To use environment variables, specify a policy configuration key value in the options file using the ${variableName} notation, and then define the environment variable before starting the Policy Editor.

Example: Set policy information provider host name using an environment variable

This example takes the scenario in Example: Configure policy configuration keys and modifies it to specify the Consent API host name at runtime using an environment variable.

To specify the host name using an environment variable:

  1. Make a copy of the default options file.
    $ cp config/options.yml my-options.yml
  2. Edit the new options file and define a policy configuration key in the core section called ConsentHostname. Instead of hard-coding its value, specify a variable called CONSENT_HOSTNAME.
    core:
      ConsentHostname: ${CONSENT_HOSTNAME}
    # Other options omitted for brevity...
  3. Stop the GUI server.
    $ bin/stop-server
  4. Run setup using the --optionsFile argument. Customize all other options as appropriate for your needs.
    $ bin/setup demo \
      --adminUsername admin \
      --generateSelfSignedCertificate \
      --decisionPointSharedSecret pingauthorize \
      --hostname <pap-hostname> \
      --port <pap-port> \
      --adminPort <admin-port> \
      --licenseKeyFile <path-to-license> \
      --optionsFile my-options.yml
  5. Set the value of the CONSENT_HOSTNAME environment variable and then start the server.
    $ export CONSENT_HOSTNAME=consent-us-east.example.com; bin/start-server

After you define the Consent API service in the Trust Framework, you can refer to the policy configuration key that you defined in the Policy Editor configuration (ConsentHostName), which will use the environment variable that you also defined. You must first create an attribute in the Trust Framework to hold the policy configuration key value. To do so, add an attribute with the following settings.

Property Value

Name

ConsentHostname

Resolver Type

Configuration Key

Resolver Value

ConsentHostname

The following image shows the attribute in the Policy Editor.

Screen capture illustrating the ConsentHostname attribute in the Policy Editor.

When you create a service in the Trust Framework, you can refer to this attribute using the {{AttributeName}} notation. For example, where the URL https://consent-us-east.example.com/consent/v1/consents would otherwise be used, use the URL https://{{ConsentHostname}}/consent/v1/consents. The following image shows service settings using the {{AttributeName}} notation.

Screen capture illustrating attribute service settings in the Policy Editor.
To set a different host name, redefine the CONSENT_HOSTNAME environment variable and restart the server.
$ bin/stop-server
$ export CONSENT_HOSTNAME=consent-us-west.example.com; bin/start-server

Example: Set trust store details using an environment variable

This example takes the scenario in Example: Configure a trust store for a policy information provider and modifies it to specify the trust store password at runtime using an environment variable.

Given a Java KeyStore (JKS) trust store named my-ca-truststore.jks with the password password123 and a trusted root certificate with the alias my-ca, create an options file with details about the trust store. Instead of hard-coding the trust store password, specify it as an environment variable.

To specify the password as an environment variable:

  1. Make a copy of the default options file.
    $ cp config/options.yml my-options.yml
  2. To edit the new options file and define the key store details, add an item in the truststores section. Specify the password value using the ${ENVIRONMENT_VARIABLE} notation. Also, assign the password to a policy configuration key so it can be used in the Trust Framework.
    core:
      TrustStorePassword: ${TRUST_STORE_PASSWORD}
    truststores:
       - name: MyCATrustStore
         resource: /path/to/my-ca-truststore.jks
         # TRUST_STORE_PASSWORD is an environment variable
         password: ${TRUST_STORE_PASSWORD}
    # Other options omitted for brevity...
  3. Stop the Policy Editor.
    $ bin/stop-server
  4. Run setup using the --optionsFile argument. Customize all other options as appropriate for your needs.
    $ bin/setup demo \
      --adminUsername admin \
      --generateSelfSignedCertificate \
      --decisionPointSharedSecret pingauthorize \
      --hostname <pap-hostname> \
      --port <pap-port> \
      --adminPort <admin-port> \
      --licenseKeyFile <path-to-license> \
      --optionsFile my-options.yml
  5. Set the value of the TRUST_STORE_PASSWORD environment variable and start the server.
    $ export TRUST_STORE_PASSWORD=password123; bin/start-server

The policy configuration key that you defined can be used in the Trust Framework. You must first create an attribute to hold the policy configuration key value. Add an attribute with the following settings.

Property Value

Name

TrustStorePassword

Resolver Type

Configuration Key

Resolver Value

TrustStorePassword

The following image shows the attribute in the Policy Editor.

Screen capture illustrating the TrustStorePassword attribute in the Policy Editor.

After you define the policy information provider in the Trust Framework, you can refer to the trust store password using the TrustStorePassword attribute.

Screen capture illustrating the Certificate Validation field in the Policy Editor.
If you later use a trust store with a different password, you can redefine the TRUST_STORE_PASSWORD environment variable and restart the server.
$ bin/stop-server
$ export TRUST_STORE_PASSWORD=new-password; bin/start-server