Environment variables exposed in Docker images - PingIntelligence for APIs

Environment variables exposed in Docker images - PingIntelligence for APIs - 5.2

PingIntelligence

bundle

pingintelligence-52

ft:publication_title

PingIntelligence

Product_Version_ce

PingIntelligence for APIs 5.2 (Latest)

ASE Environment Variables

The following table lists the ASE environment variables and the values.

Environment	Value	Usage
MODE	inline/sideband	ASE can be deployed either in inline mode or sideband mode. For more information, see the ASE admin guide.
TIMEZONE	string	Set the timezone of ASE to either `local` or `UTC`. The default value is `utc`. Note: Make sure TIMEZONE is set to the same value in ASE, ABS, and Dashboard.
ENABLE_CLUSTER	true/false	Set the value to `true` to enable ASE cluster.
ENABLE_ABS	true/false	Set the value to `true` to enable ABS.
PEER_NODE	`<IP or hostname>`:port	ASE cluster peer node's IP address and port number.
ASE_SECRET_KEY	string	Set the value of the ASE secret key. Note: The ASE access key cannot be changed. Its value always remains `admin`.
ABS_ENDPOINT	`<IP or hostname>`:port	IP address or host name of the ABS endpoint.
ABS_ACCESS_KEY	string	Access key to connect to ABS.
ABS_SECRET_KEY	string	Secret key to connect to ABS.
ADMIN_LOG_LEVEL	1-5	1-5 (FATAL, ERROR, WARNING, INFO, DEBUG)
ENABLE_SIDEBAND_AUTHENTICATION	true/false	Enable client side authentication. This setting is applicable only in sideband mode. When enabled, ASE authenticates requests using ASE authentication tokens.
ENABLE_SIDEBAND_KEEPALIVE	true/false	Set the value to `true` to enable connection keepalive for requests from gateway to ASE. This configuration is applicable only in `sideband` mode.
ENABLE_ASE_HEALTH	true/false	Set the value to `true` to enable ASE health check module.
ENABLE_GOOGLE_PUBSUB	true/false	Google Pub/Sub configuration.
GOOGLE_PUBSUB_TOPIC	string	Google Pub/Sub topic.
GOOGLE_PUBSUB_CONCURRENCY	number	The number of concurrent connections to Google Pub/Sub. Minimum: 1, Default: 1000, Maximum: 1024
GOOGLE_PUBSUB_QPS	number	The number of messages published per second. Minimum: 1, Default: 1000, Maximum: 10000
GOOGLE_PUBSUB_APIKEY	string	Google service account API key (Optional)
CACHE_QUEUE_SIZE	number	The maximum number of messages buffered in memory. If the queue is full, messages are written to logs/google_pubsub_failed.log. Minimum: 1, Default: 300, Maximum: 10000
GOOGLE_PUBSUB_TIMEOUT	number	Timeout in seconds to publish a message to Google Pub/Sub. Minimum: 10, Default: 30, Maximum: 300
DEPLOYMENT_TYPE	string	Indicates ABS deployment type to ASE. Supported values are `onprem` or `cloud`.
GATEWAY_CREDENTIAL	string	The obfuscated gateway credentials that are generated at cloud portal. ASE parses these gateway credentials to get OAuth URL and URL for ABS API calls. Populate this value when DEPLOYMENT_TYPE is set to `cloud`.
ENABLE_ABS_PUBLISH	true/false	Set this value to `true` to allow ASE to fetch the published API list from ABS.
ABS_PUBLISH_REQUEST_MINUTES		This value determines how often ASE will get the published API list from ABS.
ENABLE_STRICT_REQUEST_PARSER	true/false	Enable strict parsing checks for client requests. `true`: ASE will block requests with an invalid header start. `false`: ASE will allow requests.

ABS Environment Variables

The following table lists the ABS environment variables and the values.

Environment	Value	Usage
MONGO_RS	`mongodb://<IP or hostname>:<port>,<IP or hostname>:<port>, <IP or hostname>:<port>`	MongoDB replica set IP addresses or host names and port numbers.
MONGO_USERNAME	string	MongoDB username.
MONGO_PASSWORD	string	MongoDB password.
ABS_LOG_LEVEL	string	Log levels (`ALL > DEBUG > INFO > WARN > ERROR > FATAL > OFF`) The default is `INFO`.
MONGO_SSL	true/false	Set to `true` if MongoDB instance is configured in SSL mode. By default, ABS will try to connect to MongoDB using non-SSL connection. The default is `false`.
IS_DASHBOARD_NODE	true/false	Setting as true makes an ABS node for dashboard engine query only and does not participate in ABS cluster for log processing.
ENABLE_EMAILS	true/false	Enable (`true`) or disable (`false`) ABS email notifications.
SENDER_EMAIL	string	The email address used for sending email alerts and reports.
SENDER_EMAIL_PASSWORD	string	The password of the sender's email account. Note: You can leave this field blank if your SMTP server does not require authentication.
RECEIVER_EMAIL	string	The email address notified about alerts and reports. If you want more than one person to be notified, use an email alias.
ABS_CLI_ADMIN_PASSWORD	string	Set the ABS command-line interface (CLI) admin password.
ABS_JKS_PASSWORD	string	Set the ABS Java keystore password.
MONGO_CERTIFICATE_VERIFY	true/false	Set to true if you want to enable verification of MongoDB SSL server certificate. By default, ABS will try to connect to MongoDB without verifying SSL connection. The default is `false`.
TIMEZONE	string	Set the timezone of ABS to either `local` or `UTC`. The default value is `utc`. Note: Make sure TIMEZONE is set to the same value in ASE, ABS, and the Dashboard.
ABS_ACCESS_KEY	string	The access key for the ABS admin user. For more information, see ABS users.
ABS_SECRET_KEY	string	The secret key for the ABS admin user. For more information, see ABS users.
ABS_ACCESS_KEY_RU	string	The access key for the restricted user. For more information on restricted users, see ABS users.
ABS_SECRET_KEY_RU	string	The secret key for the restricted user. For more information on restricted users, see ABS users.
ATTACK_INITIAL_TRAINING	integer	The attack training period.
ATTACK_UPDATE_INTERVAL	integer	The attack threshold uphold interval.
API_DISCOVERY	true/false	Set the value to `true` to enable application programming interface (API) discovery in ABS. For ABS to discover APIs, a global API JSON must be configured in ASE. For more information, see API discovery and configuration.
API_DISCOVERY_INITIAL_PERIOD	integer	The initial period set in hours in which ABS has to be discover APIs. It is good practice to keep the API discovery interval period less than the initial attack training interval.
API_DISCOVERY_UPDATE_INTERVAL	integer	The time period in hours in which ABS reports the newly discovered APIs.
API_DISCOVERY_SUBPATH	integer	The number of subpaths that are discovered in an API. The maximum value is 3.
POC_MODE	string	Sets the mode in which ABS trains its API models. Set it to `true` for running ABS in evaluation deployment mode. For more information, see Configuring and verifying ABS POC mode.
KAFKA_SERVERS	string	The Kafka `ip:port` needs to be configured.
ABS_CONSUMER_USER	string	ABS consumer user in Kafka.
ABS_PRODUCER_USER	string	ABS producer user in Kafka.
ABS_CONSUMER_GROUP	string	ABS group in Kafka.
ABS_CONSUMER_PASSWORD	string	ABS consumer user password.
ABS_PRODUCER_PASSWORD	string	ABS producer user password.
KAFKA_MIN_INSYNC_REPLICA	integer	The number of minimum in-sync replicas for data in Kafka.
TRANSACTIONS_TOPIC	string	ABS transaction topic in Kafka.
ATTACK_TOPIC	string	ABS attack topic in Kafka.
ANOMALIES_TOPIC	string	ABS anomalies topic in Kafka.

MongoDB Environment Variables

The following table lists the MongoDB environment variables and the values.

Environment	Value	Usage
MONGO_USERNAME	string	MongoDB username.
MONGO_PASSWORD	string	MongoDB password.
MUTLI_NODE_REPLICA_SET	string	Set it to `true` if you wan to run multiple MongoDB nodes in MongoDB replica set. The default value is `false`. If you have set to it to `true`, then manually add MongoDB nodes into replica set. Run abs_init.js script from the primary MongoDB node.
WIRED_TIGER_CACHE_SIZE_GB	float	Memory in GB to be used by MongoDB cache.
MONGO_SSL	string	Configures whether MongoDB uses SSL. The default value is `false`.
MONGO_PORT	string	Custom port for Mongo.

Dashboard Environment Variables

The following table lists the Dashboard environment variables and the values.

Environment	Value	Usage
DISCOVERY_SOURCE	string	Source of API discovery. Values can be `abs`, `pingaccess`, or `axway`.
PINGACCESS_URL	string	The URL of PingAccess if you set the discovery source as `pingaccess`.
PINGACCESS_USERNAME	string	The PingAccess username for API discovery.
PINGACCESS_PASSWORD	string	The PingAccess password for API discovery.
AXWAY_URL	string	The URL of Axway if you set the discovery source as `axway`.
AXWAY_USERNAME	string	The Axway username for API discovery.
AXWAY_PASSWORD	string	The Axway username for API discovery.
DISCOVERY_MODE	string	The mode in which the Dashboard publishes APIs to ASE. Values can be `auto` or `manual`. For more information, see Discovered APIs.
DISCOVERY_MODE_AUTO_POLLING_INTERVAL	integer	If the DISCOVERY_MODE is set as `auto`, set the polling interval at which the Dashboard polls the discovery source for APIs. It is recommended to have a minimum value of 10 minutes.
DISCOVERY_MODE_AUTO_DELETE_NON_DISCOVERED_APIS	string	If the DISCOVERY_MODE is set as `auto`, you can choose to retain to delete APIs in ASE that are added manually. Set it to `true`, if you want to delete the APIs that are manually added in ASE.
ASE_MODE	string	Sets the mode in which ASE is deployed. Values can be either `inline` or `sideband`. Make sure this value is same as the value set in ASE.
ABS_ACCESS_KEY	string	The access key for the ABS admin user. For more information, see ABS users.
ABS_SECRET_KEY	string	The secret key for the ABS admin user. For more information, see ABS users.
ABS_HOST	string	The IP address of ABS host.
ENABLE_XPACK	string	Configures whether X-Pack is installed. Default value is `true`. If the variable is set to `false`, the Web GUI protocol should be HTTP.
ENABLE_SYSLOG	string	Configures whether the Dashboard sends Syslog messages to the Syslog server. The default value is `false`. Important: ENABLE_SYSLOG and ENABLE_UI both cannot be `false` at the same time. When ENABLE_SYSLOG environment variable is passed to the container, SYSLOG_HOST, and SYSLOG_PORT should also be passed. These are to configure the Syslog server and port number.
ABS_RESTRICTED_USER_ACCESS	true/false	Set to `true` if you want to use an ABS restricted user. For more information on restricted users, see ABS users.
ABS_URL	string	The URL should be in the form of https://`<IP>`:`<port>`. The URL is used by WebGUI to connect to ABS.
ASE_URL	string	The URL should be in the form of https://`<IP>`:`<port>`. The URL is used by WebGUI to connect to ASE.
ASE_ACCESS_KEY	string	The access key of the ASE admin user.
ASE_SECRET_KEY	string	The secret key of the ASE admin user.
DASHBOARD_URL	string	The URL should be in the form of https://`<IP>`:`<port>`. The URL is used by WebGUI to connect to the Dashboard. IP and port number are for Kibana.
H2_DB_PASSWORD	string	The password for the H2 database.
H2_DB_ENCRYPTION_PASSWORD	string	The password to change the encryption method of the H2 database.
WEBGUI_ADMIN_PASSWORD	string	The password for the admin user of WebGUI.
WEBGUI_PING_USER_PASSWORD	string	The password for `ping_user` of WebGUI.
SESSION_MAX_AGE	6h	Defines the maximum time for a session. The configured values should be in the form of `<number><duration_suffix>`. The duration should be > 0. Allowed `duration_suffix` values are `m` for minutes, `h` for hours, and `d` for days.
MAX_ACTIVE_SESSIONS	50	Defines the maximum number of active UI sessions at any given time. The value should be greater than 1.
AUTHENTICATION_MODE	native or sso	Set the value to `sso` to authenticate the Dashboard with PingFederate.
SSO_OIDC_CLIENT_ID	string	Client ID value configured in the identity provider.
SSO_OIDC_CLIENT_SECRET	string	Client secret configured for the corresponding Client ID.
SSO_OIDC_CLIENT_AUTHENTICATION_METHOD	BASIC, POST, and NONE	OpenID Connect (OIDC) Client authentication mode. The valid values are `BASIC`, `POST`, or `NONE`.
SSO_OIDC_PROVIDER_ISSUER_URI	string	The PingFederate URI that is required by WebGUI to establish single sign-on (SSO). The default value is `https://127.0.0.1:9031`. Note: The PingIntelligence Dashboard Docker image can be generated by packaging it with the PingFederate public certificate. To do so, the certificate needs to be placed in certs/webgui directory with the name webgui-sso-oidc-provider.crt.
SSO_OIDC_PROVIDER_USER_UNIQUEID_CLAIM_NAME	string	Claim name for the unique ID of the user in the UserInfo response. A new user is provisioned using this unique ID value.
SSO_OIDC_PROVIDER_USER_FIRST_NAME_CLAIM_NAME	string	Claim name for the first name of the user in the UserInfo response. Either first name or last name can be empty, but both should not be empty.
SSO_OIDC_PROVIDER_USER_LAST_NAME_CLAIM_NAME	string	Claim name for the last name of the user in the UserInfo response. Either first name or last name can be empty, but both should not be empty.
SSO_OIDC_PROVIDER_USER_ROLE_CLAIM_NAME	string	Claim name for the role of the user in the UserInfo response. Valid values for roles are `ADMIN` and `REGULAR`.
SSO_OIDC_PROVIDER_CLIENT_ADDITIONAL_SCOPES	string	Additional scopes in the authorization request. Multiple scopes should be values separated with a comma (,). OpenID profile scopes are always requested.
TIMEZONE	string	Set the timezone of the Dashboard to either `local` or `UTC`. The default value is `utc`. Note: Make sure TIMEZONE is set to the same value in ASE, ABS, and the Dashboard.
KAFKA_SERVERS	string	Kafka `ip:port` needs to be configured.
DE_CONSUMER_USER	string	The data engine consumer user in Kafka.
DE_CONSUMER_PASSWORD	string	Consumer user password.
DE_CONSUMER_GROUP	string	The group in Kafka for the data engine consumer.
TRANSACTIONS_TOPIC	string	ABS transaction topic in Kafka.
ATTACK_TOPIC	string	ABS attack topic in Kafka.
ELASTIC_URL	string	External Elasticsearch URL.
ELASTIC_PASSWORD	string	External Elasticsearch password.
ELASTIC_USERNAME	string	External Elasticsearch username.

API Publish Environment Variables

The following table lists the API Publish environment variables and the values.

Environment	Value	Usage
MONGO_USERNAME	string	MongoDB username.
MONGO_PASSWORD	string	MongoDB password.
MONGO_CERTIFICATE	string	Set to `true` if the MongoDB instance is configured in SSL mode, and you want to do the server certificate verification.
MONGO_AUTH_MECHANISM	string	MongoDB authentication: Supported Mongo authentication mechanisms are: `DEFAULT`: Provide MONGO_USERNAME and MONGO_PASSWORD. `PLAIN`: Provide the external LDAP username and password in MONGO_USERNAME and MONGO_PASSWORD. Set to `NONE` if authentication is not enabled in Mongo.
MANAGEMENT_PORT	string	Port for the API Publish service
APIPUBLISH_JKS_PASSWORD	string	The API Publish password for the JKS file. You can change the password, and it will be generated during installation.
MONGO_SSL	string	Indicates whether SSL is used for Mongo. The default value is `false`.
DATABASE_NAME	string	Database name.
META_DATABASE	string	Meta database name.
APIPUBLISH_CLI_ADMIN_PASSWORD	string	API Publish command-line interface (CLI) password.

Kafka Environment Variables

The following table lists the Kafka environment variables and the values.

Environment	Value	Usage
ZOOKEEPER_URL	`<IP or hostname>:port`	Zookeeper URL.
KAFKA_SSL_PORT	string	SSL port for Kafka.
KAFKA_SASL_PORT	string	SASL port for Kafka.
KAFKA_MIN_INSYNC_REPLICA	string	The minimum number of in-sync replicas for data in Kafka.
ABS_CONSUMER_USER	string	ABS consumer user in Kafka.
ABS_PRODUCER_USER	string	ABS producer user in Kafka.
ABS_CONSUMER_PASSWORD	string	ABS consumer user password.
ABS_PRODUCER_PASSWORD	string	ABS producer user password.
ABS_CONSUMER_GROUP	string	ABS group in Kafka.
DE_CONSUMER_USER	string	Data engine consumer user in Kafka.
DE_CONSUMER_PASSWORD	string	Consumer user password.
DE_CONSUMER_GROUP	string	Group in Kafka for the data engine consumer.
RETENTION_PERIOD	string	Retention period of data in topics.
POD_NAME	string	Kafka broker ID.

Zookeeper Environment Variables

The following table lists the Zookeeper environment variables and the values.

Environment	Value	Usage
ZOOKEEPER_PORT	string	Non-SSL port for Zookeeper.
ZOOKEEPER_SSL_PORT	string	Non-SSL port for Zookeeper.