Environment variables are exposed in the Docker images. If you do not set the environment variable, the default values are used. The following tables list the environment variables for ASE, ABS, Dashboard, and MongoDB.
Environment | Value | Usage |
MODE
|
inline/sideband
|
ASE can be deployed either in inline mode or sideband mode. For more information, see the ASE admin guide. |
TIMEZONE |
string |
Set the timezone of ASE to either local or
UTC . Default value is utc .Note: Make sure TIMEZONE is set to the same value in ASE, ABS, and Dashboard.
|
ENABLE_CLUSTER
|
true/false
|
Set the value to true to enable ASE
cluster. |
ENABLE_ABS
|
true/false
|
Set the value to true to enable ABS. |
PEER_NODE
|
<IP or hostname>:port
|
ASE cluster peer node's IP address and port number |
ASE_SECRET_KEY |
string |
Set the value of the ASE secret key. Note: ASE access key cannot be
changed. Its value always remains admin . |
ABS_ENDPOINT
|
<IP or hostname>:port
|
IP address or host name of the ABS endpoint |
ABS_ACCESS_KEY
|
string
|
Access key to connect to ABS |
ABS_SECRET_KEY
|
string
|
Secret key to connect to ABS |
ADMIN_LOG_LEVEL |
1-5 |
1-5 (FATAL, ERROR, WARNING, INFO, DEBUG) |
ENABLE_SIDEBAND_AUTHENTICATION |
true/false |
Enable client side authentication. This setting is applicable only in sideband mode. Once enabled, ASE authenticates requests using ASE authentication tokens. |
ENABLE_SIDEBAND_KEEPALIVE |
true/false |
Set the value to true to enable connection keepalive
for requests from gateway to ASE. This configuration is applicable only in
sideband mode. |
ENABLE_ASE_HEALTH |
true/false |
Set the value to true to enable ASE health check
module. |
ENABLE_GOOGLE_PUBSUB |
true/false |
Google Pub/Sub configuration |
GOOGLE_PUBSUB_TOPIC |
string |
|
GOOGLE_PUBSUB_CONCURRENCY |
number |
Number of concurrent connections to Google Pub/Sub Minimum: 1, Default: 1000, Maximum: 1024 |
GOOGLE_PUBSUB_QPS |
number |
Number of messages published per second. Minimum: 1, Default: 1000, Maximum: 10000 |
GOOGLE_PUBSUB_APIKEY |
string |
Google service account API key (Optional) |
CACHE_QUEUE_SIZE |
number |
Maximum number of messages buffered in memory. If queue is full, messages
are written to Minimum: 1, Default: 300, Maximum: 10000 |
GOOGLE_PUBSUB_TIMEOUT |
number |
Timeout in seconds to publish a message to Google Pub/Sub. Minimum: 10, Default: 30, Maximum: 300 |
DEPLOYMENT_TYPE |
string |
Indicates ABS deployment type to ASE. Supported values are |
GATEWAY_CREDENTIAL |
string |
The obfuscated gateway credentials that are generated at cloud portal. ASE parses these gateway credentials to get OAuth URL and URL for ABS API calls. Populate this value whenDEPLOYMENT_TYPE is set to cloud .
|
ENABLE_ABS_PUBLISH |
true/false |
Set this value to true, to allow API Security Enforcer to fetch the published API list from ABS. |
ABS_PUBLISH_REQUEST_MINUTES |
|
This value determines how often API Security Enforcer will get the published API list from ABS. |
ENABLE_STRICT_REQUEST_PARSER |
true/false |
Enable strict parsing checks for client requests.
|
Environment | Value | Usage |
MONGO_RS
|
mongodb://<IP or hostname>:<port>,<IP or
hostname>:<port>, <IP or hostname>:<port>
|
MongoDB replica set IP addresses or host names and port numbers. |
MONGO_USERNAME
|
string
|
MongoDB username |
MONGO_PASSWORD
|
string
|
MongoDB password |
ABS_LOG_LEVEL |
string |
Log levels (ALL > DEBUG > INFO > WARN > ERROR > FATAL > OFF) Default is INFO |
MONGO_SSL |
true/false |
Set to true if MongoDB instance is configured in SSL mode. By default, ABS will try to connect to MongoDB using non-SSL connection. Default is false |
IS_DASHBOARD_NODE |
true/false |
Setting as true makes an ABS node for dashboard engine query only and does not participate in ABS cluster for log processing |
ENABLE_EMAILS |
true/false |
Enable (true) or disable (false) ABS email notifications. |
SENDER_EMAIL |
string |
Email address used for sending email alerts and reports. |
SENDER_EMAIL_PASSWORD |
string |
Password of sender's email account. Note: You can leave this field blank if your SMTP server does not
require authentication. |
RECEIVER_EMAIL |
string |
Email address notified about alerts and reports. If you want more than one person to be notified, use an email alias. |
ABS_CLI_ADMIN_PASSWORD |
string |
Set the ABS CLI admin password. |
ABS_JKS_PASSWORD |
string |
Set the ABS Java keystore password. |
MONGO_CERTIFICATE_VERIFY |
true/false |
Set to true if you want to enable verification of MongoDB SSL server certificate. By default, ABS will try to connect to MongoDB without verifying SSL connection. Default is false |
TIMEZONE |
string |
Set the timezone of ABS to either local or
UTC . Default value is
utc .Note: Make sure TIMEZONE is set to the same value in ASE, ABS, and
Dashboard. |
ABS_ACCESS_KEY
|
string
|
The access key for the ABS admin user. For more information, see ABS users |
ABS_SECRET_KEY
|
string
|
The secret key for the ABS admin user. For more information, see ABS users |
ABS_ACCESS_KEY_RU
|
string
|
The access key for the restricted user. For more information on restricted user, see ABS users. |
ABS_SECRET_KEY_RU
|
string
|
The secret key for the restrict ired user. For more information on restricted user, see ABS users. |
ATTACK_INITIAL_TRAINING
|
integer
|
The attack training period |
ATTACK_UPDATE_INTERVAL
|
integer
|
Attack threshold uphold interval |
API_DISCOVERY
|
true/false
|
Set the value to true to enable API discovery in ABS. For ABS to discover APIs, a global API JSON must be configured in ASE. For more information, see API discovery and configuration. |
API_DISCOVERY_INITIAL_PERIOD
|
integer
|
The initial period set in hours in which ABS has to be discover APIs. It is a good practice to keep the API discovery interval period less than the initial attack training interval. |
API_DISCOVERY_UPDATE_INTERVAL
|
integer
|
The time period in hours in which ABS reports the newly discovered APIs |
API_DISCOVERY_SUBPATH
|
integer
|
The number of subpaths that are discovered in an API. The maximum value is 3. |
POC_MODE |
string |
Sets the mode in which ABS trains its API models. Set it to
true for running ABS in POC mode. For more
information, seeABS POC mode |
KAFKA_SERVERS |
string |
Kafka ip:port needs to be configured. |
ABS_CONSUMER_USER |
string |
ABS consumer user in Kafka |
ABS_PRODUCER_USER |
string |
ABSs producer user in Kafka |
ABS_CONSUMER_GROUP |
string |
ABS group in Kafka |
ABS_CONSUMER_PASSWORD |
string |
ABS consumer user password |
ABS_PRODUCER_PASSWORD |
string |
ABS producer user password |
KAFKA_MIN_INSYNC_REPLICA |
integer |
Number of minimum insync replicas for data in Kafka |
TRANSACTIONS_TOPIC |
string |
ABS transaction topic in Kafka |
ATTACK_TOPIC |
string |
ABS attack topic in Kafka |
ANOMALIES_TOPIC |
string |
ABS anomalies topic in Kafka |
Environment | Value | Usage |
MONGO_USERNAME
|
string
|
MongoDB username |
MONGO_PASSWORD
|
string
|
MongoDB password |
MUTLI_NODE_REPLICA_SET |
string |
Set it to true if you wan to run multiple MongoDB nodes
in MongoDB replica set. The default value is false . If you
have set to it to true , then manually add MongoDB nodes
into replica set. Run abs_init.js script from the primary
MongoDB node. |
WIRED_TIGER_CACHE_SIZE_GB
|
float
|
Memory in GB to be used by MongoDB cache. |
MONGO_SSL |
string |
Configures whether MongoDB uses SSL. Default values is false. |
MONGO_PORT |
string |
Custom port for Mongo. |
Environment | Value | Usage |
DISCOVERY_SOURCE |
string |
Source of API discovery. Values can be abs ,
pingaccess , or axway . |
PINGACCESS_URL |
string |
URL of PingAccess if you set the discovery source as
pingaccess . |
PINGACCESS_USERNAME |
string |
PingAccess username for API discovery. |
PINGACCESS_PASSWORD |
string |
PingAccess password for API discovery. |
AXWAY_URL |
string |
URL of Axway if you set the discovery source as axway .
|
AXWAY_USERNAME |
string |
Axway username for API discovery. |
AXWAY_PASSWORD |
string |
Axway username for API discovery. |
DISCOVERY_MODE |
string |
Mode in which Dashboard publishes APIs to ASE. Values can be
auto or manual . For more information,
see Discovered APIs |
DISCOVERY_MODE_AUTO_POLLING_INTERVAL |
integer |
If the DISCOVERY_MODE is set as auto ,
set the polling interval at which Dashboard polls the discovery source for
APIs. It is recommended to have minimum value of 10-minutes. |
DISCOVERY_MODE_AUTO_DELETE_NON_DISCOVERED_APIS |
string |
If the DISCOVERY_MODE is set as auto ,
you can choose to retain to delete APIs in ASE which are added manually. Set
it to true , if you want to delete the APIs that are
manually added in ASE. |
ASE_MODE |
string |
Sets the mode in which ASE is deployed. Values can be either
inline or sideband . Make sure this
value is same as that set in ASE. |
ABS_ACCESS_KEY
|
string
|
The access key for the ABS admin user. For more information, see ABS users |
ABS_SECRET_KEY
|
string
|
The secret key for the ABS admin user. For more information, see ABS users |
ABS_HOST
|
string
|
IP address of ABS host |
ENABLE_XPACK
|
string
|
Configures whether x-pack is installed. Default value is
true . If the variable is set to false ,
the Web GUI protocol should be HTTP. |
ENABLE_SYSLOG
|
string
|
Configures whether Dashboard sends syslog messages to the syslog server.
The default value is false .Important:
ENABLE_SYSLOG and ENABLE_UI both cannot
be false at the same time.When |
ABS_RESTRICTED_USER_ACCESS
|
true/false
|
Set to true if you want to use ABS restricted user. For more information on restricted user, see ABS users. |
ABS_URL |
string |
The URL should be in the form of |
ASE_URL |
string |
The URL should be in the form of |
ASE_ACCESS_KEY |
string |
Access key of the ASE admin user |
ASE_SECRET_KEY |
string |
Secret key of the ASE admin user |
DASHBOARD_URL |
string |
The URL should be in the form of
|
H2_DB_PASSWORD |
string |
Password for H2 database |
H2_DB_ENCRYPTION_PASSWORD |
string |
Password to change encryption method of H2 database |
WEBGUI_ADMIN_PASSWORD |
string |
Password for admin user of Web GUI |
WEBGUI_PING_USER_PASSWORD |
string |
Password for ping_user of Web GUI |
SESSION_MAX_AGE |
6h |
Defines the maximum time for a session. The configured values should be
in the form of <number><duration_suffix> .
Duration should be > 0. Allowed duration_suffix values:
m for minutes, h for hours, and
d for days. |
MAX_ACTIVE_SESSIONS |
50 | Defines the maximum number of active UI sessions at any given time. The value should be greater than 1. |
AUTHENTICATION_MODE |
native or sso |
Set the value to sso to authenticate Dashboard with
PingFedereate |
SSO_OIDC_CLIENT_ID |
string |
Client ID value in configured in the Identity provider. |
SSO_OIDC_CLIENT_SECRET |
string |
Client Secret configured for the corresponding Client ID. |
SSO_OIDC_CLIENT_AUTHENTICATION_METHOD |
BASIC, POST, and NONE |
OIDC Client authentication mode. The valid values are BASIC, POST, or NONE |
SSO_OIDC_PROVIDER_ISSUER_URI |
string |
PingFederate URI that is required by webgui to establish SSO. The
default value is https://127.0.0.1:9031 . Note: PingIntelligence Dashboard Docker image can be generated by packaging it
with PingFederate public certificate. For doing this the certificate
needs to be placed in certs/webgui directory with
the name
webgui-sso-oidc-provider.crt. |
SSO_OIDC_PROVIDER_USER_UNIQUEID_CLAIM_NAME |
string |
Claim name for unique ID of the user in UserInfo response. A new user is provisioned using this unique ID value. |
SSO_OIDC_PROVIDER_USER_FIRST_NAME_CLAIM_NAME |
string |
Claim name for first name of the user in UserInfo response. Either first name or last name can be empty, but both should not be empty. |
SSO_OIDC_PROVIDER_USER_LAST_NAME_CLAIM_NAME |
string |
Claim name for last name of the user in UserInfo response. Either first name or last name can be empty, but both should not be empty |
SSO_OIDC_PROVIDER_USER_ROLE_CLAIM_NAME |
string |
Claim name for role of the user in UserInfo response. Valid values for
roles are ADMIN and REGULAR . |
SSO_OIDC_PROVIDER_CLIENT_ADDITIONAL_SCOPES |
string |
Additional scopes in authorization request. Multiple scopes should be comma (,) separated values. OpenID, profile scopes are always requested. |
TIMEZONE |
string |
Set the timezone of Dashbord to either local or
UTC . Default value is utc . Note: Make sure TIMEZONE is set to the same value in ASE, ABS, and Dashboard.
|
KAFKA_SERVERS |
string |
Kafka ip:port needs to be configured. |
DE_CONSUMER_USER |
string |
Data engine consumer user in Kafka |
DE_CONSUMER_PASSWORD |
string |
Consumer user password |
DE_CONSUMER_GROUP |
string |
Group in Kafka for data engine consumer |
TRANSACTIONS_TOPIC |
string |
ABS transaction topic in Kafka |
ATTACK_TOPIC |
string |
ABS attack topic in Kafka |
ELASTIC_URL |
string |
External Elasticsearch URL |
ELASTIC_PASSWORD |
string |
External Elasticsearch password |
ELASTIC_USERNAME |
string |
External Elasticsearch username |
API Publish Environment Variables: The following table lists the API Publish environment variables and the values:
Environment | Value | Usage |
---|---|---|
MONGO_USERNAME |
string |
MongoDB username |
MONGO_PASSWORD |
string |
MongoDB password |
MONGO_CERTIFICATE : |
string |
Set to true if MongoDB instance is configured in SSL mode, and you want to do the server certificate verification |
MONGO_AUTH_MECHANISM |
string |
MongoDB authentication
|
MANAGEMENT_PORT |
string |
Port for the API Publish service |
APIPUBLISH_JKS_PASSWORD |
string |
API Publish password for the JKS file. You can change the password, and it will be generated during installation. |
MONGO_SSL |
string |
Indicates whether SSL used for Mongo. Default:
|
DATABASE_NAME |
string |
Database name |
META_DATABASE
|
string |
Meta database name |
APIPUBLISH_CLI_ADMIN_PASSWORD |
string |
API Publish CLI password |
Kafka Environment Variables: The following table lists the Kafka environment variables and the values:
Environment | Value | Usage |
---|---|---|
ZOOKEEPER_URL |
<IP or hostname>:port |
Zookeeper URL |
KAFKA_SSL_PORT |
string |
SSL port for Kafka |
KAFKA_SASL_PORT |
string |
SASL port for Kafka |
KAFKA_MIN_INSYNC_REPLICA |
string |
Minimum number of insync replicas for data in Kafka |
ABS_CONSUMER_USER |
string |
ABS consumer user in Kafka |
ABS_PRODUCER_USER |
string |
ABS producer user in Kafka |
ABS_CONSUMER_PASSWORD |
string |
ABS consumer user password |
ABS_PRODUCER_PASSWORD |
string |
ABS producer user password |
ABS_CONSUMER_GROUP |
string |
ABS group in Kafka |
DE_CONSUMER_USER |
string |
Data engine consumer user in Kafka |
DE_CONSUMER_PASSWORD |
string |
Consumer user password |
DE_CONSUMER_GROUP |
string |
Group in Kafka for data engine consumer |
RETENTION_PERIOD |
string |
Retention period of data in topics |
POD_NAME |
string |
Kafka broker ID |
Zookeeper Environment Variables: The following table lists the Zookeeper environment variables and the values:
Environment | Value | Usage |
---|---|---|
ZOOKEEPER_PORT |
string |
Non-SSL port for Zookeeper |
ZOOKEEPER_SSL_PORT |
string |
Non-SSL port for Zookeeper |