Skip to content

Environment Variables

The following environment variables are taken into account by SEAL OP-CLI:

AUTH_ISSUER_URL

AUTH_ISSUER_URL specifies the OIDC issuer URL.

Available values: String

  • <url>

Default: The URL is retrieved from the seal-operator-server service.

Hint - changed AUTH_ISSUER_URL as of Keycloak 21.0.1

As of SEAL-specific Keycloak version 21.0.1, the URL needed for `AUTH_ISSUER_URL has changed.

  • old value: AUTH_ISSUER_URL=https://<hostname>:32769/auth/realms/SEAL

  • new value: AUTH_ISSUER_URL=https:/<hostname>:32769/realms/SEAL

LOG_LEVEL

LOG_LEVEL specifies the log level for SEAL OP-CLI. Messages that correspond to this log level or a higher one are output.

The environment variable is overwritten by the value specified with the --loglevel option.

Available values: String

  • debug

    Debug messages are output.

  • error

    Error messages are output.

  • info

    Information messages are output.

  • warn

    Warnings are output.

Default: info

OPCLI_AUTH_ADDITIONAL_SCOPES

OPCLI_AUTH_ADDITIONAL_SCOPES specifies additional scopes for OAuth 2 (required for Azure AD for example).

The environment variable is overwritten by the value specified with the --auth-additional-scopes option.

Available values: String

  • <scope>

Default: none

OPCLI_AUTH_CLIENT_ID

OPCLI_AUTH_CLIENT_ID specifies the client name configured in the OIDC identity provider.

The environment variable is overwritten by the value specified with the --auth-client-id option.

Available values: String

  • <name>

Default: seal-opcli

OPCLI_AUTH_CLIENT_SECRET

OPCLI_AUTH_CLIENT_ID specifies the client secret configured in the OIDC identity provider.

The environment variable is overwritten by the value specified with the --auth-client-secret option.

Available values: String

  • <secret>

Default: The secret installed with the SEAL-specific Keycloak identity provider.

OPCLI_AUTH_TOKEN_TYPE

OPCLI_AUTH_TOKEN_TYPE specifies the type of the token used for the authentication against the REST API.

The environment variable is overwritten by the value specified with the --auth-token-type option.

Available values: String

  • access_token

    The access token is used.

  • id_token

    The ID token is used.

Default: access_token

OPCLI_BEARER_TOKEN

OPCLI_BEARER_TOKEN specifies the JSON Web Token (JWT) for authentication.

The environment variable is overwritten by the value specified with the --bearer option.

Available values: String

  • <token>

Default: none

TLS_DIR

TLS_DIR specifies the directory containing the certificate files necessary for the secure transfer between browser and local https server.

Available values: String

  • <dir_name>

The directory contains the following files:

  • key.pem

    File with the private key

  • cert.pem

    File with the certificate

  • ca.pem (optional)

    File with the CA certificate

Default: none

Hint - certificate files contained in delivery

The self-signed certificates contained in delivery are hard-coded. The tls directories contained in delivery only contain examples which certificate files are required and how they look like.

Back to top