Skip to content

Instantly share code, notes, and snippets.

@cameronfletcher
Last active April 3, 2019 07:44
Show Gist options
  • Save cameronfletcher/58673a468c8ebbbf91b81e706063ba56 to your computer and use it in GitHub Desktop.
Save cameronfletcher/58673a468c8ebbbf91b81e706063ba56 to your computer and use it in GitHub Desktop.
Ironclad configuration options
appsettings.json Environment variables Command line arguments Comments
================ ===================== ====================== ========
server { Mandatory section.
database SERVER__DATABASE --server:database (secret) Mandatory. Specifies the connection string for the database.
issuer_uri SERVER__ISSUER_URI --server:issuer_uri Optional. Specifies the issuer URI to use for ironclad. Defaults to the URI from the request.
respect_x_forwarded_for_headers SERVER__RESPECT_X_FORWARDED_FOR_HEADERS --server:respect_x_forwarded_for_headers Optional. Instructs ironclad to respect X-Forwarded-For headers. Defaults to true.
signing_certificate { Optional section (one of the following values is mandatory within this optional section; excluding 'password').
filepath SERVER__SIGNING_CERTIFICATE__FILEPATH --server:signing_certificate:filepath Optional. Specifies the filepath to the .pfx signing certificate.
password SERVER__SIGNING_CERTIFICATE__PASSWORD --server:signing_certificate:password (secret) Optional. Specifies the password for the .pfx signing certificate.
thumbprint SERVER__SIGNING_CERTIFICATE__THUMBPRINT --server:signing_certificate:thumbprint Optional. Specifies the thumbprint for a signing certificate in the local Windows certificate Machine Store.
certificate_id SERVER__SIGNING_CERTIFICATE__CERTIFICATE_ID --server:signing_certificate:certificate_id Optional. Specifies the certificate identifier for the signing certificate in the Azure key vault.
pwned_passwords_url SERVER__PWNED_PASSWORDS_URL --server:pwned_passwords_url Optional. Specifies the URL for pwned passwords. Should be set to: "https://api.pwnedpasswords.com".
}
data_protection { Optional.
keyfile_uri SERVER__DATA_PROTECTION__KEYFILE_URI --server:data_protection:keyfile_uri (secret) Mandatory. The full Azure blob storage URI where the key file should be stored.
key_id SERVER__DATA_PROTECTION__KEY_ID --server:data_protection:key_id (secret) Mandatory. The Azure key vault key identifier used for key encryption.
}
}
api { Mandatory section.
authority API__AUTHORITY --api:authority Mandatory. Specifies the authority to use for securing the API.
audience API__AUDIENCE --api:audience Mandatory. Specifies the audience to use for validating tokens issued for calling the API.
client_id API__CLIENT_ID --api:client_id (secret) Mandatory. Specifies the client identifier for the authority used to secure the api.
secret API__SECRET --api:secret (secret) Mandatory. Specifies the secret used for introspection to validate tokens.
uri API__URI --api:uri Optional. Specifies the URI to use for API calls. Default to {authority}/api.
omit_uri_for_requests_from API__OMIT_URI_FOR_REQUESTS_FROM --api:omit_uri_for_requests_from Optional. If specified, tha API URI will be omitted from any calls from the specified base path. Must include trailing slash.
}
idp { Optional section.
restricted_domains [] IDP__RESTRICTED_DOMAINS__0 --idp:restricted_domains:0 Optional. An array (see here how to: https://www.paraesthesia.com/archive/2018/06/20/microsoft-extensions-configuration-deep-dive/) of domains to restrict access to.
google { Optional section (all following values are only mandatory within this optional section).
client_id IDP__GOOGLE__CLIENT_ID --idp:google:client_id (secret) Mandatory. Specifies the client identifier for the Google identity provider.
secret IDP__GOOGLE__SECRET --idp:google:secret (secret) Mandatory. Specifies the client secret for the Google identity provider.
},
}
mail { Optional section (all following values are only mandatory within this optional section).
sender MAIL__SENDER --mail:sender Mandatory. Specifies the sender of the email.
host MAIL__HOST --mail:host Mandatory. Specifies the host for the mail server.
port MAIL__PORT --mail:port Optional. Specifies the port for the mail server. Defaults to 25.
enable_ssl MAIL__ENABLE_SSL --mail:enable_ssl Optional. Enables TLS connection mode. Defaults to true.
username MAIL__USERNAME --mail:username (secret) Mandatory. Specifies the username for the mail server.
password MAIL__PASSWORD --mail:password (secret) Mandatory. Specifies the password for the mail server.
}
website { Optional section.
styles WEBSITE__STYLES --website:styles Optional. Specifies the location of the .css file to use for website styling relative to the wwwroot of the application. Defaults to css/default.css.
logo WEBSITE__LOGOS --website:logos Optional. Specifies the location of the logo file to use for the website relative to the wwwroot of the application. Defaults to img/fingerprint.svg.
show_login_screen WEBSITE__SHOW_LOGIN_SCREEEN --website:show_login_screen Optional. Instructs Ironclad to remove the login screen alltogether. Defaults to true.
}
azure { Optional section.
key_vault { Optional section (all following values are only mandatory within this optional section).
name AZURE__KEY_VAULT__NAME --azure:key_vault:name Mandatory. Name for the Azure key vault to use.
connectionstring AZURE__KEY_VAULT__CONNECTIONSTRING --azure:key_vault:connectionstring (secret) Mandatory. The connection string for the Azure key vault.
}
}
testsettings.json Environment variables Comments
================= ===================== ========
auth_server {
port AUTH_SERVER__PORT Optional. Specifies the port to use for running ironclad.
use_docker_image AUTH_SERVER__USE_DOCKER_IMAGE Optional. Instructs the build to use a docker image for running ironclad. Defaults to 'true'. Set to 'false' to run in EXTERNAL mode.
docker {
registry AUTH_SERVER__DOCKER__REGISTRY Optional. Specifies the docker registry to use for the ironclad image. Defaults to local docker registry.
username AUTH_SERVER__DOCKER__USERNAME (secret) Optional. Specifies the docker username to use to connect to the docker registry.
password AUTH_SERVER__DOCKER__PASSWORD (secret) Optional. Specifies the docker password to use to connect to the docker registry.
tag AUTH_SERVER__DOCKER__TAG Optional. Specifies the docker tag to use for the ironclad image. Defaults to 'latest'.
}
use_source_code AUTH_SERVER__USE_SOURCE_CODE Optional. Instructs the build to use source code for running ironclad. Overrides 'use_docker_image'. Defaults to 'false'. Set to 'true' to run in TESTING mode. Should only ever be set in Ironclad solution.
postgres_tag AUTH_SERVER__POSTGRES_TAG Optional. Specifies the docker tag to use for the postgres image. Defaults to 'alpine'.
}
Environment variables Comments
===================== ========
-- used for docker images testing (secrets)
API__CLIENT_ID (secret) Mandatory. Specifies the client identifier for the authority used to secure the api.
API__SECRET (secret) Mandatory. Specifies the secret used for introspection to validate tokens.
-- for publishing beta/release NuGet packages
BUILD_SERVER__NUGET__BETA_SERVER (secret) Optional. Specifies the NuGet server to use for beta package publishing.
BUILD_SERVER__NUGET__BETA_API_KEY (secret) Optional. Specifies the password for the NuGet server to use for beta package publishing.
BUILD_SERVER__NUGET__SERVER (secret) Optional. Specifies the NuGet server to use for release package publishing.
BUILD_SERVER__NUGET__API_KEY (secret) Optional. Specifies the password for the NuGet server to use for release package publishing.
-- for publishing beta/release Docker images
BUILD_SERVER__DOCKER__BETA_REGISTRY (secret) Optional. Specifies the Docker registry to use for beta image publishing.
BUILD_SERVER__DOCKER__BETA_USERNAME (secret) Optional. Specifies the username for the Docker registry to use for beta image publishing.
BUILD_SERVER__DOCKER__BETA_PASSWORD (secret) Optional. Specifies the password for the Docker registry to use for beta image publishing.
BUILD_SERVER__DOCKER__REGISTRY (secret) Optional. Specifies the Docker registry to use for release image publishing.
BUILD_SERVER__DOCKER__USERNAME (secret) Optional. Specifies the username for the Docker registry to use for release image publishing.
BUILD_SERVER__DOCKER__PASSWORD (secret) Optional. Specifies the password for the Docker registry to use for release image publishing.
Environment variables Comments
===================== ========
-- only required for use of Ironclad.Tests.Sdk
AUTH_SERVER__PORT Optional. Specifies the port to use for running ironclad.
AUTH_SERVER__USE_DOCKER_IMAGE Optional. Instructs the build to use a docker image for running ironclad. Defaults to 'true'. Set to 'false' to run in EXTERNAL mode.
AUTH_SERVER__DOCKER__REGISTRY Optional. Specifies the docker registry to use for the ironclad image. Defaults to local docker registry.
AUTH_SERVER__DOCKER__USERNAME (secret) Optional. Specifies the docker username to use to connect to the docker registry.
AUTH_SERVER__DOCKER__PASSWORD (secret) Optional. Specifies the docker password to use to connect to the docker registry.
AUTH_SERVER__DOCKER__TAG Optional. Specifies the docker tag to use for the ironclad image. Defaults to 'latest'.
AUTH_SERVER__POSTGRES_TAG Optional. Specifies the docker tag to use for the postgres image. Defaults to 'alpine'.
{
"urls": "http://*:5005;",
"server": {
"issuer_uri": "http://ironclad.io",
"respect_x_forwarded_for_headers": true
},
"api": {
"authority": "http://localhost:5005",
"audience": "auth_api"
}
}
{
"server": {
"database": "Host=localhost;Database=ironclad;Username=postgres;Password=postgres;"
},
"api": {
"client_id": "auth_api",
"secret": "api_secret"
},
"idp": {
"google": {
"client_id": "835517018777-4hnr0i9s8750kb10uaejdokel68bhtbb.apps.googleusercontent.com",
"secret": "LCPH4fgebc-i4JR99GmoYU-X"
}
},
"mail": {
"username": "example@test.com",
"password": "password"
},
"azure": {
"key_vault": {
"name": "azure-key-vault",
"connectionstring": "RunAs=App;AppId={guid};TenantId={guid};AppKey={secret}"
}
}
}
@cameronfletcher
Copy link
Author

cameronfletcher commented Dec 8, 2018

The secrets (above) are not secret.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment