Environment variables

The Orchestrator can read environment variables which alter the way it runs. These can be:

• Orchestrator-specific environment variables (normally prefixed with MAVERICS_)

• Arbitrary environment variables which can be referenced in the config file itself

Orchestrator Environment Variables

Environment variables in the maverics.env file must use the VARIABLE_NAME=VARIABLE_VALUE format. See our examples for more information.

The following environment variables are available for setting Orchestrator configuration:

• MAVERICS_CONFIG: configures the path to a local configuration file.

• MAVERICS_LICENSE: configures the path to a local license file.

• MAVERICS_SECRET_PROVIDER: sets up a connection to a secret provider.

• MAVERICS_DEBUG_MODE: sets logging to debug level.

• MAVERICS_HTTP_ADDRESS: the interface and port of the HTTP listener.

• MAVERICS_TLS_SERVER_CERT_FILE: the path to the certificate used for the HTTP listener

• MAVERICS_TLS_SERVER_KEY_FILE: the path to the corresponding key for the HTTP listener certificate.

• MAVERICS_TLS_SERVER_WINDOWS_THUMBPRINT: the certificate thumbprint used to search the Windows Certificate Store for HTTP listener certificate.

• MAVERICS_TLS_SERVER_WINDOWS_SUBJECT: the certificate subject used to search the Windows Certificate Store for HTTP listener certificate.

• MAVERICS_RELOAD_CONFIG: a boolean value to configure the Orchestrator to poll for configuration updates. It is false by default.

• MAVERICS_POLLING_INTERVAL_SECONDS: the frequency of polling for configuration updates. If unset, the default is 30 seconds.

• MAVERICS_GCP_CONFIG: configures a connection to Google Cloud Storage for remote configuration.

• MAVERICS_AWS_CONFIG: configures a connection to AWS S3 for remote config configuration.

• MAVERICS_AZURE_CONFIG: configures a connection to Azure Blob for remote config configuration.

• MAVERICS_GITLAB_CONFIG: configures a connection to a GitLab repository for remote config configuration.

• MAVERICS_GITHUB_CONFIG: configures a connection to a GitHub repository for remote config configuration.

• MAVERICS_USER: sets the user that will run a maverics service in a linux installation. If unset, the default is maverics.

• MAVERICS_GROUP: sets the group that will run a maverics service in a linux installation. If unset, the default is maverics.

• HTTPS_PROXY, HTTP_PROXY, NO_PROXY: configures the network proxies maverics will use.

• MAVERICS_BUNDLE_PUBLIC_KEY_FILE: the path to the public key file used for verifying a signed configuration bundle.

Command line options for maverics will override environment variables, which in turn will override settings in the configuration file. The order of precedence is:

1. command line options (e.g. -verbose for debug level logging)

2. environment variables (e.g. MAVERICS_DEBUG_MODE=true)

3. settings in the configuration file (e.g. logger.level: debug)

Arbitrary Environment Variables

Maverics supports referencing environment variables in configuration files. This enables deployment specific variables to be set dynamically.

To express environment variables in config files, use the {{ env.VAR_NAME }} syntax. Note, the env. namespace prefix is required.

Examples

Setting environment variables on Linux

To set an environment variable after installing on linux, use the maverics.env file that is found in the /etc/maverics directory by default. Please note that the variables should be delimited by a newline and should use the VARIABLE_NAME=VARIABLE_VALUE format.

/etc/maverics/maverics.env

MAVERICS_HTTP_ADDRESS=":443"
MAVERICS_TLS_SERVER_CERT_FILE="/etc/maverics/example.com.crt"
MAVERICS_TLS_SERVER_KEY_FILE="/etc/maverics/example.com.key"

Setting environment variables on Windows

For standard environments variables (variables prefixed with MAVERICS) like log verbosity, the MSI should be used. To update existing settings, simply reinstall the MSI.

Setting environment variables on Containers

Similarly to Linux, a simple way to provide environment variables to the container is via an environment variable file. The variables should be delimited by a newline and should use the VARIABLE_NAME=VARIABLE_VALUE format. When starting the container, use the --env-file flag.

maverics.env

MAVERICS_DEBUG_MODE=true

Referencing custom environment variables

The following example represents a simple usage of how environment variables can be leveraged. The example assumes that AZURE_METADATA_URL, AZURE_ACS_URL, and AZURE_ENTITY_ID are set as environment variables on the host machine.

connectors:
  - name: azure
    type: azure
    authType: saml
    samlMetadataURL: '{{ env.AZURE_METADATA_URL }}'
    samlConsumerServiceURL: '{{ env.AZURE_ACS_URL }}'
    samlEntityID: '{{ env.AZURE_ENTITY_ID }}'

Dereferencing Orchestrator Environment Variables

When running multiple Maverics instances or integrating with existing certificate management workflows,

you may need to reference environment variables defined with custom names. This ensures flexibility in how TLS certificates are managed while preventing conflicts with the default Maverics environment variables. In the example below, custom variables are defined for TLS certificate and key files.

The default MAVERICS_TLS_* variables must be explicitly unset to avoid override conflicts.

# Custom TLS configuration environment variables.
TLS_CERT_ENV_VAR=/etc/maverics/certs/custom-server.crt
TLS_KEY_ENV_VAR=/etc/maverics/certs/custom-server.key

# Prevent override conflicts by unsetting default Maverics TLS variables.
unset MAVERICS_TLS_SERVER_CERT_FILE
unset MAVERICS_TLS_SERVER_KEY_FILE

Note: when the MAVERICS_TLS_SERVER_* variables are set, they will override all specified TLS configurations like enabledCiphers, minVersion, and maxVersion to their respective defaults.

Configuration File (config.yaml):

http:
  address: :443
  tls: maverics

tls:
  maverics: 
    certFile: '{{ env.TLS_CERT_ENV_VAR }}'
    keyFile: '{{ env.TLS_KEY_ENV_VAR }}'