Environment variables

The Orchestrator can read environment variables which alter the way it runs. These can be:

• Orchestrator-specific environment variables (normally prefixed with MAVERICS_)
• Arbitrary environment variables which can be referenced in the config file itself

Orchestrator Environment Variables

The following environment variables are available for setting Orchestrator configuration:

• MAVERICS_CONFIG: configures the path to a local configuration file.
• MAVERICS_LICENSE: configures the path to a local license file.
• MAVERICS_SECRET_PROVIDER: sets up a connection to a secret provider.
• MAVERICS_DEBUG_MODE: sets logging to debug level.
• MAVERICS_HTTP_ADDRESS: the interface and port of the HTTP listener.
• MAVERICS_TLS_SERVER_CERT_FILE: the path to the certificate used for the HTTP listener
• MAVERICS_TLS_SERVER_KEY_FILE: the path to the corresponding key for the HTTP listener certificate.
• MAVERICS_TLS_SERVER_WINDOWS_THUMBPRINT: the certificate thumbprint used to search the Windows Certificate Store for HTTP listener certificate.
• MAVERICS_TLS_SERVER_WINDOWS_SUBJECT: the certificate subject used to search the Windows Certificate Store for HTTP listener certificate.
• MAVERICS_RELOAD_CONFIG: a boolean value to configure the Orchestrator to poll for configuration updates. It is false by default.
• MAVERICS_POLLING_INTERVAL_SECONDS: the frequency of polling for configuration updates. If unset, the default is 30 seconds.
• MAVERICS_GCP_CONFIG: configures a connection to Google Cloud Storage for remote configuration.
• MAVERICS_AWS_CONFIG: configures a connection to AWS S3 for remote config configuration.
• MAVERICS_AZURE_CONFIG: configures a connection to Azure Blob for remote config configuration.
• MAVERICS_GITLAB_CONFIG: configures a connection to a GitLab repository for remote config configuration.
• MAVERICS_GITHUB_CONFIG: configures a connection to a GitHub repository for remote config configuration.
• MAVERICS_USER: sets the user that will run a maverics service in a linux installation. If unset, the default is maverics.
• MAVERICS_GROUP: sets the group that will run a maverics service in a linux installation. If unset, the default is maverics.
• HTTPS_PROXY, HTTP_PROXY, NO_PROXY: configures the network proxies maverics will use.
• MAVERICS_BUNDLE_PUBLIC_KEY_FILE: the path to the public key file used for verifying a signed configuration bundle.

Command line options for maverics will override environment variables, which in turn will override settings in the configuration file. The order of precedence is:

1. command line options (e.g. -verbose for debug level logging)
2. environment variables (e.g. MAVERICS_DEBUG_MODE=true)
3. settings in the configuration file (e.g. logger.level: debug)

Arbitrary Environment Variables

Maverics supports referencing environment variables in configuration files. This enables deployment specific variables to be set dynamically, and can enable selectively loading components when paired with the include field.

To express environment variables in config files, use the {{ env.VAR_NAME }} syntax. Note, the env. namespace prefix is required.

Example

The following example represents a simple usage of how environment variables can be leveraged. The example assumes that AZURE_METADATA_URL, AZURE_ACS_URL, and AZURE_ENTITY_ID are set as environment variables on the host machine.

version: 0.1

tls:
  maverics:
    certFile: certs/maverics.cert
    keyFile: certs/maverics.key

http:
  address: :443
  tls: maverics

connectors:
  - name: azure
    type: azure
    authType: saml
    samlMetadataURL: '{{ env.AZURE_METADATA_URL }}'
    samlConsumerServiceURL: '{{ env.AZURE_ACS_URL }}'
    samlEntityID: '{{ env.AZURE_ENTITY_ID }}'

appgateways:
  - name: finance-app
    basePath: /
    upstream: https://finance.enterprise.com
    headers:
      SM_USER: azure.username
      firstName: azure.firstName
      lastName: azure.lastName
    policies:
      - location: /
        authentication:
          idps:
            - azure