Environment Variables

The Auditbox application can be configured using the following environment variables.

Elasticsearch URI

ELASTIC_URI: "http://elasticsearch:9200"

URI for Elasticsearch connection.

Auditbox base URL

AUDITBOX_BASE_URL: "http://localhost:3002"

Base URL where Auditbox is hosted.

Identity provider authorize endpoint

IDP_AUTHORIZE_ENDPOINT: "http://localhost:8888/realms/auditbox/protocol/openid-connect/auth"

Authorization endpoint for your identity provider.

Identity provider token endpoint

IDP_TOKEN_ENDPOINT: "http://keycloak:8888/realms/auditbox/protocol/openid-connect/token"

Token endpoint for your identity provider.

Identity provider client ID

IDP_CLIENT_ID: "auditbox"

OAuth client ID for authentication.

Identity provider client secret

IDP_CLIENT_SECRET: "<String>"

OAuth client secret for authentication.

API authentication enabled

AUDITBOX_API_AUTH_ENABLED: true

Enable or disable API authentication.

Capability statement path

CAPABILITY_STATEMENT_PATH: "capability_statement.edn"

Path to the capability statement file.

Network binding

BINDING: "127.0.0.1"

Network binding address for the server.

Port

PORT: 3000

Port on which the application listens.

BALP version

BALP_VERSION: "1.1.3"

Supported BALP (Basic Audit Log Patterns) version.

Elasticsearch authentication

AUDITBOX_ES_AUTH: "<user>:<password>"

Elasticsearch basic authentication credentials. Implemented and tested for the superadmin role in Elasticsearch.

Log level

AUDITBOX_LOG_LEVEL: "debug"

Application logging level.

S3 archive enabled

AUDITBOX_ARCHIVE_S3_ENABLED: false

Enables S3 archival strategy with backups.

Data retention days

AUDITBOX_DATA_RETENTION_DAYS: 30

Number of days to retain audit events before archiving (must be >= 1).

Snapshot repository name

AUDITBOX_SNAPSHOT_REPOSITORY_NAME: "default"

Name of the Elasticsearch snapshot repository for backups.

S3 bucket name

AUDITBOX_S3_BUCKET_NAME: "<String>"

S3 bucket name for snapshot storage. Required when AUDITBOX_ARCHIVE_S3_ENABLED is true.

S3 endpoint

AUDITBOX_S3_ENDPOINT: "https://s3.amazonaws.com"

S3 endpoint URL. Required when AUDITBOX_ARCHIVE_S3_ENABLED is true.

Example Configuration

Here's an example docker-compose.yml environment section with all key variables:

environment:
  # Required
  ELASTIC_URI: http://elasticsearch:9200
  AUDITBOX_BASE_URL: http://localhost:3002
  IDP_AUTHORIZE_ENDPOINT: http://localhost:8888/realms/auditbox/protocol/openid-connect/auth
  IDP_TOKEN_ENDPOINT: http://keycloak:8888/realms/auditbox/protocol/openid-connect/token
  IDP_CLIENT_ID: auditbox
  IDP_CLIENT_SECRET: super-secret
  AUDITBOX_API_AUTH_ENABLED: true

  # Optional
  BINDING: 0.0.0.0
  PORT: 3000
  BALP_VERSION: 1.1.3
  AUDITBOX_LOG_LEVEL: info

  AUDITBOX_ARCHIVE_S3_ENABLED: true
  AUDITBOX_DATA_RETENTION_DAYS: 90
  AUDITBOX_SNAPSHOT_REPOSITORY_NAME: my-s3
  AUDITBOX_S3_BUCKET_NAME: es-backups-bucket
  AUDITBOX_S3_ENDPOINT: http://minio:9000