Environment variables are exposed in the Docker images. If you do not set the environment variable, the default values are used. The following tables list the environment variables for ASE, ABS, Dashboard, and MongoDB.

ASE Environment Variables: The following table lists the ASE environment variables and the values:
Environment Value Usage
MODE inline/sideband ASE can be deployed either in inline mode or sideband mode. For more information, see the ASE admin guide.
TIMEZONE string Set the timezone of ASE to either local or UTC. Default value is utc.
Note: Make sure TIMEZONE is set to the same value in ASE, ABS, and Dashboard.
ENABLE_CLUSTER true/false Set the value to true to enable ASE cluster.
ENABLE_ABS true/false Set the value to true to enable ABS.
PEER_NODE <IP or hostname>:port ASE cluster peer node's IP address and port number
ASE_SECRET_KEY string Set the value of the ASE secret key.
Note: ASE access key cannot be changed. Its value always remains admin.
ABS_ENDPOINT <IP or hostname>:port IP address or host name of the ABS endpoint
ABS_ACCESS_KEY string Access key to connect to ABS
ABS_SECRET_KEY string Secret key to connect to ABS
ADMIN_LOG_LEVEL 1-5 1-5 (FATAL, ERROR, WARNING, INFO, DEBUG)
ENABLE_SIDEBAND_AUTHENTICATION true/false Enable client side authentication. This setting is applicable only in sideband mode. Once enabled, ASE authenticates requests using ASE authentication tokens.
ENABLE_SIDEBAND_KEEPALIVE true/false Set the value to true to enable connection keepalive for requests from gateway to ASE. This configuration is applicable only in sideband mode.
ENABLE_ASE_HEALTH true/false Set the value to true to enable ASE health check module.
ENABLE_GOOGLE_PUBSUB true/false Google Pub/Sub configuration
GOOGLE_PUBSUB_TOPIC string
GOOGLE_PUBSUB_CONCURRENCY number

Number of concurrent connections to Google Pub/Sub

Minimum: 1, Default: 1000, Maximum: 1024

GOOGLE_PUBSUB_QPS number

Number of messages published per second.

Minimum: 1, Default: 1000, Maximum: 10000

GOOGLE_PUBSUB_APIKEY string Google service account API key (Optional)
CACHE_QUEUE_SIZE number

Maximum number of messages buffered in memory. If queue is full, messages are written to logs/google_pubsub_failed.log

Minimum: 1, Default: 300, Maximum: 10000

GOOGLE_PUBSUB_TIMEOUT number

Timeout in seconds to publish a message to Google Pub/Sub.

Minimum: 10, Default: 30, Maximum: 300

DEPLOYMENT_TYPE string

Indicates ABS deployment type to ASE.

Supported values are onprem or cloud.

GATEWAY_CREDENTIAL string

The obfuscated gateway credentials that are generated at cloud portal. ASE parses these gateway credentials to get OAuth URL and URL for ABS API calls.

Populate this value when DEPLOYMENT_TYPE is set to cloud.
ENABLE_ABS_PUBLISH true/false

Set this value to true, to allow API Security Enforcer to fetch the published API list from ABS.

ABS_PUBLISH_REQUEST_MINUTES

This value determines how often API Security Enforcer will get the published API list from ABS.

ENABLE_STRICT_REQUEST_PARSER true/false

Enable strict parsing checks for client requests.

  • true: ASE will block requests with an invalid header start.
  • false: ASE will allow requests.

ABS Environment Variables: The following table lists the ABS environment variables and the values:
Environment Value Usage
MONGO_RS mongodb://<IP or hostname>:<port>,<IP or hostname>:<port>, <IP or hostname>:<port> MongoDB replica set IP addresses or host names and port numbers.
MONGO_USERNAME string MongoDB username
MONGO_PASSWORD string MongoDB password
ABS_LOG_LEVEL string

Log levels (ALL > DEBUG > INFO > WARN > ERROR > FATAL > OFF)

Default is INFO

MONGO_SSL true/false

Set to true if MongoDB instance is configured in SSL mode.

By default, ABS will try to connect to MongoDB using non-SSL connection. Default is false

IS_DASHBOARD_NODE true/false Setting as true makes an ABS node for dashboard engine query only and does not participate in ABS cluster for log processing
ENABLE_EMAILS true/false Enable (true) or disable (false) ABS email notifications.
SENDER_EMAIL string Email address used for sending email alerts and reports.
SENDER_EMAIL_PASSWORD string Password of sender's email account.
Note: You can leave this field blank if your SMTP server does not require authentication.
RECEIVER_EMAIL string Email address notified about alerts and reports. If you want more than one person to be notified, use an email alias.
ABS_CLI_ADMIN_PASSWORD string Set the ABS CLI admin password.
ABS_JKS_PASSWORD string Set the ABS Java keystore password.
MONGO_CERTIFICATE_VERIFY true/false

Set to true if you want to enable verification of MongoDB SSL server certificate.

By default, ABS will try to connect to MongoDB without verifying SSL connection. Default is false

TIMEZONE string Set the timezone of ABS to either local or UTC. Default value is utc.
Note: Make sure TIMEZONE is set to the same value in ASE, ABS, and Dashboard.
ABS_ACCESS_KEY string The access key for the ABS admin user. For more information, see ABS users
ABS_SECRET_KEY string The secret key for the ABS admin user. For more information, see ABS users
ABS_ACCESS_KEY_RU string The access key for the restricted user. For more information on restricted user, see ABS users.
ABS_SECRET_KEY_RU string The secret key for the restrict ired user. For more information on restricted user, see ABS users.
ATTACK_INITIAL_TRAINING integer The attack training period
ATTACK_UPDATE_INTERVAL integer Attack threshold uphold interval
API_DISCOVERY true/false Set the value to true to enable API discovery in ABS. For ABS to discover APIs, a global API JSON must be configured in ASE. For more information, see API discovery and configuration.
API_DISCOVERY_INITIAL_PERIOD integer The initial period set in hours in which ABS has to be discover APIs. It is a good practice to keep the API discovery interval period less than the initial attack training interval.
API_DISCOVERY_UPDATE_INTERVAL integer The time period in hours in which ABS reports the newly discovered APIs
API_DISCOVERY_SUBPATH integer The number of subpaths that are discovered in an API. The maximum value is 3.
POC_MODE string Sets the mode in which ABS trains its API models. Set it to true for running ABS in POC mode. For more information, seeABS POC mode
KAFKA_SERVERS string Kafka ip:port needs to be configured.
ABS_CONSUMER_USER string ABS consumer user in Kafka
ABS_PRODUCER_USER string ABSs producer user in Kafka
ABS_CONSUMER_GROUP string ABS group in Kafka
ABS_CONSUMER_PASSWORD string ABS consumer user password
ABS_PRODUCER_PASSWORD string ABS producer user password
KAFKA_MIN_INSYNC_REPLICA integer Number of minimum insync replicas for data in Kafka
TRANSACTIONS_TOPIC string ABS transaction topic in Kafka
ATTACK_TOPIC string ABS attack topic in Kafka
ANOMALIES_TOPIC string ABS anomalies topic in Kafka

MongoDB Environment Variables: The following table lists the MongoDB environment variables and the values:
Environment Value Usage
MONGO_USERNAME string MongoDB username
MONGO_PASSWORD string MongoDB password
MUTLI_NODE_REPLICA_SET string Set it to true if you wan to run multiple MongoDB nodes in MongoDB replica set. The default value is false. If you have set to it to true, then manually add MongoDB nodes into replica set. Run abs_init.js script from the primary MongoDB node.
WIRED_TIGER_CACHE_SIZE_GB float Memory in GB to be used by MongoDB cache.
MONGO_SSL string Configures whether MongoDB uses SSL. Default values is false.
MONGO_PORT string Custom port for Mongo.
Dashboard Environment Variables: The following table lists the Dashboard environment variables and the values:
Environment Value Usage
DISCOVERY_SOURCE string Source of API discovery. Values can be abs, pingaccess, or axway.
PINGACCESS_URL string URL of PingAccess if you set the discovery source as pingaccess.
PINGACCESS_USERNAME string PingAccess username for API discovery.
PINGACCESS_PASSWORD string PingAccess password for API discovery.
AXWAY_URL string URL of Axway if you set the discovery source as axway.
AXWAY_USERNAME string Axway username for API discovery.
AXWAY_PASSWORD string Axway username for API discovery.
DISCOVERY_MODE string Mode in which Dashboard publishes APIs to ASE. Values can be auto or manual. For more information, see Discovered APIs
DISCOVERY_MODE_AUTO_POLLING_INTERVAL integer If the DISCOVERY_MODE is set as auto, set the polling interval at which Dashboard polls the discovery source for APIs. It is recommended to have minimum value of 10-minutes.
DISCOVERY_MODE_AUTO_DELETE_NON_DISCOVERED_APIS string If the DISCOVERY_MODE is set as auto, you can choose to retain to delete APIs in ASE which are added manually. Set it to true, if you want to delete the APIs that are manually added in ASE.
ASE_MODE string Sets the mode in which ASE is deployed. Values can be either inline or sideband. Make sure this value is same as that set in ASE.
ABS_ACCESS_KEY string The access key for the ABS admin user. For more information, see ABS users
ABS_SECRET_KEY string The secret key for the ABS admin user. For more information, see ABS users
ABS_HOST string IP address of ABS host
ENABLE_XPACK string Configures whether x-pack is installed. Default value is true. If the variable is set to false, the Web GUI protocol should be HTTP.
ENABLE_SYSLOG string Configures whether Dashboard sends syslog messages to the syslog server. The default value is false.
Important: ENABLE_SYSLOG and ENABLE_UI both cannot be false at the same time.

When ENABLE_SYSLOG environment variable is passed to the container, SYSLOG_HOST and SYSLOG_PORT should also be passed. These are to configure the syslog server and port number.

ABS_RESTRICTED_USER_ACCESS true/false Set to true if you want to use ABS restricted user. For more information on restricted user, see ABS users.
ABS_URL string

The URL should be in the form of https://<IP>:<port>. The URL is used by Web GUI to connect to ABS.

ASE_URL string

The URL should be in the form of https://<IP>:<port>. The URL is used by Web GUI to connect to ASE.

ASE_ACCESS_KEY string Access key of the ASE admin user
ASE_SECRET_KEY string Secret key of the ASE admin user
DASHBOARD_URL string

The URL should be in the form of https://<IP>:<port. The URL is used by Web GUI to connect to dashboard. IP and port number are of Kibana.

H2_DB_PASSWORD string Password for H2 database
H2_DB_ENCRYPTION_PASSWORD string Password to change encryption method of H2 database
WEBGUI_ADMIN_PASSWORD string Password for admin user of Web GUI
WEBGUI_PING_USER_PASSWORD string Password for ping_user of Web GUI
SESSION_MAX_AGE 6h Defines the maximum time for a session. The configured values should be in the form of <number><duration_suffix>. Duration should be > 0. Allowed duration_suffix values: m for minutes, h for hours, and d for days.
MAX_ACTIVE_SESSIONS 50 Defines the maximum number of active UI sessions at any given time. The value should be greater than 1.
AUTHENTICATION_MODE native or sso Set the value to sso to authenticate Dashboard with PingFedereate
SSO_OIDC_CLIENT_ID string Client ID value in configured in the Identity provider.
SSO_OIDC_CLIENT_SECRET string Client Secret configured for the corresponding Client ID.
SSO_OIDC_CLIENT_AUTHENTICATION_METHOD BASIC, POST, and NONE OIDC Client authentication mode. The valid values are BASIC, POST, or NONE
SSO_OIDC_PROVIDER_ISSUER_URI string PingFederate URI that is required by webgui to establish SSO. The default value is https://127.0.0.1:9031.
Note: PingIntelligence Dashboard Docker image can be generated by packaging it with PingFederate public certificate. For doing this the certificate needs to be placed in certs/webgui directory with the name webgui-sso-oidc-provider.crt.
SSO_OIDC_PROVIDER_USER_UNIQUEID_CLAIM_NAME string Claim name for unique ID of the user in UserInfo response. A new user is provisioned using this unique ID value.
SSO_OIDC_PROVIDER_USER_FIRST_NAME_CLAIM_NAME string Claim name for first name of the user in UserInfo response. Either first name or last name can be empty, but both should not be empty.
SSO_OIDC_PROVIDER_USER_LAST_NAME_CLAIM_NAME string Claim name for last name of the user in UserInfo response. Either first name or last name can be empty, but both should not be empty
SSO_OIDC_PROVIDER_USER_ROLE_CLAIM_NAME string Claim name for role of the user in UserInfo response. Valid values for roles are ADMIN and REGULAR.
SSO_OIDC_PROVIDER_CLIENT_ADDITIONAL_SCOPES string Additional scopes in authorization request. Multiple scopes should be comma (,) separated values. OpenID, profile scopes are always requested.
TIMEZONE string Set the timezone of Dashbord to either local or UTC. Default value is utc.
Note: Make sure TIMEZONE is set to the same value in ASE, ABS, and Dashboard.
KAFKA_SERVERS string Kafka ip:port needs to be configured.
DE_CONSUMER_USER string Data engine consumer user in Kafka
DE_CONSUMER_PASSWORD string Consumer user password
DE_CONSUMER_GROUP string Group in Kafka for data engine consumer
TRANSACTIONS_TOPIC string ABS transaction topic in Kafka
ATTACK_TOPIC string ABS attack topic in Kafka
ELASTIC_URL string External Elasticsearch URL
ELASTIC_PASSWORD string External Elasticsearch password
ELASTIC_USERNAME string External Elasticsearch username

API Publish Environment Variables: The following table lists the API Publish environment variables and the values:

Environment Value Usage
MONGO_USERNAME string MongoDB username
MONGO_PASSWORD string MongoDB password
MONGO_CERTIFICATE: string Set to true if MongoDB instance is configured in SSL mode, and you want to do the server certificate verification
MONGO_AUTH_MECHANISM string MongoDB authentication
  • Supported Mongo authentication mechnisms are:
    • DEFAULT: Provide MONGO_USERNAME and MONGO_PASSWORD
    • PLAIN: Provide external LDAP username and password in MONGO_USERNAME and MONGO_PASSWORD
  • Set to NONEif authentication is not enabled in Mongo
MANAGEMENT_PORT string Port for the API Publish service
APIPUBLISH_JKS_PASSWORD string API Publish password for the JKS file.

You can change the password, and it will be generated during installation.

MONGO_SSL string Indicates whether SSL used for Mongo.

Default: false

DATABASE_NAME string Database name
META_DATABASE string Meta database name
APIPUBLISH_CLI_ADMIN_PASSWORD string API Publish CLI password

Kafka Environment Variables: The following table lists the Kafka environment variables and the values:

Environment Value Usage
ZOOKEEPER_URL <IP or hostname>:port Zookeeper URL
KAFKA_SSL_PORT string SSL port for Kafka
KAFKA_SASL_PORT string SASL port for Kafka
KAFKA_MIN_INSYNC_REPLICA string Minimum number of insync replicas for data in Kafka
ABS_CONSUMER_USER string ABS consumer user in Kafka
ABS_PRODUCER_USER string ABS producer user in Kafka
ABS_CONSUMER_PASSWORD string ABS consumer user password
ABS_PRODUCER_PASSWORD string ABS producer user password
ABS_CONSUMER_GROUP string ABS group in Kafka
DE_CONSUMER_USER string Data engine consumer user in Kafka
DE_CONSUMER_PASSWORD string Consumer user password
DE_CONSUMER_GROUP string Group in Kafka for data engine consumer
RETENTION_PERIOD string Retention period of data in topics
POD_NAME string Kafka broker ID

Zookeeper Environment Variables: The following table lists the Zookeeper environment variables and the values:

Environment Value Usage
ZOOKEEPER_PORT string Non-SSL port for Zookeeper
ZOOKEEPER_SSL_PORT string Non-SSL port for Zookeeper