Environment Variables
Last modified on May 24, 2024
The StrongDM command line recognizes environment variables to control and modify its functionality. This document details the available environment variables and their function.
Environment variables can be set on a gateway or relay server by adding to the
sdm-proxy file, which is usually located at /etc/sysconfig/sdm-proxy.| Name | Format | Function |
|---|---|---|
| SDM_ADMIN_TOKEN | <JWT_TOKEN> | An admin token or service account token to use for sdm authentication; if set, this token is used by StrongDM and there is no need to log in via the CLI or desktop app |
| SDM_EMAIL | SDM_EMAIL=email-address-value@example.com | If set, the specified email address is used automatically when using the sdm login command in the CLI |
| SDM_FALLBACK_DNS | <DNS_ADDRESS>:<PORT> | DNS address to use as a fallback if a call to app.strongdm.com fails; defaults to 1.1.1.1:53 and can be set to 0 to disable fallback |
| SDM_HOME | /path/to/home | The location where sdm places its logs and keys; defaults to ~/.sdm; must be writable by the user running sdm |
| SDM_VERBOSE | true|false | If set, log verbosity is set to high for troubleshooting purposes |
Variables for Gateways and Relays
The following variables are only for use with gateways and relays.
| Name | Format | Function |
|---|---|---|
| SDM_DISABLE_UPDATE | Boolean | If set to true, disables auto-updates for relays |
| SDM_DOCKERIZED | truefalsestderr | If true, logs go to STDOUT rather than sdm.log for Docker or Kubernetes deployments or for troubleshooting purposes; if stderr, logs go to STDERR |
| SDM_HOSTNAME_CURL_ADDRESS | URI | If set within the StrongDM Gateway AMI in the userdata field at instance launch, the gateway reaches out to the specified address to determine its public hostname instead of the default AWS address |
| SDM_MAINTENANCE_WINDOW_START | integer | If set, schedules the hour of the day (0 to 23 UTC) when gateways and relays can terminate connections and restart (default: 7) |
| SDM_METRICS_LISTEN_ADDRESS | :port | If set in the gateway or relay’s environment on port 9999, enables the gateway or relay to listen for metrics on the specified port |
| SDM_ORCHESTRATOR_PROBES | :port | If set, enables the http://<GATEWAY OR RELAY IP>:port/liveness URL to check whether the gateway or relay is in good health |
| SDM_RELAY_LOG_ENCRYPTION | plaintextpubkey:///pubkeyfullpath/file.pem | Overrides relay log encryption settings configured in the Admin UI |
| SDM_RELAY_LOG_FORMAT | csvjson | Overrides relay log format settings configured in the Admin UI |
| SDM_RELAY_LOG_STORAGE | stdoutfilenonetcp://host:portsocket:///fullpath/syslog://host:port | Overrides relay log storage settings configured in the Admin UI |
| SDM_RELAY_TOKEN | <JWT_TOKEN> | A gateway or relay token to use when invoking the sdm binary; normally not needed as this is entered when installing the gateway or relay |