Platform Environment Variables

Prev Next

All Itential Platform configuration, including profile properties and service config properties can be set using environment variables in Platform 6. Details on each Platform property and its corresponding environment variable are referenced below.

Platform Property Environment Variable Type Description
audit_enabled ITENTIAL_AUDIT_ENABLED boolean If true, the platform will track detailed audit events.
auth_admin_groups ITENTIAL_AUTH_ADMIN_GROUPS json Members of these groups will be implicitly assigned with admin permissions.
auth_broker_principal_enabled ITENTIAL_AUTH_BROKER_PRINCIPAL_ENABLED boolean Enables a AAA adapter to custom build the principal object for a user with a "buildPrincipal" method.
auth_relay_state_ttl ITENTIAL_AUTH_RELAY_STATE_TIMEOUT integer The time in seconds before the RelayState from sso expires.
auth_session_cookie_name ITENTIAL_AUTH_SESSION_COOKIE_NAME string The name of the cookie used for a user session.
auth_session_ttl ITENTIAL_AUTH_SESSION_TTL integer The time in minutes before a user session expires.
auth_unique_sessions_enabled ITENTIAL_AUTH_UNIQUE_SESSIONS_ENABLED boolean If true, logs out existing sessions for a user when they log in with a new session.
broker_validation_enabled ITENTIAL_BROKER_VALIDATION_ENABLED boolean If true, the platform will perform strict JSON Schema validation on messages into the brokers and coming back to the broker layer from adapters.
cyberark_url ITENTIAL_CYBERARK_URL string The URL to the CyberArk Central Credential Provider.
cyberark_app_id ITENTIAL_CYBERARK_APP_ID string Specifies the unique ID of the application issuing the password request to CyberArk CCP.
Used by CyberArk CCP only.
cyberark_allow_invalid_certificates ITENTIAL_CYBERARK_ALLOW_INVALID_CERTIFICATES boolean If true, disables TLS certificate validation and allows connections using invalid or self-signed certificates.
Used by CyberArk CCP only.
cyberark_ca ITENTIAL_CYBERARK_CA string The .pem file containing the root certificate chain from the Certificate Authority. Specify using absolute file path.
Used by CyberArk CCP only.
cyberark_key ITENTIAL_CYBERARK_KEY string The certificate key file location. Specify using absolute file paths.
Used by CyberArk CCP only.
cyberark_certificate ITENTIAL_CYBERARK_CERTIFICATE string The .pem file that contains the client certificate. Specify the file name using absolute paths.
Used by CyberArk CCP only.
cyberark_connection_timeout ITENTIAL_CYBERARK_CONNECTION_TIMEOUT integer The number of seconds that the Central Credential Provider will try to retrieve the secret value.
Used by CyberArk CCP only.
cyberark_reason_text ITENTIAL_CYBERARK_REASON_TEXT string Set this property to specify the reason for password retrieval, which will appear in CyberArk Credential Provider's audit log.
Used by CyberArk CCP only.
dead_process_check_enabled ITENTIAL_DEAD_PROCESS_CHECK_ENABLED boolean If true, the platform will periodically check for dead processes.
dead_process_check_interval ITENTIAL_DEAD_PROCESS_CHECK_INTERVAL integer How often to check if an application/adapter stopped sending healthcheck pings (dead process), in seconds.
dead_process_max_period ITENTIAL_DEAD_PROCESS_MAX_PERIOD integer Maximum time period for application/adapter without sending healthcheck ping, in seconds.
default_user_enabled ITENTIAL_DEFAULT_USER_ENABLED boolean Enables a default user to be used for login when SSO is not configured and no AAA Adapter exists.
default_user_password ITENTIAL_DEFAULT_USER_PASSWORD string The password of the default user.
default_user_username ITENTIAL_DEFAULT_USER_USERNAME string The username of the default user.
device_broker_default_adapter_priority ITENTIAL_DEVICE_BROKER_DEFAULT_ADAPTER_PRIORITY csv A list of adapter types that manages the devices.
device_broker_run_command_adapter_preference ITENTIAL_DEVICE_BROKER_RUN_COMMAND_ADAPTER_PREFERENCE string Runs a command on a device.
device_count_polling_interval ITENTIAL_DEVICE_COUNT_POLLING_INTERVAL integer The interval for how often the platform polls for the number of devices, in hours.
encryption_key ITENTIAL_ENCRYPTION_KEY string 64-length hex string describing a 256 bit encryption key
external_request_timeout ITENTIAL_EXTERNAL_REQUEST_TIMEOUT integer The timeout for external API requests, in seconds.
integration_thread_count ITENTIAL_INTEGRATION_THREAD_COUNT integer The number of threads available for API requests.
integration_timeout ITENTIAL_INTEGRATION_TIMEOUT integer The number of milliseconds until an integration request times out.
job_worker_enabled ITENTIAL_JOB_WORKER_ENABLED boolean If true, will allow jobs to be started after the server startup process is complete. If false, API calls to start Jobs will return an error until enabled manually via the UI/API.
log_directory ITENTIAL_LOG_DIRECTORY string The absolute directory path where log files are written.
log_filename ITENTIAL_LOG_FILENAME string The name of the primary platform log file.
log_level ITENTIAL_LOG_LEVEL string The minimum log level to display in the log file.
log_level_console ITENTIAL_LOG_LEVEL_CONSOLE string The minimum log level to display in the console (stdout).
log_level_syslog ITENTIAL_LOG_LEVEL_SYSLOG string The minimum log level to send to the syslog server.
log_max_file_size ITENTIAL_LOG_MAX_FILE_SIZE integer The maximum file size in bytes of each log file before rotation occurs.
log_max_files ITENTIAL_LOG_MAX_FILES integer The maximum number of each log file to keep as rotation occurs.
mongo_auth_db ITENTIAL_MONGO_AUTH_DB string The name of the database that the MongoDB user must authenticate against.
mongo_auth_enabled ITENTIAL_MONGO_AUTH_ENABLED boolean Instructs the MongoDB driver to use the configured username/password when connecting to MongoDB.
mongo_bypass_version_check ITENTIAL_MONGO_BYPASS_VERSION_CHECK boolean If true, the server will not check if it is connecting to a compatible MongoDB version.
mongo_db_name ITENTIAL_MONGO_DB_NAME string The name of the MongoDB logical database to connect to.
mongo_max_idle_time_ms ITENTIAL_MONGO_MAX_IDLE_TIME_MS integer The maximum number of milliseconds that a connection can remain idle in the pool. Set to 0 for no limit.
mongo_max_pool_size ITENTIAL_MONGO_MAX_POOL_SIZE integer The maximum number of connections in a connection pool. Each application/adapter has its own connection pool.
mongo_password ITENTIAL_MONGO_PASSWORD string The password to use when connecting to MongoDB.
mongo_ssl_accept_invalid_certs ITENTIAL_MONGO_SSL_ACCEPT_INVALID_CERTS boolean Deprecated in favor of the mongo_tls_allow_invalid_certificates property.
mongo_ssl_ca_file ITENTIAL_MONGO_SSL_CA_FILE string Deprecated in favor of the mongo_tls_ca_file property.
mongo_ssl_enabled ITENTIAL_MONGO_SSL_ENABLED boolean Deprecated in favor of the mongo_tls_enabled property.
mongo_tls_allow_invalid_certificates ITENTIAL_MONGO_TLS_ALLOW_INVALID_CERTIFICATES boolean If true, disables the validation checks for TLS certificates on other servers in the cluster and allows the use of invalid or self-signed certificates to connect.
mongo_tls_ca_file ITENTIAL_MONGO_TLS_CA_FILE string The .pem file that contains the root certificate chain from the Certificate Authority. Specify the file name of the .pem file using absolute paths.
mongo_tls_enabled ITENTIAL_MONGO_TLS_ENABLED boolean Instruct the MongoDB driver to use TLS protocols when connecting to the database.
mongo_url ITENTIAL_MONGO_URL string The MongoDB connection string. For a replica set this will include all members of the replica set. For Mongo Atlas this will be the SRV connection format.
mongo_user ITENTIAL_MONGO_USER string The username to use when connecting to MongoDB.
platform_encrypted ITENTIAL_PLATFORM_ENCRYPTED boolean Indicates whether the platform is using encrypted code files.
platform_shutdown_timeout ITENTIAL_PLATFORM_SHUTDOWN_TIMEOUT integer The amount of time a service should wait before shutting down, in seconds.
profile_id ITENTIAL_PROFILE_ID string The name of the profile document to load from the MongoDB where legacy configuration properties are stored. Not required for installations that are using environment variables or a properties file.
redis_connect_timeout ITENTIAL_REDIS_CONNECT_TIMEOUT integer The maximum time in milliseconds to wait for initial Redis connection before timing out. If not set, defaults to 30000ms (30 seconds).
redis_db ITENTIAL_REDIS_DB integer The Redis keyspace (database number) to use for the connection.
redis_host ITENTIAL_REDIS_HOST string The hostname of the Redis server. Not used when connecting to Redis Sentinels.
redis_max_heartbeat_write_retries ITENTIAL_REDIS_MAX_HEARTBEAT_WRITE_RETRIES integer The maximum number of times to retry writing a heartbeat message to Redis from a service.
redis_max_retries_per_request ITENTIAL_REDIS_MAX_RETRIES_PER_REQUEST integer The maximum number of times to retry a request to Redis when the connection is lost.
redis_name ITENTIAL_REDIS_NAME string The Redis primary name. This only has meaning when Redis is running with replication enabled. The sentinels will monitor this node and consider it down only when the sentinels agree. Note: The primary name should not include special characters other than: .-_ and no whitespaces.
redis_password ITENTIAL_REDIS_PASSWORD string The password to use when connecting to Redis.
redis_port ITENTIAL_REDIS_PORT integer The port to use when connecting to this Redis instance.
redis_sentinel_password ITENTIAL_REDIS_SENTINEL_PASSWORD string The password to use when authenticating with a Redis Sentinel cluster
redis_sentinel_username ITENTIAL_REDIS_SENTINEL_USERNAME string The username to use when authenticating with a Redis Sentinel cluster
redis_sentinels ITENTIAL_REDIS_SENTINELS json The list of Redis Sentinel servers (hostnames and ports) to use for high availability.
redis_tls ITENTIAL_REDIS_TLS json Redis TLS configuration options for secure connections. Refer to NodeJS TLS library for all supported options.
redis_username ITENTIAL_REDIS_USERNAME string The username to use when connecting to Redis.
server_id ITENTIAL_SERVER_ID string An identifier for the server instance. This is used to uniquely identify the server in a multi-server environment. If not provided, the server will generate one on startup.
server_id_strategy ITENTIAL_SERVER_ID_STRATEGY string Strategy used to generate server ID, if one is not set using the server_id property. Selecting mac:port will generate a server_id using a combination of MAC address and port, while random will generate a random ID on each startup.
service_blacklist ITENTIAL_SERVICE_BLACKLIST csv The service type that will be denied CRUD operation access.
service_crash_recovery_max_retries ITENTIAL_SERVICE_CRASH_RECOVERY_MAX_RETRIES integer Specifies the amount of times services will retry on crash before stopping.
service_crash_recovery_reset_retries_after_ms ITENTIAL_SERVICE_CRASH_RECOVERY_RESET_RETRIES_AFTER_MS integer Specifies the amount of times between each retry before the count will reset in milliseconds.
service_directory ITENTIAL_SERVICE_DIRECTORY string The file path to the directory containing additional services (applications and adapters).
service_health_check_interval ITENTIAL_SERVICE_HEALTH_CHECK_INTERVAL integer How often to update service health, measured in seconds.
service_health_check_unhealthy_threshold ITENTIAL_SERVICE_HEALTH_CHECK_UNHEALTHY_THRESHOLD integer The number of failed health checks in a row before a service is considered to be “unhealthy”.
service_launch_delay ITENTIAL_SERVICE_LAUNCH_DELAY integer The application/adapter launch delay, in seconds.
service_launch_timeout ITENTIAL_SERVICE_LAUNCH_TIMEOUT integer The application/adapter launch timeout, in seconds.
services ITENTIAL_SERVICES csv A whitelist of services (applications/adapters) to initialize on startup of the platform. If no value is given, all services will be initialized.
snmp_alarm_configs ITENTIAL_SNMP_ALARM_CONFIGS json Remote SNMP destination configuration objects.
syslog_app_name ITENTIAL_SYSLOG_APP_NAME string The process property to include as the application name in the syslog message.
syslog_eol ITENTIAL_SYSLOG_EOL string The end of line character to include in the syslog message.
syslog_facility ITENTIAL_SYSLOG_FACILITY string The syslog facility to use when sending logs to the syslog server.
syslog_host ITENTIAL_SYSLOG_HOST string The hostname or IP address of the syslog server.
syslog_localhost ITENTIAL_SYSLOG_LOCALHOST string The hostname to include in the syslog message.
syslog_path ITENTIAL_SYSLOG_PATH string The path to the syslog server file.
syslog_pid ITENTIAL_SYSLOG_PID string The process property to include as the process id in the syslog message.
syslog_port ITENTIAL_SYSLOG_PORT integer The port number of the syslog server.
syslog_protocol ITENTIAL_SYSLOG_PROTOCOL string The protocol to use when sending logs to the syslog server.
syslog_type ITENTIAL_SYSLOG_TYPE string The syslog message format to use when sending logs to the syslog server.
task_worker_enabled ITENTIAL_TASK_WORKER_ENABLED boolean If true, will start working tasks immediately after the server startup process is complete. If false, the task worker must be enabled manually via the UI/API.
ui_apple_touch_icon_file ITENTIAL_UI_APPLE_TOUCH_ICON_FILE string Path to the apple touch icon file that will be displayed on iOS devices.
ui_favicon_file ITENTIAL_UI_FAVICON_FILE string Path to the favicon file that will be displayed in the browser tab.
ui_home_file ITENTIAL_UI_HOME_FILE string Path to the HTML file that will be displayed as the home page for the UI.
ui_layout_file ITENTIAL_UI_LAYOUT_FILE string Path to the layout file extended in pug templates.
ui_login_file ITENTIAL_UI_LOGIN_FILE string Path to the HTML file that will be displayed as the login page for the UI.
ui_profile_file ITENTIAL_UI_PROFILE_FILE string Path to the HTML file that will be displayed as the profile page for the UI.
vault_approle_path ITENTIAL_VAULT_APPROLE_PATH string The path where the AppRole was enabled.
vault_auth_method ITENTIAL_VAULT_AUTH_METHOD string The authorization method to connect to Hashicorp Vault. Either token or approle.
vault_read_only ITENTIAL_VAULT_READ_ONLY boolean If true, only reads secrets from Hashicorp Vault. Otherwise, the platform can write secrets to Vault for storage.
vault_role_id ITENTIAL_VAULT_ROLE_ID string Hashicorp Vault Role ID used for AppRole authentication.
vault_secret_id ITENTIAL_VAULT_SECRET_ID string Hashicorp Vault Secret ID used for AppRole login.
vault_secrets_endpoint ITENTIAL_VAULT_SECRETS_ENDPOINT string The endpoint for the Secrets Engine that is used.
vault_token ITENTIAL_VAULT_TOKEN string The file path to a token file. The token is used for authentication to access Vault secrets.
vault_url ITENTIAL_VAULT_URL string The URL to the Hashicorp Vault server.
webserver_cache_control_enabled ITENTIAL_WEBSERVER_CACHE_CONTROL_ENABLED boolean A toggle to instruct the webserver to include HTTP cache control headers on the response.
webserver_http_allowed_optional_verbs ITENTIAL_WEBSERVER_HTTP_ALLOWED_OPTIONAL_VERBS csv The set of allowed HTTP verbs in addition to those defined in the standard HTTP/1.1 protocol.
webserver_http_enabled ITENTIAL_WEBSERVER_HTTP_ENABLED boolean If true, allows the webserver to respond to insecure HTTP requests.
webserver_http_port ITENTIAL_WEBSERVER_HTTP_PORT integer The port on which the webserver listens for HTTP requests.
webserver_https_cert ITENTIAL_WEBSERVER_HTTPS_CERT string The path to the certificate file used for HTTPS connections.
webserver_https_ciphers ITENTIAL_WEBSERVER_HTTPS_CIPHERS string The allowed SSL/TLS cipher suite.
webserver_https_client_reneg_limit ITENTIAL_WEBSERVER_HTTPS_CLIENT_RENEG_LIMIT integer Specifies the number of renegotiations that are allowed in a single HTTPS connection.
webserver_https_client_reneg_window ITENTIAL_WEBSERVER_HTTPS_CLIENT_RENEG_WINDOW integer Specifies the time renegotiation window in seconds for a single HTTPS connection.
webserver_https_enabled ITENTIAL_WEBSERVER_HTTPS_ENABLED boolean If true, allows the webserver to respond to secure HTTPS requests.
webserver_https_key ITENTIAL_WEBSERVER_HTTPS_KEY string The path to the public key file used for HTTPS connections.
webserver_https_passphrase ITENTIAL_WEBSERVER_HTTPS_PASSPHRASE string The passphrase for the private key used to enable TLS sessions.
webserver_https_port ITENTIAL_WEBSERVER_HTTPS_PORT integer The port on which the webserver listens for HTTPS requests.
webserver_https_secure_protocol ITENTIAL_WEBSERVER_HTTPS_SECURE_PROTOCOL string The set of allowed SSL/TLS protocol versions.
webserver_log_directory ITENTIAL_WEBSERVER_LOG_DIRECTORY string The absolute directory path where webserver log files are written.
webserver_log_filename ITENTIAL_WEBSERVER_LOG_FILENAME string The name of the webserver log file.
webserver_response_header_access_control_allow_origin ITENTIAL_WEBSERVER_RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN string The value of the HTTP Access-Control-Allow-Origin header returned to clients.
webserver_timeout ITENTIAL_WEBSERVER_TIMEOUT integer Timeout to use for incoming HTTP requests to the platform API, in milliseconds.
See related articles on: