Environment variables are exposed in the Docker images. If you do not set the environment variable, the default values are used. The following tables list the environment variables for ASE, ABS, Dashboard, and MongoDB.
Environment | Value | Usage |
MODE
|
inline/sideband
|
ASE can be deployed either in inline mode or sideband mode. For more information, see the ASE admin guide. |
TIMEZONE |
string |
Set the timezone of ASE to either local or
UTC . Default value is local .Note: Make
sure TIMEZONE is set to the same value in ASE, ABS, and Dashboard.
|
ENABLE_CLUSTER
|
true/false
|
Set the value to true to enable ASE
cluster. |
ENABLE_ABS
|
true/false
|
Set the value to true to enable ABS. |
PEER_NODE
|
<IP or hostname>:port
|
ASE cluster peer node's IP address and port number |
ASE_SECRET_KEY |
string |
Set the value of the ASE secret key. Note: ASE access key cannot be
changed. Its value always remains admin . |
ABS_ENDPOINT
|
<IP or hostname>:port
|
IP address or host name of the ABS endpoint |
ABS_ACCESS_KEY
|
string
|
Access key to connect to ABS |
ABS_SECRET_KEY
|
string
|
Secret key to connect to ABS |
ADMIN_LOG_LEVEL |
1-5 |
1-5 (FATAL, ERROR, WARNING, INFO, DEBUG) |
ENABLE_SIDEBAND_AUTHENTICATION |
true/false |
Enable client side authentication. This setting is applicable only in sideband mode. Once enabled, ASE authenticates requests using ASE authentication tokens. |
ENABLE_SIDEBAND_KEEPALIVE |
true/false |
Set the value to true to enable connection keepalive
for requests from gateway to ASE. This configuration is applicable only in
sideband mode. |
ENABLE_ASE_HEALTH |
true/false |
Set the value to true to enable ASE health check
module. |
ENABLE_GOOGLE_PUBSUB |
true/false |
Google Pub/Sub configuration |
GOOGLE_PUBSUB_TOPIC |
string |
|
GOOGLE_PUBSUB_CONCURRENCY |
number |
Number of concurrent connections to Google Pub/Sub Minimum: 1, Default: 1000, Maximum: 1024 |
GOOGLE_PUBSUB_QPS |
number |
Number of messages published per second. Minimum: 1, Default: 1000, Maximum: 10000 |
GOOGLE_PUBSUB_APIKEY |
string |
Google service account API key (Optional) |
CACHE_QUEUE_SIZE |
number |
Maximum number of messages buffered in memory. If queue is full, messages
are written to Minimum: 1, Default: 300, Maximum: 10000 |
GOOGLE_PUBSUB_TIMEOUT |
number |
Timeout in seconds to publish a message to Google Pub/Sub. Minimum: 10, Default: 30, Maximum: 300 |
Environment | Value | Usage |
MONGO_RS
|
<IP or hostname>:port
|
MongoDB replica set IP address or host name and port. |
MONGO_USERNAME
|
string
|
MongoDB username |
MONGO_PASSWORD
|
string
|
MongoDB password |
HOST_IP |
IP or hostname |
If you have multiple network interfaces or if you are running inside a Docker, specify the externally visible IP address for ABS to bind |
ABS_LOG_LEVEL |
string |
Log levels (ALL > DEBUG > INFO > WARN > ERROR > FATAL > OFF) Default is INFO |
MONGO_SSL |
true/false |
Set to true if MongoDB instance is configured in SSL mode. By default, ABS will try to connect to MongoDB using non-SSL connection. Default is false |
IS_DASHBOARD_NODE |
true/false |
Setting as true makes an ABS node for dashboard engine query only and does not participate in ABS cluster for log processing |
ENABLE_EMAILS |
true/false |
Enable (true) or disable (false) ABS email notifications. |
SENDER_EMAIL |
string |
Email address used for sending email alerts and reports. |
SENDER_EMAIL_PASSWORD |
string |
Password of sender's email account. Note: You can leave this field blank
if your SMTP server does not require authentication. |
RECEIVER_EMAIL |
string |
Email address notified about alerts and reports. If you want more than one person to be notified, use an email alias. |
ABS_CLI_ADMIN_PASSWORD |
string |
Set the ABS CLI admin password. |
ABS_JKS_PASSWORD |
string |
Set the ABS Java keystore password. |
MONGO_CERTIFICATE_VERIFY |
true/false |
Set to true if you want to enable verification of MongoDB SSL server certificate. By default, ABS will try to connect to MongoDB without verifying SSL connection. Default is false |
TIMEZONE |
string |
Set the timezone of ABS to either local or
UTC . Default value is local .Note: Make
sure TIMEZONE is set to the same value in ASE, ABS, and Dashboard.
|
Environment | Value | Usage |
POC_MODE |
string |
Sets the mode in which ABS trains its API models. Set it to
true for running ABS in POC mode. For more information,
seeABS POC mode |
ABS_ACCESS_KEY
|
string
|
The access key for the ABS admin user. For more information, see ABS users |
ABS_SECRET_KEY
|
string
|
The secret key for the ABS admin user. For more information, see ABS users |
ABS_ACCESS_KEY_RU
|
string
|
The access key for the restricted user. For more information on restricted user, see ABS users. |
ABS_SECRET_KEY_RU
|
string
|
The secret key for the restrict ired user. For more information on restricted user, see ABS users. |
MONGO_USERNAME
|
string
|
MongoDB username |
MONGO_PASSWORD
|
string
|
MongoDB password |
MUTLI_NODE_REPLICA_SET |
string |
Set it to true if you wan to run multiple MongoDB nodes
in MongoDB replica set. The default value is false . If you
have set to it to true , then manually add MongoDB nodes
into replica set. Run abs_init.js script from the primary
MongoDB node. |
ATTACK_INITIAL_TRAINING
|
integer
|
The attack training period |
ATTACK_UPDATE_INTERVAL
|
integer
|
Attack threshold uphold interval |
API_DISCOVERY
|
true/false
|
Set the value to true to enable API discovery in ABS. For ABS to discover APIs, a global API JSON must be configured in ASE. For more information, see API discovery and configuration. |
API_DISCOVERY_INITIAL_PERIOD
|
integer
|
The initial period set in hours in which ABS has to be discover APIs. It is a good practice to keep the API discovery interval period less than the initial attack training interval. |
API_DISCOVERY_UPDATE_INTERVAL
|
integer
|
The time period in hours in which ABS reports the newly discovered APIs |
API_DISCOVERY_SUBPATH
|
integer
|
The number of subpaths that are discovered in an API. The maximum value is 3. |
WIRED_TIGER_CACHE_SIZE_GB
|
float
|
Memory in GB to be used by MongoDB cache. |
MONGO_SSL |
string |
Configures whether MongoDB uses SSL. Default values is false. |
Environment | Value | Usage |
DISCOVERY_SOURCE |
string |
Source of API discovery. Values can be abs ,
pingaccess , or axway . |
PINGACCESS_URL |
string |
URL of PingAccess if you set the discovery source as
pingaccess . |
PINGACCESS_USERNAME |
string |
PingAccess username for API discovery. |
PINGACCESS_PASSWORD |
string |
PingAccess password for API discovery. |
AXWAY_URL |
string |
URL of Axway if you set the discovery source as axway .
|
AXWAY_USERNAME |
string |
Axway username for API discovery. |
AXWAY_PASSWORD |
string |
Axway username for API discovery. |
DISCOVERY_MODE |
string |
Mode in which Dashboard publishes APIs to ASE. Values can be
auto or manual . For more information,
see Discovered APIs |
DISCOVERY_MODE_AUTO_POLLING_INTERVAL |
integer |
If the DISCOVERY_MODE is set as auto ,
set the polling interval at which Dashboard polls the discovery source for
APIs. It is recommended to have minimum value of 10-minutes. |
DISCOVERY_MODE_AUTO_DELETE_NON_DISCOVERED_APIS |
string |
If the DISCOVERY_MODE is set as auto ,
you can choose to retain to delete APIs in ASE which are added manually. Set
it to true , if you want to delete the APIs that are
manually added in ASE. |
ASE_MODE |
string |
Sets the mode in which ASE is deployed. Values can be either
inline or sideband . Make sure this
value is same as that set in ASE. |
ABS_ACCESS_KEY
|
string
|
The access key for the ABS admin user. For more information, see ABS users |
ABS_SECRET_KEY
|
string
|
The secret key for the ABS admin user. For more information, see ABS users |
ABS_HOST
|
string
|
IP address of ABS host |
ENABLE_XPACK
|
string
|
Configures whether x-pack is installed. Default value is
true . If the variable is set to false ,
the Web GUI protocol should be HTTP. |
ENABLE_SYSLOG
|
string
|
Configures whether Dashboard sends syslog messages to the syslog server.
The default value is false .Important:
ENABLE_SYSLOG and ENABLE_UI both cannot
be false at the same time.When |
ABS_RESTRICTED_USER_ACCESS
|
true/false
|
Set to true if you want to use ABS restricted user. For more information on restricted user, see ABS users. |
ABS_URL |
string |
The URL should be in the form of |
ASE_URL |
string |
The URL should be in the form of |
ASE_ACCESS_KEY |
string |
Access key of the ASE admin user |
ASE_SECRET_KEY |
string |
Secret key of the ASE admin user |
DASHBOARD_URL |
string |
The URL should be in the form of
|
H2_DB_PASSWORD |
string |
Password for H2 database |
H2_DB_ENCRYPTION_PASSWORD |
string |
Password to change encryption method of H2 database |
WEBGUI_ADMIN_PASSWORD |
string |
Password for admin user of Web GUI |
WEBGUI_PING_USER_PASSWORD |
string |
Password for ping_user of Web GUI |
SESSION_MAX_AGE |
6h |
Defines the maximum time for a session. The configured values should be
in the form of <number><duration_suffix> . Duration
should be > 0. Allowed duration_suffix values:
m for minutes, h for hours, and
d for days. |
MAX_ACTIVE_SESSIONS |
50 | Defines the maximum number of active UI sessions at any given time. The value should be greater than 1. |
WEBGUI_SSL_KEYSTORE_PASSWORD |
string |
|
AUTHENTICATION_MODE |
native or sso |
Set the value to sso to authenticate Dashboard with
PingFedereate |
SSO_OIDC_CLIENT_ID |
string |
Client ID value in configured in the Identity provider. |
SSO_OIDC_CLIENT_SECRET |
string |
Client Secret configured for the corresponding Client ID. |
SSO_OIDC_CLIENT_AUTHENTICATION_METHOD |
BASIC, POST, and NONE |
OIDC Client authentication mode. The valid values are BASIC, POST, or NONE |
SSO_OIDC_PROVIDER_ISSUER_URI |
string |
PingFederate URI that is required by webgui to establish SSO. The
default value is https://127.0.0.1:9031 . Note: PingIntelligence Dashboard Docker image can be generated by packaging it
with PingFederate public certificate. For doing this the certificate
needs to be placed in certs/webgui directory with
the name
webgui-sso-oidc-provider.crt. |
SSO_OIDC_PROVIDER_USER_UNIQUEID_CLAIM_NAME |
string |
Claim name for unique ID of the user in UserInfo response. A new user is provisioned using this unique ID value. |
SSO_OIDC_PROVIDER_USER_FIRST_NAME_CLAIM_NAME |
string |
Claim name for first name of the user in UserInfo response. Either first name or last name can be empty, but both should not be empty. |
SSO_OIDC_PROVIDER_USER_LAST_NAME_CLAIM_NAME |
string |
Claim name for last name of the user in UserInfo response. Either first name or last name can be empty, but both should not be empty |
SSO_OIDC_PROVIDER_USER_ROLE_CLAIM_NAME |
string |
Claim name for role of the user in UserInfo response. Valid values for
roles are ADMIN and REGULAR . |
SSO_OIDC_PROVIDER_CLIENT_ADDITIONAL_SCOPES |
string |
Additional scopes in authorization request. Multiple scopes should be comma (,) separated values. OpenID, profile scopes are always requested. |
TIMEZONE |
string |
Set the timezone of Dashbord to either local or
UTC . Default value is local . Note: Make
sure TIMEZONE is set to the same value in ASE, ABS, and Dashboard.
|