# Environment Variables The Auditbox application can be configured using the following environment variables. ## Elasticsearch URI ```yaml ELASTIC_URI: "http://elasticsearch:9200" ``` URI for Elasticsearch connection.
Details
TypeString
Default value(no default)
Requiredtrue
## Auditbox base URL ```yaml AUDITBOX_BASE_URL: "http://localhost:3002" ``` Base URL where Auditbox is hosted.
Details
TypeString
Default value(no default)
Requiredtrue
## Identity provider authorize endpoint ```yaml IDP_AUTHORIZE_ENDPOINT: "http://localhost:8888/realms/auditbox/protocol/openid-connect/auth" ``` Authorization endpoint for your identity provider.
Details
TypeString
Default value(no default)
Requiredtrue
## Identity provider token endpoint ```yaml IDP_TOKEN_ENDPOINT: "http://keycloak:8888/realms/auditbox/protocol/openid-connect/token" ``` Token endpoint for your identity provider.
Details
TypeString
Default value(no default)
Requiredtrue
## Identity provider client ID ```yaml IDP_CLIENT_ID: "auditbox" ``` OAuth client ID for authentication.
Details
TypeString
Default value(no default)
Requiredtrue
## Identity provider client secret ```yaml IDP_CLIENT_SECRET: "" ``` OAuth client secret for authentication.
Details
TypeString
Default value(no default)
Requiredtrue
Sensitivetrue — value should be kept secret
## API authentication enabled ```yaml AUDITBOX_API_AUTH_ENABLED: true ``` Enable or disable API authentication.
Details
TypeBool
Default value(no default)
Requiredtrue
## Capability statement path ```yaml CAPABILITY_STATEMENT_PATH: "capability_statement.edn" ``` Path to the capability statement file.
Details
TypeString
Default valuecapability_statement.edn
Requiredfalse
## Network binding ```yaml BINDING: "127.0.0.1" ``` Network binding address for the server.
Details
TypeString
Default value127.0.0.1
Requiredfalse
## Port ```yaml PORT: 3000 ``` Port on which the application listens.
Details
TypeInteger
Default value3000
Requiredfalse
## BALP version ```yaml BALP_VERSION: "1.1.3" ``` Supported BALP (Basic Audit Log Patterns) version.
Details
TypeEnum
Values1.1.0
1.1.1
1.1.2
1.1.3
Default value1.1.3
Requiredfalse
## Elasticsearch authentication ```yaml AUDITBOX_ES_AUTH: ":" ``` Elasticsearch basic authentication credentials. Implemented and tested for the `superadmin` role in Elasticsearch.
Details
TypeString
Format<user>:<password>
Default value(no default)
Requiredfalse
Sensitivetrue — value should be kept secret
## Log level ```yaml AUDITBOX_LOG_LEVEL: "debug" ``` Application logging level.
Details
TypeEnum
Valuesoff
debug
info
error
Default valuedebug
Requiredfalse
## S3 archive enabled ```yaml AUDITBOX_ARCHIVE_S3_ENABLED: false ``` Enables S3 archival strategy with backups.
Details
TypeBool
Default valuefalse
Requiredfalse
## Data retention days ```yaml AUDITBOX_DATA_RETENTION_DAYS: 30 ``` Number of days to retain audit events before archiving (must be >= 1).
Details
TypeInteger
Default value30
Requiredfalse
## Snapshot repository name ```yaml AUDITBOX_SNAPSHOT_REPOSITORY_NAME: "default" ``` Name of the Elasticsearch snapshot repository for backups.
Details
TypeString
Default valuedefault
Requiredfalse
## S3 bucket name ```yaml AUDITBOX_S3_BUCKET_NAME: "" ``` S3 bucket name for snapshot storage. Required when `AUDITBOX_ARCHIVE_S3_ENABLED` is `true`.
Details
TypeString
Default value(no default)
Requiredtrue when AUDITBOX_ARCHIVE_S3_ENABLED is enabled
## S3 endpoint ```yaml AUDITBOX_S3_ENDPOINT: "https://s3.amazonaws.com" ``` S3 endpoint URL. Required when `AUDITBOX_ARCHIVE_S3_ENABLED` is `true`.
Details
TypeString
Default value(no default)
Requiredtrue when AUDITBOX_ARCHIVE_S3_ENABLED is enabled
## Example Configuration Here's an example `docker-compose.yml` environment section with all key variables: ```yaml environment: # Required ELASTIC_URI: http://elasticsearch:9200 AUDITBOX_BASE_URL: http://localhost:3002 IDP_AUTHORIZE_ENDPOINT: http://localhost:8888/realms/auditbox/protocol/openid-connect/auth IDP_TOKEN_ENDPOINT: http://keycloak:8888/realms/auditbox/protocol/openid-connect/token IDP_CLIENT_ID: auditbox IDP_CLIENT_SECRET: super-secret AUDITBOX_API_AUTH_ENABLED: true # Optional BINDING: 0.0.0.0 PORT: 3000 BALP_VERSION: 1.1.3 AUDITBOX_LOG_LEVEL: info AUDITBOX_ARCHIVE_S3_ENABLED: true AUDITBOX_DATA_RETENTION_DAYS: 90 AUDITBOX_SNAPSHOT_REPOSITORY_NAME: my-s3 AUDITBOX_S3_BUCKET_NAME: es-backups-bucket AUDITBOX_S3_ENDPOINT: http://minio:9000 ```