/admin/models.py
@@ -3,7 +3,7 @@
 from flask_login import UserMixin
 from vr import db, app
 from vr.functions.mysql_db import connect_to_db
-from datetime import datetime, timedelta
+from datetime import datetime
 import jwt
 from vr.admin.helper_functions import hash_password,verify_password
 from vr.admin.functions import db_connection_handler
@@ -17,8 +17,7 @@
     OAuth2AuthorizationCodeMixin,
     OAuth2TokenMixin,
 )
-from config_engine import AUTH_TYPE
-if AUTH_TYPE == 'ldap':
+if app.config['AUTH_TYPE'] == 'ldap':
     from vr import ldap_manager
 
 if app.config['RUNTIME_ENV'] == 'test':
@@ -190,11 +189,11 @@ def verify_username_token(self, token, given_id):
         else:
             return
 
-if AUTH_TYPE == 'local' or AUTH_TYPE == 'azuread':
+if app.config['AUTH_TYPE'] == 'local' or app.config['AUTH_TYPE'] == 'azuread':
     @login_manager.user_loader
     def load_user(id):
         return User.query.get(int(id))
-elif AUTH_TYPE == 'ldap':
+elif app.config['AUTH_TYPE'] == 'ldap':
     # User Loader for LDAP
     @login_manager.user_loader
     def load_user(user_id):
diff --git a/src/vr/admin/routes/forgotpw.py b/src/vr/admin/routes/forgotpw.py
index 2d12cd59..f6d50228 100644
--- a/src/vr/admin/routes/forgotpw.py
+++ b/src/vr/admin/routes/forgotpw.py
@@ -6,7 +6,6 @@
 from vr.admin.email_alerts import send_email, generate_evnt_msg
 from vr.functions.timefunctions import return_datetime_now
 from vr.admin.helper_functions import hash_password
-from config_engine import SMTP_ADMIN_EMAIL
 from vr.admin.functions import db_connection_handler
 
 
@@ -32,7 +31,7 @@ def forgotpw():
                 action_list = [action]
                 st = 'n'
                 msg_body = generate_evnt_msg(msg_subject, now, evt_list, action_list, st)
-                msg_fromaddr = SMTP_ADMIN_EMAIL
+                msg_fromaddr = app.config['SMTP_ADMIN_EMAIL']
                 try:
                     send_email(msg_fromaddr, email, msg_subject, msg_body)
                     warnmsg = ('pwresetemail', 'success')
diff --git a/src/vr/admin/routes/forgotun.py b/src/vr/admin/routes/forgotun.py
index 80c52425..d8a0d2fa 100644
--- a/src/vr/admin/routes/forgotun.py
+++ b/src/vr/admin/routes/forgotun.py
@@ -5,7 +5,6 @@
 from vr.admin.models import User, LoginForm
 from vr.admin.email_alerts import send_email, generate_evnt_msg
 from vr.functions.timefunctions import return_datetime_now
-from config_engine import SMTP_ADMIN_EMAIL
 
 
 NAV_CAT= { "name": "Admin", "url": "admin.admin_dashboard"}
@@ -28,7 +27,7 @@ def forgotun():
                 action_list = [action]
                 st = 'n'
                 msg_body = generate_evnt_msg(msg_subject,now,evt_list,action_list,st)
-                msg_fromaddr = SMTP_ADMIN_EMAIL
+                msg_fromaddr = app.config['SMTP_ADMIN_EMAIL']
                 try:
                     send_email(msg_fromaddr, email, msg_subject, msg_body)
                     warnmsg = ('pwresetemail', 'success')
diff --git a/src/vr/admin/routes/login.py b/src/vr/admin/routes/login.py
index 9eed58a7..d7f641f1 100644
--- a/src/vr/admin/routes/login.py
+++ b/src/vr/admin/routes/login.py
@@ -8,10 +8,9 @@
 from vr.admin.models import User, LoginForm, AuthAttempts, AppConfig
 from vr.admin.functions import _auth_user, _entity_permissions_filter, _entity_page_permissions_filter, check_lockout, log_failed_attempt
 from vr.admin.functions import db_connection_handler
-from config_engine import AUTH_TYPE
-if AUTH_TYPE == 'ldap':
+if app.config['AUTH_TYPE'] == 'ldap':
     from flask_ldap3_login.forms import LDAPLoginForm
-elif AUTH_TYPE == 'azuread':
+elif app.config['AUTH_TYPE'] == 'azuread':
     import requests
     import msal
     from vr import _build_auth_code_flow, _load_cache, _save_cache, _build_msal_app, _get_token_from_cache
@@ -35,7 +34,7 @@ def login():
         return redirect(url_for('admin.register'))
     ad_auth_url = None
     warnmsg = ''
-    if AUTH_TYPE == 'local':
+    if app.config['AUTH_TYPE'] == 'local':
         if current_user.is_authenticated:
             flash('You are already logged in.', 'danger')
             return redirect(url_for('assets.all_applications'))
@@ -60,7 +59,7 @@ def login():
                 mfa_password = resp[2]
             # attempt to log the user in
             return _login_attempt(user, username, password, userid, form, mfa_password)
-    elif AUTH_TYPE == 'ldap':
+    elif app.config['AUTH_TYPE'] == 'ldap':
         form = LDAPLoginForm()
         if form.validate_on_submit():
             # Log the user in
@@ -71,15 +70,15 @@ def login():
             # Print the form errors
             print("Form validation failed with errors:", form.errors)
         return render_template(LDAP_LOGIN_TEMPLATE, form=form, errors=form.errors)
-    elif AUTH_TYPE == 'azuread':
+    elif app.config['AUTH_TYPE'] == 'azuread':
         form = LoginForm(request.form)
         session["flow"] = _build_auth_code_flow(scopes=app.config['SCOPE'])
         ad_auth_url = session["flow"]["auth_uri"]
     if form.errors:
         warnmsg = (form.errors, 'danger')
-    return render_template(LOGIN_TEMPLATE, form=form, warnmsg=warnmsg, auth_type=AUTH_TYPE, auth_url=ad_auth_url)
+    return render_template(LOGIN_TEMPLATE, form=form, warnmsg=warnmsg, auth_type=app.config['AUTH_TYPE'], auth_url=ad_auth_url)
 
-if AUTH_TYPE == 'azuread':
+if app.config['AUTH_TYPE'] == 'azuread':
     @app.route(app.config['REDIRECT_PATH'])  # Its absolute URL must match your app's redirect_uri set in AAD
     def authorized():
         try:
diff --git a/src/vr/admin/routes/logout.py b/src/vr/admin/routes/logout.py
index 218cd357..781302c9 100644
--- a/src/vr/admin/routes/logout.py
+++ b/src/vr/admin/routes/logout.py
@@ -1,20 +1,20 @@
 from flask_login import logout_user, login_required
 from flask import session, redirect, url_for
 from vr.admin import admin
-from config_engine import AUTH_TYPE
+from vr import app
 
 
 NAV_CAT= { "name": "Admin", "url": "admin.admin_dashboard"}
 
 
-if AUTH_TYPE == 'local':
+if app.config['AUTH_TYPE'] == 'local':
     @admin.route('/logout')
     @login_required
     def logout():
         logout_user()
         del session['username']
         return redirect(url_for('admin.login'))
-elif AUTH_TYPE == 'azuread':
+elif app.config['AUTH_TYPE'] == 'azuread':
     @admin.route('/logout')
     def logout():
         logout_user()
diff --git a/src/vr/admin/routes/register.py b/src/vr/admin/routes/register.py
index 38f0b3f8..1f6f38a8 100644
--- a/src/vr/admin/routes/register.py
+++ b/src/vr/admin/routes/register.py
@@ -13,7 +13,6 @@
 from vr.admin.helper_functions import hash_password
 from vr.admin.email_alerts import send_registration_email
 from vr.functions.initial_setup import setup_core_db_tables, generate_key_pair
-from config_engine import ENV
 from vr.db_models.setup_2 import _init_db
 
 
@@ -115,7 +114,7 @@ def register_submit():
             _init_db(db=db)
 
             generate_key_pair()
-            setup_core_db_tables(ENV)
+            setup_core_db_tables(app.config['ENV'])
             admin_role = UserRoles.query.filter_by(name='Admin').first()
             ura = UserRoleAssignments(user_id=user.id, role_id=admin_role.id)
             db.session.add(ura)
diff --git a/src/vr/admin/routes/settings.py b/src/vr/admin/routes/settings.py
index fea3e3b5..532ae0d5 100644
--- a/src/vr/admin/routes/settings.py
+++ b/src/vr/admin/routes/settings.py
@@ -5,16 +5,8 @@
 # Start of Entity-specific Imports
 from vr.admin import admin
 from vr.admin.functions import _auth_user, check_menu_tour_init
-from config_engine import ENV, PROD_DB_URI, AUTH_TYPE, APP_EXT_URL, LDAP_HOST, LDAP_PORT, LDAP_BASE_DN, \
-    LDAP_USER_DN, LDAP_GROUP_DN, LDAP_USER_RDN_ATTR, LDAP_USER_LOGIN_ATTR, LDAP_BIND_USER_DN, LDAP_BIND_USER_PASSWORD, \
-    AZAD_CLIENT_ID, AZAD_CLIENT_SECRET, AZAD_AUTHORITY, JENKINS_USER, AZURE_KEYVAULT_NAME, INSECURE_OAUTH, \
-    JENKINS_HOST, JENKINS_KEY, JENKINS_PROJECT, JENKINS_STAGING_PROJECT, JENKINS_TOKEN, SMTP_ADMIN_EMAIL, \
-    SMTP_HOST, SMTP_PASSWORD, SMTP_USER, SNOW_CLIENT_ID, SNOW_CLIENT_SECRET, SNOW_INSTANCE_NAME, SNOW_PASSWORD, \
-    SNOW_USERNAME, VERSION, JENKINS_ENABLED, SNOW_ENABLED
-from flask_sqlalchemy import SQLAlchemy
 from vr.admin.models import AppConfig
 from vr.admin.functions import db_connection_handler
-from sqlalchemy import text
 
 
 NAV = {
@@ -44,7 +36,7 @@ def settings():
                 AppConfig.AZAD_CLIENT_ID: all["AZAD_CLIENT_ID"],
                 AppConfig.AZAD_CLIENT_SECRET: all["AZAD_CLIENT_SECRET"],
                 AppConfig.AZURE_KEYVAULT_NAME: all["AZURE_KEYVAULT_NAME"],
-                AppConfig.ENV: ENV,
+                AppConfig.ENV: app.config['ENV'],
                 AppConfig.INSECURE_OAUTH: all["INSECURE_OAUTH"],
                 AppConfig.JENKINS_HOST: all["JENKINS_HOST"],
                 AppConfig.JENKINS_KEY: all["JENKINS_KEY"],
@@ -71,7 +63,7 @@ def settings():
                 AppConfig.SNOW_INSTANCE_NAME: all["SNOW_INSTANCE_NAME"],
                 AppConfig.SNOW_PASSWORD: all["SNOW_PASSWORD"],
                 AppConfig.SNOW_USERNAME: all["SNOW_USERNAME"],
-                AppConfig.VERSION: VERSION,
+                AppConfig.VERSION: app.config['VERSION'],
             }
         if not app_config.settings_initialized:
             update_json[AppConfig.settings_initialized] = True
@@ -88,7 +80,7 @@ def settings():
             "AZAD_CLIENT_ID": all["AZAD_CLIENT_ID"],
             "AZAD_CLIENT_SECRET": all["AZAD_CLIENT_SECRET"],
             "AZURE_KEYVAULT_NAME": all["AZURE_KEYVAULT_NAME"],
-            "ENV": ENV,
+            "ENV": app.config['ENV'],
             "INSECURE_OAUTH": all["INSECURE_OAUTH"],
             "JENKINS_HOST": all["JENKINS_HOST"],
             "JENKINS_KEY": all["JENKINS_KEY"],
@@ -115,7 +107,7 @@ def settings():
             "SNOW_INSTANCE_NAME": all["SNOW_INSTANCE_NAME"],
             "SNOW_PASSWORD": all["SNOW_PASSWORD"],
             "SNOW_USERNAME": all["SNOW_USERNAME"],
-            "VERSION": VERSION,
+            "VERSION": app.config['VERSION'],
         }
     else:
         app_config = AppConfig.query.first()
@@ -160,42 +152,42 @@ def settings():
             }
         else:
             current_settings = {
-                "JENKINS_ENABLED": JENKINS_ENABLED,
-                "SNOW_ENABLED": SNOW_ENABLED,
-                "APP_EXT_URL": APP_EXT_URL,
-                "AUTH_TYPE": AUTH_TYPE,
-                "AZAD_AUTHORITY":AZAD_AUTHORITY,
-                "AZAD_CLIENT_ID": AZAD_CLIENT_ID,
-                "AZAD_CLIENT_SECRET": AZAD_CLIENT_SECRET,
-                "AZURE_KEYVAULT_NAME": AZURE_KEYVAULT_NAME,
-                "ENV": ENV,
-                "INSECURE_OAUTH": INSECURE_OAUTH,
-                "JENKINS_HOST": JENKINS_HOST,
-                "JENKINS_KEY": JENKINS_KEY,
-                "JENKINS_PROJECT": JENKINS_PROJECT,
-                "JENKINS_STAGING_PROJECT": JENKINS_STAGING_PROJECT,
-                "JENKINS_USER": JENKINS_USER,
-                "JENKINS_TOKEN": JENKINS_TOKEN,
-                "LDAP_BASE_DN": LDAP_BASE_DN,
-                "LDAP_BIND_USER_DN": LDAP_BIND_USER_DN,
-                "LDAP_BIND_USER_PASSWORD": LDAP_BIND_USER_PASSWORD,
-                "LDAP_GROUP_DN": LDAP_GROUP_DN,
-                "LDAP_HOST": LDAP_HOST,
-                "LDAP_PORT": LDAP_PORT,
-                "LDAP_USER_DN": LDAP_USER_DN,
-                "LDAP_USER_LOGIN_ATTR": LDAP_USER_LOGIN_ATTR,
-                "LDAP_USER_RDN_ATTR": LDAP_USER_RDN_ATTR,
-                "PROD_DB_URI": PROD_DB_URI,
-                "SMTP_ADMIN_EMAIL": SMTP_ADMIN_EMAIL,
-                "SMTP_HOST": SMTP_HOST,
-                "SMTP_USER": SMTP_USER,
-                "SMTP_PASSWORD": SMTP_PASSWORD,
-                "SNOW_CLIENT_ID": SNOW_CLIENT_ID,
-                "SNOW_CLIENT_SECRET": SNOW_CLIENT_SECRET,
-                "SNOW_INSTANCE_NAME": SNOW_INSTANCE_NAME,
-                "SNOW_USERNAME": SNOW_USERNAME,
-                "SNOW_PASSWORD": SNOW_PASSWORD,
-                "VERSION": VERSION,
+                "JENKINS_ENABLED": app.config['JENKINS_ENABLED'],
+                "SNOW_ENABLED": app.config['SNOW_ENABLED'],
+                "APP_EXT_URL": app.config['APP_EXT_URL'],
+                "AUTH_TYPE": app.config['AUTH_TYPE'],
+                "AZAD_AUTHORITY": app.config['AZAD_AUTHORITY'],
+                "AZAD_CLIENT_ID": app.config['AZAD_CLIENT_ID'],
+                "AZAD_CLIENT_SECRET": app.config['AZAD_CLIENT_SECRET'],
+                "AZURE_KEYVAULT_NAME": app.config['AZURE_KEYVAULT_NAME'],
+                "ENV": app.config['ENV'],
+                "INSECURE_OAUTH": app.config['INSECURE_OAUTH'],
+                "JENKINS_HOST": app.config['JENKINS_HOST'],
+                "JENKINS_KEY": app.config['JENKINS_KEY'],
+                "JENKINS_PROJECT": app.config['JENKINS_PROJECT'],
+                "JENKINS_STAGING_PROJECT": app.config['JENKINS_STAGING_PROJECT'],
+                "JENKINS_USER": app.config['JENKINS_USER'],
+                "JENKINS_TOKEN": app.config['JENKINS_TOKEN'],
+                "LDAP_BASE_DN": app.config['LDAP_BASE_DN'],
+                "LDAP_BIND_USER_DN": app.config['LDAP_BIND_USER_DN'],
+                "LDAP_BIND_USER_PASSWORD": app.config['LDAP_BIND_USER_PASSWORD'],
+                "LDAP_GROUP_DN": app.config['LDAP_GROUP_DN'],
+                "LDAP_HOST": app.config['LDAP_HOST'],
+                "LDAP_PORT": app.config['LDAP_PORT'],
+                "LDAP_USER_DN": app.config['LDAP_USER_DN'],
+                "LDAP_USER_LOGIN_ATTR": app.config['LDAP_USER_LOGIN_ATTR'],
+                "LDAP_USER_RDN_ATTR": app.config['LDAP_USER_RDN_ATTR'],
+                "PROD_DB_URI": app.config['PROD_DB_URI'],
+                "SMTP_ADMIN_EMAIL": app.config['SMTP_ADMIN_EMAIL'],
+                "SMTP_HOST": app.config['SMTP_HOST'],
+                "SMTP_USER": app.config['SMTP_USER'],
+                "SMTP_PASSWORD": app.config['SMTP_PASSWORD'],
+                "SNOW_CLIENT_ID": app.config['SNOW_CLIENT_ID'],
+                "SNOW_CLIENT_SECRET": app.config['SNOW_CLIENT_SECRET'],
+                "SNOW_INSTANCE_NAME": app.config['SNOW_INSTANCE_NAME'],
+                "SNOW_USERNAME": app.config['SNOW_USERNAME'],
+                "SNOW_PASSWORD": app.config['SNOW_PASSWORD'],
+                "VERSION": app.config['VERSION'],
             }
     cat_general = [
         'APP_EXT_URL',
@@ -257,7 +249,7 @@ def set_env_variables(form):
     os.environ['AZAD_CLIENT_ID'] = form["AZAD_CLIENT_ID"]
     os.environ['AZAD_CLIENT_SECRET'] = form["AZAD_CLIENT_SECRET"]
     os.environ['AZURE_KEYVAULT_NAME'] = form["AZURE_KEYVAULT_NAME"]
-    os.environ['ENV'] = ENV
+    os.environ['ENV'] = app.config['ENV']
     os.environ['INSECURE_OAUTH'] = form["INSECURE_OAUTH"]
     os.environ['JENKINS_ENABLED'] = form["JENKINS_ENABLED"]
     os.environ['JENKINS_HOST'] = form["JENKINS_HOST"]
@@ -286,7 +278,43 @@ def set_env_variables(form):
     os.environ['SNOW_INSTANCE_NAME'] = form["SNOW_INSTANCE_NAME"]
     os.environ['SNOW_PASSWORD'] = form["SNOW_PASSWORD"]
     os.environ['SNOW_USERNAME'] = form["SNOW_USERNAME"]
-    os.environ['VERSION'] = VERSION
+    os.environ['VERSION'] = app.config['VERSION']
+    app.config['APP_EXT_URL'] = form["APP_EXT_URL"]
+    app.config['AUTH_TYPE'] = form["AUTH_TYPE"]
+    app.config['AZAD_AUTHORITY'] = form["AZAD_AUTHORITY"]
+    app.config['AZAD_CLIENT_ID'] = form["AZAD_CLIENT_ID"]
+    app.config['AZAD_CLIENT_SECRET'] = form["AZAD_CLIENT_SECRET"]
+    app.config['AZURE_KEYVAULT_NAME'] = form["AZURE_KEYVAULT_NAME"]
+    app.config['ENV'] = app.config['ENV']
+    app.config['INSECURE_OAUTH'] = form["INSECURE_OAUTH"]
+    app.config['JENKINS_ENABLED'] = form["JENKINS_ENABLED"]
+    app.config['JENKINS_HOST'] = form["JENKINS_HOST"]
+    app.config['JENKINS_KEY'] = form["JENKINS_KEY"]
+    app.config['JENKINS_PROJECT'] = form["JENKINS_PROJECT"]
+    app.config['JENKINS_STAGING_PROJECT'] = form["JENKINS_STAGING_PROJECT"]
+    app.config['JENKINS_TOKEN'] = form["JENKINS_TOKEN"]
+    app.config['JENKINS_USER'] = form["JENKINS_USER"]
+    app.config['LDAP_BASE_DN'] = form["LDAP_BASE_DN"]
+    app.config['LDAP_BIND_USER_DN'] = form["LDAP_BIND_USER_DN"]
+    app.config['LDAP_BIND_USER_PASSWORD'] = form["LDAP_BIND_USER_PASSWORD"]
+    app.config['LDAP_GROUP_DN'] = form["LDAP_GROUP_DN"]
+    app.config['LDAP_HOST'] = form["LDAP_HOST"]
+    app.config['LDAP_PORT'] = form["LDAP_PORT"]
+    app.config['LDAP_USER_DN'] = form["LDAP_USER_DN"]
+    app.config['LDAP_USER_LOGIN_ATTR'] = form["LDAP_USER_LOGIN_ATTR"]
+    app.config['LDAP_USER_RDN_ATTR'] = form["LDAP_USER_RDN_ATTR"]
+    app.config['PROD_DB_URI'] = form["PROD_DB_URI"]
+    app.config['SMTP_ADMIN_EMAIL'] = form["SMTP_ADMIN_EMAIL"]
+    app.config['SMTP_HOST'] = form["SMTP_HOST"]
+    app.config['SMTP_PASSWORD'] = form["SMTP_PASSWORD"]
+    app.config['SMTP_USER'] = form["SMTP_USER"]
+    app.config['SNOW_ENABLED'] = form["SNOW_ENABLED"]
+    app.config['SNOW_CLIENT_ID'] = form["SNOW_CLIENT_ID"]
+    app.config['SNOW_CLIENT_SECRET'] = form["SNOW_CLIENT_SECRET"]
+    app.config['SNOW_INSTANCE_NAME'] = form["SNOW_INSTANCE_NAME"]
+    app.config['SNOW_PASSWORD'] = form["SNOW_PASSWORD"]
+    app.config['SNOW_USERNAME'] = form["SNOW_USERNAME"]
+    app.config['VERSION'] = app.config['VERSION']
 
 
 @admin.route('/dangerous/delete_all', methods=['POST'])
@@ -300,7 +328,7 @@ def delete_all_data():
                                nav_subsubcat='', nav_curpage={"name": "Unauthorized"})
 
     try:
-        if ENV == 'test':
+        if app.config['ENV'] == 'test':
             # Ensure all connections to the database are closed
             db.session.close()
             db.engine.dispose()
diff --git a/src/vr/admin/routes/users.py b/src/vr/admin/routes/users.py
index 5e461b33..95f12ae3 100644
--- a/src/vr/admin/routes/users.py
+++ b/src/vr/admin/routes/users.py
@@ -8,7 +8,6 @@
 from sqlalchemy import text
 from flask import request, render_template, session, redirect, url_for, json
 from flask_login import login_required
-from config_engine import AUTH_TYPE
 from vr.functions.table_functions import load_table, update_table
 from vr.admin.email_alerts import send_registration_email
 from vr.assets.model.businessapplications import BusinessApplications
@@ -296,7 +295,7 @@ def add_new_user():
             first_name=firstname,
             last_name=lastname,
             is_active=False,
-            auth_type=AUTH_TYPE,
+            auth_type=app.config['AUTH_TYPE'],
             otp_secret=otp_secret,
             user_type='system',
             avatar_path='/static/images/default_profile_avatar.jpg'
diff --git a/src/vr/api/integrations/servicenow.py b/src/vr/api/integrations/servicenow.py
index 5f76555a..ec06d99f 100644
--- a/src/vr/api/integrations/servicenow.py
+++ b/src/vr/api/integrations/servicenow.py
@@ -1,13 +1,12 @@
 from flask import jsonify, request
 import requests
 import json
+from vr import app
 from vr.api import api
 from vr.admin.oauth2 import require_oauth
 from authlib.integrations.flask_oauth2 import current_token
 from vr.admin.auth_functions import verify_api_key, get_token_auth_header
 from vr.functions.routing_functions import check_entity_permissions
-from vr.assets.model.applicationprofiles import ApplicationProfiles, ApplicationProfilesSchema
-from config_engine import SNOW_PASSWORD, SNOW_CLIENT_SECRET, SNOW_INSTANCE_NAME, SNOW_CLIENT_ID, SNOW_USERNAME
 
 
 ERROR_RESP = "Error: Invalid API Request"
@@ -184,11 +183,11 @@ def create_new_collaboration_tools(snow_obj, app_name, app_desc):
     return sys_id_map
 
 # ServiceNow instance details
-INSTANCE_NAME = SNOW_INSTANCE_NAME
-CLIENT_ID  = SNOW_CLIENT_ID
-CLIENT_SECRET  = SNOW_CLIENT_SECRET
-USERNAME = SNOW_USERNAME
-PASSWORD = SNOW_PASSWORD
+INSTANCE_NAME = app.config['SNOW_INSTANCE_NAME']
+CLIENT_ID  = app.config['SNOW_CLIENT_ID']
+CLIENT_SECRET  = app.config['SNOW_CLIENT_SECRET']
+USERNAME = app.config['SNOW_USERNAME']
+PASSWORD = app.config['SNOW_PASSWORD']
 
 TOKEN_URL = f'https://{INSTANCE_NAME}.service-now.com/oauth_token.do'
 TOKEN_DATA = {
diff --git a/src/vr/api/vulns/jenkins_webhook.py b/src/vr/api/vulns/jenkins_webhook.py
index 28f1824e..0b2e8b2d 100644
--- a/src/vr/api/vulns/jenkins_webhook.py
+++ b/src/vr/api/vulns/jenkins_webhook.py
@@ -2,10 +2,11 @@
 import datetime
 from threading import Thread
 from flask import jsonify, request, json
-from vr import db
+from vr import db, app
 from vr.api import api
 from requests.auth import HTTPBasicAuth
-from config_engine import JENKINS_USER, JENKINS_KEY, JENKINS_PROJECT, JENKINS_HOST, JENKINS_TOKEN
+# from config_engine import JENKINS_USER, JENKINS_KEY, JENKINS_PROJECT, JENKINS_HOST, JENKINS_TOKEN
+from config_engine import getConfigs
 from vr.admin.oauth2 import require_oauth
 from sqlalchemy import text
 from vr.assets.model.cicdpipelinebuilds import CICDPipelineBuilds
@@ -25,6 +26,7 @@
 @api.route('/api/jenkins_webhook', methods=['POST'])
 @require_oauth('write:vulnerabilities')
 def jenkins_webhook():
+    getConfigs(app.config)
     all = request.form
     payload_dict = json.loads(all['payload'])
     ref = payload_dict['ref']
diff --git a/src/vr/api/vulns/vulnerabilities.py b/src/vr/api/vulns/vulnerabilities.py
index 68360c8b..b151f5bf 100644
--- a/src/vr/api/vulns/vulnerabilities.py
+++ b/src/vr/api/vulns/vulnerabilities.py
@@ -16,7 +16,6 @@
 from vr.admin.oauth2 import require_oauth
 from vr.admin.functions import db_connection_handler
 from authlib.integrations.flask_oauth2 import current_token
-from config_engine import ENV
 import re
 
 
@@ -295,7 +294,7 @@ def _add_new_vulns(new_vulns, engine):
 def _setup_duplicate_vulns(source_type, dup_vulns):
     sourced_dup_vulns = []
     for vuln in dup_vulns:
-        if ENV == 'test':
+        if app.config['ENV'] == 'test':
             vuln['LastModifiedDate'] = datetime.datetime.utcnow().replace(microsecond=0)
             if vuln['ReleaseDate']:
                 vuln['ReleaseDate'] = datetime.datetime.strptime(vuln['ReleaseDate'], '%Y-%m-%d %H:%M:%S')
diff --git a/src/vr/db_models/setup.py b/src/vr/db_models/setup.py
index b36fdc22..cb37b344 100644
--- a/src/vr/db_models/setup.py
+++ b/src/vr/db_models/setup.py
@@ -1,11 +1,6 @@
 from datetime import datetime
 from sqlalchemy.types import TEXT, DECIMAL
 from flask import jsonify
-from config_engine import ENV
-if ENV == 'test':
-    from sqlalchemy.dialects.sqlite import TEXT as LONGTEXT
-else:
-    from sqlalchemy.dialects.mysql import LONGTEXT
 from flask_sqlalchemy import SQLAlchemy
 from sqlalchemy.dialects import mysql
 from flask_login import UserMixin
@@ -176,9 +171,9 @@ class TmControls(db.Model):
         __tablename__ = 'TmControls'
         ID = db.Column(db.Integer, primary_key=True)
         AddDate = db.Column(db.DateTime, index=True, default=datetime.utcnow, nullable=False)
-        Control = db.Column(LONGTEXT)
+        Control = db.Column(db.String(20000))
         Type = db.Column(db.String(8))
-        Description = db.Column(LONGTEXT)
+        Description = db.Column(db.String(20000))
         Lambda = db.Column(db.String(1))
         Process = db.Column(db.String(1))
         Server = db.Column(db.String(1))
diff --git a/src/vr/db_models/setup_2.py b/src/vr/db_models/setup_2.py
index d47ba210..0d98c122 100644
--- a/src/vr/db_models/setup_2.py
+++ b/src/vr/db_models/setup_2.py
@@ -2,8 +2,8 @@
 from sqlalchemy.types import TEXT, DECIMAL
 from sqlalchemy import MetaData
 from vr.admin.functions import db_connection_handler
-from config_engine import ENV
-if ENV == 'test':
+from vr import app
+if app.config['ENV'] == 'test':
     from sqlalchemy.dialects.sqlite import TEXT as LONGTEXT
 else:
     from sqlalchemy.dialects.mysql import LONGTEXT
diff --git a/src/vr/orchestration/web/pipeline_jobs.py b/src/vr/orchestration/web/pipeline_jobs.py
index e9fcc7ee..2ef5390b 100644
--- a/src/vr/orchestration/web/pipeline_jobs.py
+++ b/src/vr/orchestration/web/pipeline_jobs.py
@@ -11,7 +11,6 @@
 from vr.orchestration.model.cicdpipelines import CICDPipelines, CICDPipelinesSchema
 from vr.orchestration.model.pipelinejobs import PipelineJobs, PipelineJobsSchema
 from vr.orchestration.web.pipeline_stage_data import OPTS
-from config_engine import JENKINS_USER, JENKINS_KEY, JENKINS_STAGING_PROJECT, JENKINS_HOST, JENKINS_TOKEN
 
 
 NAV = {
@@ -248,7 +247,7 @@ def validate_cicd_pipeline_stage(appid):
         "Content-Type": "application/x-www-form-urlencoded"
     }
     data = {
-        'token': JENKINS_TOKEN,
+        'token': app.config['JENKINS_TOKEN'],
         'GIT_URL': git_url,
         'GIT_BRANCH': git_branch,
         'APP_NAME': app_name,
@@ -261,8 +260,8 @@ def validate_cicd_pipeline_stage(appid):
         'TARGET_URL': target_url
 
     }
-    url = f'{JENKINS_HOST}/job/{JENKINS_STAGING_PROJECT}/buildWithParameters'
-    resp = requests.post(url, headers=headers, data=data, auth=HTTPBasicAuth(JENKINS_USER, JENKINS_KEY))
+    url = f"{app.config['JENKINS_HOST']}/job/{app.config['JENKINS_STAGING_PROJECT']}/buildWithParameters"
+    resp = requests.post(url, headers=headers, data=data, auth=HTTPBasicAuth(app.config['JENKINS_USER'], app.config['JENKINS_KEY']))
 
     return str(200)
 
diff --git a/src/vr/templates/admin/settings.html b/src/vr/templates/admin/settings.html
index a7564e1a..f5da3318 100644
--- a/src/vr/templates/admin/settings.html
+++ b/src/vr/templates/admin/settings.html
@@ -134,7 +134,7 @@ <h3 style="margin-bottom: 1em;">General Settings</h3>
                                     <option value="False" {% if value == 'False' %}selected="selected"{% endif %}>False</option>
                                 </select>
                             {% elif key == "PROD_DB_URI" %}
-                                <input type="password" class="form-control" id="{{ key }}" name="{{ key }}" value="{{ value }}"><div id="mask_db_pw_vis" class="fa-solid fa-eye" onclick="toggleDbPw(this)"></div><div id="mask_db_pw_novis" class="fa-solid fa-eye-slash" style="display: none;" onclick="toggleDbPw(this)"></div>
+                                <input type="password" class="form-control" autocomplete="new-password" id="{{ key }}" name="{{ key }}" value="{{ value }}"><div id="mask_db_pw_vis" class="fa-solid fa-eye" onclick="toggleDbPw(this)"></div><div id="mask_db_pw_novis" class="fa-solid fa-eye-slash" style="display: none;" onclick="toggleDbPw(this)"></div>
                             {% elif key == "ENV" or key == "VERSION" %}
                                 <input disabled="disabled" type="text" class="form-control" id="{{ key }}" name="{{ key }}" value="{{ value }}">
                             {% else %}
@@ -176,7 +176,7 @@ <h3 style="margin-bottom: 1em;">SMTP Settings</h3>
                         <div class="form-group">
                             <label for="{{ key }}">{{ key }}</label>
                             {% if key == 'SMTP_PASSWORD' %}
-                                <input type="password" class="form-control" id="{{ key }}" name="{{ key }}" value="{{ value }}"><div id="mask_smtp_pw_vis" class="fa-solid fa-eye" onclick="toggleSmtpPw(this)"></div><div id="mask_smtp_pw_novis" class="fa-solid fa-eye-slash" style="display: none;" onclick="toggleSmtpPw(this)"></div>
+                                <input type="password" class="form-control" autocomplete="new-password"  id="{{ key }}" name="{{ key }}" value="{{ value }}"><div id="mask_smtp_pw_vis" class="fa-solid fa-eye" onclick="toggleSmtpPw(this)"></div><div id="mask_smtp_pw_novis" class="fa-solid fa-eye-slash" style="display: none;" onclick="toggleSmtpPw(this)"></div>
                             {% else %}
                                 <input type="text" class="form-control" id="{{ key }}" name="{{ key }}" value="{{ value }}">
                             {% endif %}
@@ -199,10 +199,10 @@ <h3 style="margin-bottom: 1em;">Jenkins Settings</h3>
                                 </select>
                             {% elif key == 'JENKINS_KEY' %}
                                 <label id="{{ key }}_l" for="{{ key }}" style="display: {% if settings['JENKINS_ENABLED'] == 'yes' %}block{% else %}none{% endif %};">{{ key }}</label>
-                                <div id="{{ key }}_i" {% if settings['JENKINS_ENABLED'] != 'yes' %}style="display:none;"{% else %}style="display:contents;"{% endif %}><input type="password" class="form-control" id="{{ key }}" name="{{ key }}" value="{{ value }}"><div id="mask_jenkins_key_vis" class="fa-solid fa-eye" onclick="toggleJenkinsKey(this)"></div><div id="mask_jenkins_key_novis" class="fa-solid fa-eye-slash" style="display: none;" onclick="toggleJenkinsKey(this)"></div></div>
+                                <div id="{{ key }}_i" {% if settings['JENKINS_ENABLED'] != 'yes' %}style="display:none;"{% else %}style="display:contents;"{% endif %}><input type="password" autocomplete="new-password"  class="form-control" id="{{ key }}" name="{{ key }}" value="{{ value }}"><div id="mask_jenkins_key_vis" class="fa-solid fa-eye" onclick="toggleJenkinsKey(this)"></div><div id="mask_jenkins_key_novis" class="fa-solid fa-eye-slash" style="display: none;" onclick="toggleJenkinsKey(this)"></div></div>
                             {% elif key == 'JENKINS_TOKEN' %}
                                 <label id="{{ key }}_l" for="{{ key }}" style="display: {% if settings['JENKINS_ENABLED'] == 'yes' %}block{% else %}none{% endif %};">{{ key }}</label>
-                                <div id="{{ key }}_i" {% if settings['JENKINS_ENABLED'] != 'yes' %}style="display:none;"{% else %}style="display:contents;"{% endif %}><input type="password" class="form-control" id="{{ key }}" name="{{ key }}" value="{{ value }}"><div id="mask_jenkins_token_vis" class="fa-solid fa-eye" onclick="toggleJenkinsToken(this)"></div><div id="mask_jenkins_token_novis" class="fa-solid fa-eye-slash" style="display: none;" onclick="toggleJenkinsToken(this)"></div></div>
+                                <div id="{{ key }}_i" {% if settings['JENKINS_ENABLED'] != 'yes' %}style="display:none;"{% else %}style="display:contents;"{% endif %}><input type="password" autocomplete="new-password"  class="form-control" id="{{ key }}" name="{{ key }}" value="{{ value }}"><div id="mask_jenkins_token_vis" class="fa-solid fa-eye" onclick="toggleJenkinsToken(this)"></div><div id="mask_jenkins_token_novis" class="fa-solid fa-eye-slash" style="display: none;" onclick="toggleJenkinsToken(this)"></div></div>
                             {% else %}
                                 <label id="{{ key }}_l" for="{{ key }}" style="display: {% if settings['JENKINS_ENABLED'] == 'yes' %}block{% else %}none{% endif %};">{{ key }}</label>
                                 <input type="text" class="form-control" id="{{ key }}" name="{{ key }}" value="{{ value }}" style="display: {% if settings['JENKINS_ENABLED'] == 'yes' %}block{% else %}none{% endif %};">
@@ -229,10 +229,10 @@ <h3 style="margin-bottom: 1em;">ServiceNOW Settings</h3>
                                 </select>
                             {% elif key == 'SNOW_CLIENT_SECRET' %}
                                 <label id="{{ key }}_l" for="{{ key }}" style="display: {% if settings['SNOW_ENABLED'] == 'yes' %}block{% else %}none{% endif %};">{{ key }}</label>
-                                <div id="{{ key }}_i" {% if settings['SNOW_ENABLED'] != 'yes' %}style="display:none;"{% else %}style="display:contents;"{% endif %}><input type="password" class="form-control" id="{{ key }}" name="{{ key }}" value="{{ value }}"><div id="mask_snow_secret_vis" class="fa-solid fa-eye" onclick="toggleSnowSecret(this)"></div><div id="mask_snow_secret_novis" class="fa-solid fa-eye-slash" style="display: none;" onclick="toggleSnowSecret(this)"></div></div>
+                                <div id="{{ key }}_i" {% if settings['SNOW_ENABLED'] != 'yes' %}style="display:none;"{% else %}style="display:contents;"{% endif %}><input type="password" autocomplete="new-password"  class="form-control" id="{{ key }}" name="{{ key }}" value="{{ value }}"><div id="mask_snow_secret_vis" class="fa-solid fa-eye" onclick="toggleSnowSecret(this)"></div><div id="mask_snow_secret_novis" class="fa-solid fa-eye-slash" style="display: none;" onclick="toggleSnowSecret(this)"></div></div>
                             {% elif key == 'SNOW_PASSWORD' %}
                                 <label id="{{ key }}_l" for="{{ key }}" style="display: {% if settings['SNOW_ENABLED'] == 'yes' %}block{% else %}none{% endif %};">{{ key }}</label>
-                                <div id="{{ key }}_i" {% if settings['SNOW_ENABLED'] != 'yes' %}style="display:none;"{% else %}style="display:contents;"{% endif %}><input type="password" class="form-control" id="{{ key }}" name="{{ key }}" value="{{ value }}"><div id="mask_snow_pw_vis" class="fa-solid fa-eye" onclick="toggleSnowPW(this)"></div><div id="mask_snow_pw_novis" class="fa-solid fa-eye-slash" style="display: none;" onclick="toggleSnowPW(this)"></div></div>
+                                <div id="{{ key }}_i" {% if settings['SNOW_ENABLED'] != 'yes' %}style="display:none;"{% else %}style="display:contents;"{% endif %}><input type="password" autocomplete="new-password"  class="form-control" id="{{ key }}" name="{{ key }}" value="{{ value }}"><div id="mask_snow_pw_vis" class="fa-solid fa-eye" onclick="toggleSnowPW(this)"></div><div id="mask_snow_pw_novis" class="fa-solid fa-eye-slash" style="display: none;" onclick="toggleSnowPW(this)"></div></div>
                             {% else %}
                                 <label id="{{ key }}_l" for="{{ key }}" style="display: {% if settings['SNOW_ENABLED'] == 'yes' %}block{% else %}none{% endif %};">{{ key }}</label>
                                 <input type="text" class="form-control" id="{{ key }}" name="{{ key }}" value="{{ value }}" style="display: {% if settings['SNOW_ENABLED'] == 'yes' %}block{% else %}none{% endif %};">
diff --git a/src/vr/vulns/web/findings.py b/src/vr/vulns/web/findings.py
index 8c9938c8..06d44322 100644
--- a/src/vr/vulns/web/findings.py
+++ b/src/vr/vulns/web/findings.py
@@ -25,7 +25,6 @@
 import base64
 from io import StringIO
 from flask import Response
-from config_engine import ENV
 from vr.functions.ml_functions import predict_vuln_validity
 from vr.vulns.model.cvssbasescoresv3 import CVSSBaseScoresV3
 from vr.vulns.model.cvssbasescoresv3extensions import CVSSBaseScoresV3Extensions
@@ -42,7 +41,7 @@
 UNAUTH_STATUS = "403.html"
 SERVER_ERR_STATUS = "500.html"
 VULN_STATUS_IS_NOT_CLOSED = "Vulnerabilities.Status NOT LIKE 'Closed-%' AND Vulnerabilities.Status NOT LIKE 'Open-RiskAccepted-%'"
-test = ENV
+test = app.config['ENV']
 if test == 'test':
     ISO_FORMAT = "%Y-%m-%dT%H:%M:%S.%f"
 else:
diff --git a/src/vr/vulns/web/testing.py b/src/vr/vulns/web/testing.py
index 32e604b8..c69f7122 100644
--- a/src/vr/vulns/web/testing.py
+++ b/src/vr/vulns/web/testing.py
@@ -11,8 +11,8 @@
 from vr.vulns.model.vulnerabilityscans import VulnerabilityScans, VulnerabilityScansSchema
 from vr.functions.table_functions import load_table, update_table
 from requests.auth import HTTPBasicAuth
-from config_engine import JENKINS_USER, JENKINS_KEY, JENKINS_PROJECT, JENKINS_HOST, JENKINS_TOKEN
 from vr.assets.model.applicationprofiles import ApplicationProfiles, ApplicationProfilesSchema
+from vr import app
 
 
 NAV = {
@@ -115,14 +115,14 @@ def on_demand_testing():
         "Content-Type": "application/x-www-form-urlencoded"
     }
     data = {
-        'token': JENKINS_TOKEN,
+        'token': app.config['JENKINS_TOKEN'],
         'GIT_URL': git_url,
         'TESTS': tests_to_run.upper(),
         'GIT_BRANCH': git_branch,
         'APP_NAME': app_name
     }
-    url = f'{JENKINS_HOST}/job/{JENKINS_PROJECT}/buildWithParameters'
-    resp = requests.post(url, headers=headers, data=data, auth=HTTPBasicAuth(JENKINS_USER, JENKINS_KEY))
+    url = f"{app.config['JENKINS_HOST']}/job/{app.config['JENKINS_PROJECT']}/buildWithParameters"
+    resp = requests.post(url, headers=headers, data=data, auth=HTTPBasicAuth(app.config['JENKINS_USER'], app.config['JENKINS_KEY']))
 
     return redirect(request.referrer)
 

From d0f7120c34e3a58c60e82404516a9b7282bbf59e Mon Sep 17 00:00:00 2001
From: bkaiserinfosec <49665796+bkaiserinfosec@users.noreply.github.com>
Date: Fri, 22 Mar 2024 07:48:21 -0700
Subject: [PATCH 12/14] Update run.py

---
 src/run.py | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/src/run.py b/src/run.py
index 7f0f15c7..b67be678 100644
--- a/src/run.py
+++ b/src/run.py
@@ -4,10 +4,9 @@
 import datetime
 import os
 from vr.admin.oauth2 import config_oauth
-from config_engine import ENV, INSECURE_OAUTH
 
 
-if ENV == 'test' or INSECURE_OAUTH:
+if app.config['ENV'] == 'test' or app.config['INSECURE_OAUTH']:
     os.environ['AUTHLIB_INSECURE_TRANSPORT'] = '1'
 else:
     os.environ['AUTHLIB_INSECURE_TRANSPORT'] = '0'

From ba8b3dc8fed4570fc4e9877a3cfae8a5e4260632 Mon Sep 17 00:00:00 2001
From: bkaiserinfosec <49665796+bkaiserinfosec@users.noreply.github.com>
Date: Fri, 22 Mar 2024 07:58:31 -0700
Subject: [PATCH 13/14] Update pipeline-config.yaml

---
 pipeline-config.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pipeline-config.yaml b/pipeline-config.yaml
index 2a9eb073..d19730b0 100644
--- a/pipeline-config.yaml
+++ b/pipeline-config.yaml
@@ -9,7 +9,7 @@ stages:
     branches:
       - release
   unitTesting:
-    enabled: false
+    enabled: true
     branches: []
   secretScanning:
     enabled: false

From 42f91fddcc01ba9cb8c2be4fe8bd6ef1cdd8549a Mon Sep 17 00:00:00 2001
From: bkaiserinfosec <49665796+bkaiserinfosec@users.noreply.github.com>
Date: Fri, 22 Mar 2024 10:30:49 -0700
Subject: [PATCH 14/14] Update __init__.py

---
 src/vr/__init__.py | 85 ++++++++++++++++++++++------------------------
 1 file changed, 41 insertions(+), 44 deletions(-)

diff --git a/src/vr/__init__.py b/src/vr/__init__.py
index 2f3ccf73..90fe1b09 100644
--- a/src/vr/__init__.py
+++ b/src/vr/__init__.py
@@ -214,50 +214,47 @@ def connect_to_db():
         return cur, db
 
 def getPersistentConfig():
-    try:
-        cur, db = connect_to_db()
-        sql = 'SELECT * FROM AppConfig WHERE 1=1'
-        cur.execute(sql)
-        row = cur.fetchone()
-        if row[2]:
-            app.config['APP_EXT_URL'] = row[3]
-            app.config['AUTH_TYPE'] = row[4]
-            app.config['AZAD_AUTHORITY'] = row[5]
-            app.config['AZAD_CLIENT_ID'] = row[6]
-            app.config['AZAD_CLIENT_SECRET'] = row[7]
-            app.config['AZURE_KEYVAULT_NAME'] = row[8]
-            app.config['ENV'] = row[9]
-            app.config['INSECURE_OAUTH'] = row[10]
-            app.config['JENKINS_ENABLED'] = row[37]
-            app.config['JENKINS_HOST'] = row[11]
-            app.config['JENKINS_KEY'] = row[12]
-            app.config['JENKINS_PROJECT'] = row[13]
-            app.config['JENKINS_STAGING_PROJECT'] = row[14]
-            app.config['JENKINS_TOKEN'] = row[15]
-            app.config['JENKINS_USER'] = row[16]
-            app.config['LDAP_BASE_DN'] = row[17]
-            app.config['LDAP_BIND_USER_DN'] = row[18]
-            app.config['LDAP_BIND_USER_PASSWORD'] = row[19]
-            app.config['LDAP_GROUP_DN'] = row[20]
-            app.config['LDAP_HOST'] = row[21]
-            app.config['LDAP_PORT'] = row[22]
-            app.config['LDAP_USER_DN'] = row[23]
-            app.config['LDAP_USER_LOGIN_ATTR'] = row[24]
-            app.config['LDAP_USER_RDN_ATTR'] = row[25]
-            app.config['PROD_DB_URI'] = row[26]
-            app.config['SMTP_ADMIN_EMAIL'] = row[27]
-            app.config['SMTP_HOST'] = row[28]
-            app.config['SMTP_PASSWORD'] = row[29]
-            app.config['SMTP_USER'] = row[30]
-            app.config['SNOW_ENABLED'] = row[38]
-            app.config['SNOW_CLIENT_ID'] = row[31]
-            app.config['SNOW_CLIENT_SECRET'] = row[32]
-            app.config['SNOW_INSTANCE_NAME'] = row[33]
-            app.config['SNOW_PASSWORD'] = row[34]
-            app.config['SNOW_USERNAME'] = row[35]
-            app.config['VERSION'] = row[36]
-    except:
-        print('AppConfig Database table is either unreachable or not setup.')
+    cur, db = connect_to_db()
+    sql = 'SELECT * FROM AppConfig WHERE 1=1'
+    cur.execute(sql)
+    row = cur.fetchone()
+    if row[2]:
+        app.config['APP_EXT_URL'] = row[3]
+        app.config['AUTH_TYPE'] = row[4]
+        app.config['AZAD_AUTHORITY'] = row[5]
+        app.config['AZAD_CLIENT_ID'] = row[6]
+        app.config['AZAD_CLIENT_SECRET'] = row[7]
+        app.config['AZURE_KEYVAULT_NAME'] = row[8]
+        app.config['ENV'] = row[9]
+        app.config['INSECURE_OAUTH'] = row[10]
+        app.config['JENKINS_ENABLED'] = row[37]
+        app.config['JENKINS_HOST'] = row[11]
+        app.config['JENKINS_KEY'] = row[12]
+        app.config['JENKINS_PROJECT'] = row[13]
+        app.config['JENKINS_STAGING_PROJECT'] = row[14]
+        app.config['JENKINS_TOKEN'] = row[15]
+        app.config['JENKINS_USER'] = row[16]
+        app.config['LDAP_BASE_DN'] = row[17]
+        app.config['LDAP_BIND_USER_DN'] = row[18]
+        app.config['LDAP_BIND_USER_PASSWORD'] = row[19]
+        app.config['LDAP_GROUP_DN'] = row[20]
+        app.config['LDAP_HOST'] = row[21]
+        app.config['LDAP_PORT'] = row[22]
+        app.config['LDAP_USER_DN'] = row[23]
+        app.config['LDAP_USER_LOGIN_ATTR'] = row[24]
+        app.config['LDAP_USER_RDN_ATTR'] = row[25]
+        app.config['PROD_DB_URI'] = row[26]
+        app.config['SMTP_ADMIN_EMAIL'] = row[27]
+        app.config['SMTP_HOST'] = row[28]
+        app.config['SMTP_PASSWORD'] = row[29]
+        app.config['SMTP_USER'] = row[30]
+        app.config['SNOW_ENABLED'] = row[38]
+        app.config['SNOW_CLIENT_ID'] = row[31]
+        app.config['SNOW_CLIENT_SECRET'] = row[32]
+        app.config['SNOW_INSTANCE_NAME'] = row[33]
+        app.config['SNOW_PASSWORD'] = row[34]
+        app.config['SNOW_USERNAME'] = row[35]
+        app.config['VERSION'] = row[36]
 
 getPersistentConfig()