All Itential Platform configuration, including profile properties and service config properties can be set using environment variables in Platform 6. Details on each Platform property and its corresponding environment variable are referenced below.
Platform Property | Environment Variable | Type | Description |
---|---|---|---|
audit_enabled | ITENTIAL_AUDIT_ENABLED | boolean | If true, the platform will track detailed audit events. |
auth_admin_groups | ITENTIAL_AUTH_ADMIN_GROUPS | json | Members of these groups will be implicitly assigned with admin permissions. |
auth_broker_principal_enabled | ITENTIAL_AUTH_BROKER_PRINCIPAL_ENABLED | boolean | Enables a AAA adapter to custom build the principal object for a user with a "buildPrincipal" method. |
auth_relay_state_ttl | ITENTIAL_AUTH_RELAY_STATE_TIMEOUT | integer | The time in seconds before the RelayState from sso expires. |
auth_session_cookie_name | ITENTIAL_AUTH_SESSION_COOKIE_NAME | string | The name of the cookie used for a user session. |
auth_session_ttl | ITENTIAL_AUTH_SESSION_TTL | integer | The time in minutes before a user session expires. |
auth_unique_sessions_enabled | ITENTIAL_AUTH_UNIQUE_SESSIONS_ENABLED | boolean | If true, logs out existing sessions for a user when they log in with a new session. |
broker_validation_enabled | ITENTIAL_BROKER_VALIDATION_ENABLED | boolean | If true, the platform will perform strict JSON Schema validation on messages into the brokers and coming back to the broker layer from adapters. |
cyberark_url | ITENTIAL_CYBERARK_URL | string | The URL to the CyberArk Central Credential Provider. |
cyberark_app_id | ITENTIAL_CYBERARK_APP_ID | string | Specifies the unique ID of the application issuing the password request to CyberArk CCP. Used by CyberArk CCP only. |
cyberark_allow_invalid_certificates | ITENTIAL_CYBERARK_ALLOW_INVALID_CERTIFICATES | boolean | If true, disables TLS certificate validation and allows connections using invalid or self-signed certificates. Used by CyberArk CCP only. |
cyberark_ca | ITENTIAL_CYBERARK_CA | string | The .pem file containing the root certificate chain from the Certificate Authority. Specify using absolute file path. Used by CyberArk CCP only. |
cyberark_key | ITENTIAL_CYBERARK_KEY | string | The certificate key file location. Specify using absolute file paths. Used by CyberArk CCP only. |
cyberark_certificate | ITENTIAL_CYBERARK_CERTIFICATE | string | The .pem file that contains the client certificate. Specify the file name using absolute paths. Used by CyberArk CCP only. |
cyberark_connection_timeout | ITENTIAL_CYBERARK_CONNECTION_TIMEOUT | integer | The number of seconds that the Central Credential Provider will try to retrieve the secret value. Used by CyberArk CCP only. |
cyberark_reason_text | ITENTIAL_CYBERARK_REASON_TEXT | string | Set this property to specify the reason for password retrieval, which will appear in CyberArk Credential Provider's audit log. Used by CyberArk CCP only. |
dead_process_check_enabled | ITENTIAL_DEAD_PROCESS_CHECK_ENABLED | boolean | If true, the platform will periodically check for dead processes. |
dead_process_check_interval | ITENTIAL_DEAD_PROCESS_CHECK_INTERVAL | integer | How often to check if an application/adapter stopped sending healthcheck pings (dead process), in seconds. |
dead_process_max_period | ITENTIAL_DEAD_PROCESS_MAX_PERIOD | integer | Maximum time period for application/adapter without sending healthcheck ping, in seconds. |
default_user_enabled | ITENTIAL_DEFAULT_USER_ENABLED | boolean | Enables a default user to be used for login when SSO is not configured and no AAA Adapter exists. |
default_user_password | ITENTIAL_DEFAULT_USER_PASSWORD | string | The password of the default user. |
default_user_username | ITENTIAL_DEFAULT_USER_USERNAME | string | The username of the default user. |
device_broker_default_adapter_priority | ITENTIAL_DEVICE_BROKER_DEFAULT_ADAPTER_PRIORITY | csv | A list of adapter types that manages the devices. |
device_broker_run_command_adapter_preference | ITENTIAL_DEVICE_BROKER_RUN_COMMAND_ADAPTER_PREFERENCE | string | Runs a command on a device. |
device_count_polling_interval | ITENTIAL_DEVICE_COUNT_POLLING_INTERVAL | integer | The interval for how often the platform polls for the number of devices, in hours. |
encryption_key | ITENTIAL_ENCRYPTION_KEY | string | 64-length hex string describing a 256 bit encryption key |
external_request_timeout | ITENTIAL_EXTERNAL_REQUEST_TIMEOUT | integer | The timeout for external API requests, in seconds. |
integration_thread_count | ITENTIAL_INTEGRATION_THREAD_COUNT | integer | The number of threads available for API requests. |
integration_timeout | ITENTIAL_INTEGRATION_TIMEOUT | integer | The number of milliseconds until an integration request times out. |
job_worker_enabled | ITENTIAL_JOB_WORKER_ENABLED | boolean | If true, will allow jobs to be started after the server startup process is complete. If false, API calls to start Jobs will return an error until enabled manually via the UI/API. |
log_directory | ITENTIAL_LOG_DIRECTORY | string | The absolute directory path where log files are written. |
log_filename | ITENTIAL_LOG_FILENAME | string | The name of the primary platform log file. |
log_level | ITENTIAL_LOG_LEVEL | string | The minimum log level to display in the log file. |
log_level_console | ITENTIAL_LOG_LEVEL_CONSOLE | string | The minimum log level to display in the console (stdout). |
log_level_syslog | ITENTIAL_LOG_LEVEL_SYSLOG | string | The minimum log level to send to the syslog server. |
log_max_file_size | ITENTIAL_LOG_MAX_FILE_SIZE | integer | The maximum file size in bytes of each log file before rotation occurs. |
log_max_files | ITENTIAL_LOG_MAX_FILES | integer | The maximum number of each log file to keep as rotation occurs. |
mongo_auth_db | ITENTIAL_MONGO_AUTH_DB | string | The name of the database that the MongoDB user must authenticate against. |
mongo_auth_enabled | ITENTIAL_MONGO_AUTH_ENABLED | boolean | Instructs the MongoDB driver to use the configured username/password when connecting to MongoDB. |
mongo_bypass_version_check | ITENTIAL_MONGO_BYPASS_VERSION_CHECK | boolean | If true, the server will not check if it is connecting to a compatible MongoDB version. |
mongo_db_name | ITENTIAL_MONGO_DB_NAME | string | The name of the MongoDB logical database to connect to. |
mongo_max_idle_time_ms | ITENTIAL_MONGO_MAX_IDLE_TIME_MS | integer | The maximum number of milliseconds that a connection can remain idle in the pool. Set to 0 for no limit. |
mongo_max_pool_size | ITENTIAL_MONGO_MAX_POOL_SIZE | integer | The maximum number of connections in a connection pool. Each application/adapter has its own connection pool. |
mongo_password | ITENTIAL_MONGO_PASSWORD | string | The password to use when connecting to MongoDB. |
mongo_ssl_accept_invalid_certs | ITENTIAL_MONGO_SSL_ACCEPT_INVALID_CERTS | boolean | Deprecated in favor of the mongo_tls_allow_invalid_certificates property. |
mongo_ssl_ca_file | ITENTIAL_MONGO_SSL_CA_FILE | string | Deprecated in favor of the mongo_tls_ca_file property. |
mongo_ssl_enabled | ITENTIAL_MONGO_SSL_ENABLED | boolean | Deprecated in favor of the mongo_tls_enabled property. |
mongo_tls_allow_invalid_certificates | ITENTIAL_MONGO_TLS_ALLOW_INVALID_CERTIFICATES | boolean | If true, disables the validation checks for TLS certificates on other servers in the cluster and allows the use of invalid or self-signed certificates to connect. |
mongo_tls_ca_file | ITENTIAL_MONGO_TLS_CA_FILE | string | The .pem file that contains the root certificate chain from the Certificate Authority. Specify the file name of the .pem file using absolute paths. |
mongo_tls_enabled | ITENTIAL_MONGO_TLS_ENABLED | boolean | Instruct the MongoDB driver to use TLS protocols when connecting to the database. |
mongo_url | ITENTIAL_MONGO_URL | string | The MongoDB connection string. For a replica set this will include all members of the replica set. For Mongo Atlas this will be the SRV connection format. |
mongo_user | ITENTIAL_MONGO_USER | string | The username to use when connecting to MongoDB. |
platform_encrypted | ITENTIAL_PLATFORM_ENCRYPTED | boolean | Indicates whether the platform is using encrypted code files. |
platform_shutdown_timeout | ITENTIAL_PLATFORM_SHUTDOWN_TIMEOUT | integer | The amount of time a service should wait before shutting down, in seconds. |
profile_id | ITENTIAL_PROFILE_ID | string | The name of the profile document to load from the MongoDB where legacy configuration properties are stored. Not required for installations that are using environment variables or a properties file. |
redis_connect_timeout | ITENTIAL_REDIS_CONNECT_TIMEOUT | integer | The maximum time in milliseconds to wait for initial Redis connection before timing out. If not set, defaults to 30000ms (30 seconds). |
redis_db | ITENTIAL_REDIS_DB | integer | The Redis keyspace (database number) to use for the connection. |
redis_host | ITENTIAL_REDIS_HOST | string | The hostname of the Redis server. Not used when connecting to Redis Sentinels. |
redis_max_heartbeat_write_retries | ITENTIAL_REDIS_MAX_HEARTBEAT_WRITE_RETRIES | integer | The maximum number of times to retry writing a heartbeat message to Redis from a service. |
redis_max_retries_per_request | ITENTIAL_REDIS_MAX_RETRIES_PER_REQUEST | integer | The maximum number of times to retry a request to Redis when the connection is lost. |
redis_name | ITENTIAL_REDIS_NAME | string | The Redis primary name. This only has meaning when Redis is running with replication enabled. The sentinels will monitor this node and consider it down only when the sentinels agree. Note: The primary name should not include special characters other than: .-_ and no whitespaces. |
redis_password | ITENTIAL_REDIS_PASSWORD | string | The password to use when connecting to Redis. |
redis_port | ITENTIAL_REDIS_PORT | integer | The port to use when connecting to this Redis instance. |
redis_sentinel_password | ITENTIAL_REDIS_SENTINEL_PASSWORD | string | The password to use when authenticating with a Redis Sentinel cluster |
redis_sentinel_username | ITENTIAL_REDIS_SENTINEL_USERNAME | string | The username to use when authenticating with a Redis Sentinel cluster |
redis_sentinels | ITENTIAL_REDIS_SENTINELS | json | The list of Redis Sentinel servers (hostnames and ports) to use for high availability. |
redis_tls | ITENTIAL_REDIS_TLS | json | Redis TLS configuration options for secure connections. Refer to NodeJS TLS library for all supported options. |
redis_username | ITENTIAL_REDIS_USERNAME | string | The username to use when connecting to Redis. |
server_id | ITENTIAL_SERVER_ID | string | An identifier for the server instance. This is used to uniquely identify the server in a multi-server environment. If not provided, the server will generate one on startup. |
server_id_strategy | ITENTIAL_SERVER_ID_STRATEGY | string | Strategy used to generate server ID, if one is not set using the server_id property. Selecting mac:port will generate a server_id using a combination of MAC address and port, while random will generate a random ID on each startup. |
service_blacklist | ITENTIAL_SERVICE_BLACKLIST | csv | The service type that will be denied CRUD operation access. |
service_crash_recovery_max_retries | ITENTIAL_SERVICE_CRASH_RECOVERY_MAX_RETRIES | integer | Specifies the amount of times services will retry on crash before stopping. |
service_crash_recovery_reset_retries_after_ms | ITENTIAL_SERVICE_CRASH_RECOVERY_RESET_RETRIES_AFTER_MS | integer | Specifies the amount of times between each retry before the count will reset in milliseconds. |
service_directory | ITENTIAL_SERVICE_DIRECTORY | string | The file path to the directory containing additional services (applications and adapters). |
service_health_check_interval | ITENTIAL_SERVICE_HEALTH_CHECK_INTERVAL | integer | How often to update service health, measured in seconds. |
service_health_check_unhealthy_threshold | ITENTIAL_SERVICE_HEALTH_CHECK_UNHEALTHY_THRESHOLD | integer | The number of failed health checks in a row before a service is considered to be “unhealthy”. |
service_launch_delay | ITENTIAL_SERVICE_LAUNCH_DELAY | integer | The application/adapter launch delay, in seconds. |
service_launch_timeout | ITENTIAL_SERVICE_LAUNCH_TIMEOUT | integer | The application/adapter launch timeout, in seconds. |
services | ITENTIAL_SERVICES | csv | A whitelist of services (applications/adapters) to initialize on startup of the platform. If no value is given, all services will be initialized. |
snmp_alarm_configs | ITENTIAL_SNMP_ALARM_CONFIGS | json | Remote SNMP destination configuration objects. |
syslog_app_name | ITENTIAL_SYSLOG_APP_NAME | string | The process property to include as the application name in the syslog message. |
syslog_eol | ITENTIAL_SYSLOG_EOL | string | The end of line character to include in the syslog message. |
syslog_facility | ITENTIAL_SYSLOG_FACILITY | string | The syslog facility to use when sending logs to the syslog server. |
syslog_host | ITENTIAL_SYSLOG_HOST | string | The hostname or IP address of the syslog server. |
syslog_localhost | ITENTIAL_SYSLOG_LOCALHOST | string | The hostname to include in the syslog message. |
syslog_path | ITENTIAL_SYSLOG_PATH | string | The path to the syslog server file. |
syslog_pid | ITENTIAL_SYSLOG_PID | string | The process property to include as the process id in the syslog message. |
syslog_port | ITENTIAL_SYSLOG_PORT | integer | The port number of the syslog server. |
syslog_protocol | ITENTIAL_SYSLOG_PROTOCOL | string | The protocol to use when sending logs to the syslog server. |
syslog_type | ITENTIAL_SYSLOG_TYPE | string | The syslog message format to use when sending logs to the syslog server. |
task_worker_enabled | ITENTIAL_TASK_WORKER_ENABLED | boolean | If true, will start working tasks immediately after the server startup process is complete. If false, the task worker must be enabled manually via the UI/API. |
ui_apple_touch_icon_file | ITENTIAL_UI_APPLE_TOUCH_ICON_FILE | string | Path to the apple touch icon file that will be displayed on iOS devices. |
ui_favicon_file | ITENTIAL_UI_FAVICON_FILE | string | Path to the favicon file that will be displayed in the browser tab. |
ui_home_file | ITENTIAL_UI_HOME_FILE | string | Path to the HTML file that will be displayed as the home page for the UI. |
ui_layout_file | ITENTIAL_UI_LAYOUT_FILE | string | Path to the layout file extended in pug templates. |
ui_login_file | ITENTIAL_UI_LOGIN_FILE | string | Path to the HTML file that will be displayed as the login page for the UI. |
ui_profile_file | ITENTIAL_UI_PROFILE_FILE | string | Path to the HTML file that will be displayed as the profile page for the UI. |
vault_approle_path | ITENTIAL_VAULT_APPROLE_PATH | string | The path where the AppRole was enabled. |
vault_auth_method | ITENTIAL_VAULT_AUTH_METHOD | string | The authorization method to connect to Hashicorp Vault. Either token or approle. |
vault_read_only | ITENTIAL_VAULT_READ_ONLY | boolean | If true, only reads secrets from Hashicorp Vault. Otherwise, the platform can write secrets to Vault for storage. |
vault_role_id | ITENTIAL_VAULT_ROLE_ID | string | Hashicorp Vault Role ID used for AppRole authentication. |
vault_secret_id | ITENTIAL_VAULT_SECRET_ID | string | Hashicorp Vault Secret ID used for AppRole login. |
vault_secrets_endpoint | ITENTIAL_VAULT_SECRETS_ENDPOINT | string | The endpoint for the Secrets Engine that is used. |
vault_token | ITENTIAL_VAULT_TOKEN | string | The file path to a token file. The token is used for authentication to access Vault secrets. |
vault_url | ITENTIAL_VAULT_URL | string | The URL to the Hashicorp Vault server. |
webserver_cache_control_enabled | ITENTIAL_WEBSERVER_CACHE_CONTROL_ENABLED | boolean | A toggle to instruct the webserver to include HTTP cache control headers on the response. |
webserver_http_allowed_optional_verbs | ITENTIAL_WEBSERVER_HTTP_ALLOWED_OPTIONAL_VERBS | csv | The set of allowed HTTP verbs in addition to those defined in the standard HTTP/1.1 protocol. |
webserver_http_enabled | ITENTIAL_WEBSERVER_HTTP_ENABLED | boolean | If true, allows the webserver to respond to insecure HTTP requests. |
webserver_http_port | ITENTIAL_WEBSERVER_HTTP_PORT | integer | The port on which the webserver listens for HTTP requests. |
webserver_https_cert | ITENTIAL_WEBSERVER_HTTPS_CERT | string | The path to the certificate file used for HTTPS connections. |
webserver_https_ciphers | ITENTIAL_WEBSERVER_HTTPS_CIPHERS | string | The allowed SSL/TLS cipher suite. |
webserver_https_client_reneg_limit | ITENTIAL_WEBSERVER_HTTPS_CLIENT_RENEG_LIMIT | integer | Specifies the number of renegotiations that are allowed in a single HTTPS connection. |
webserver_https_client_reneg_window | ITENTIAL_WEBSERVER_HTTPS_CLIENT_RENEG_WINDOW | integer | Specifies the time renegotiation window in seconds for a single HTTPS connection. |
webserver_https_enabled | ITENTIAL_WEBSERVER_HTTPS_ENABLED | boolean | If true, allows the webserver to respond to secure HTTPS requests. |
webserver_https_key | ITENTIAL_WEBSERVER_HTTPS_KEY | string | The path to the public key file used for HTTPS connections. |
webserver_https_passphrase | ITENTIAL_WEBSERVER_HTTPS_PASSPHRASE | string | The passphrase for the private key used to enable TLS sessions. |
webserver_https_port | ITENTIAL_WEBSERVER_HTTPS_PORT | integer | The port on which the webserver listens for HTTPS requests. |
webserver_https_secure_protocol | ITENTIAL_WEBSERVER_HTTPS_SECURE_PROTOCOL | string | The set of allowed SSL/TLS protocol versions. |
webserver_log_directory | ITENTIAL_WEBSERVER_LOG_DIRECTORY | string | The absolute directory path where webserver log files are written. |
webserver_log_filename | ITENTIAL_WEBSERVER_LOG_FILENAME | string | The name of the webserver log file. |
webserver_response_header_access_control_allow_origin | ITENTIAL_WEBSERVER_RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN | string | The value of the HTTP Access-Control-Allow-Origin header returned to clients. |
webserver_timeout | ITENTIAL_WEBSERVER_TIMEOUT | integer | Timeout to use for incoming HTTP requests to the platform API, in milliseconds. |
See related articles on: