Environment Variables Reference¶
CredProxy supports configuration via environment variables for operational flexibility
in containerized environments. All environment variables use the CREDPROXY_ namespace
by default.
Core Environment Variables¶
These variables are defined in credproxy/settings.py and control CredProxy’s runtime behavior.
Configuration File¶
CREDPROXY_CONFIG_FILEPath to the YAML configuration file.
Default:
/credproxy/config.yamlExample:
CREDPROXY_CONFIG_FILE=/app/config.yaml
Namespace Configuration¶
CREDPROXY_NAMESPACECustom namespace prefix for all environment variables.
Default:
CREDPROXY_Example:
CREDPROXY_NAMESPACE=MYAPP_Note: Changing this allows you to use a custom prefix like
MYAPP_CONFIG_FILE
Logging Configuration¶
CREDPROXY_LOG_LEVELLogging level for the application.
Default:
warningValid values:
debug,info,warning,error,critical(case-insensitive)Example:
CREDPROXY_LOG_LEVEL=infoCREDPROXY_LOG_HEALTH_CHECKSEnable logging for health check requests (non-error responses).
Default:
falseValid values:
true,1,yes,on(case-insensitive) enable logging; any other value disables it.Example:
CREDPROXY_LOG_HEALTH_CHECKS=true
Configuration Schema Variables¶
These variables correspond to the JSON schema and allow overriding YAML configuration values.
Server Configuration¶
CREDPROXY_HOSTServer host address.
Default:
localhostFrom schema:
server.hostCREDPROXY_PORTServer port number.
Default:
1338Range: 1-65535
From schema:
server.portCREDPROXY_DEBUGEnable debug mode.
Default:
falseFrom schema:
server.debug
Credentials Configuration¶
CREDPROXY_REFRESH_BUFFER_SECONDSRefresh credentials this many seconds before expiry.
Default:
300(5 minutes)Range: 0-3600
From schema:
credentials.refresh_buffer_secondsCREDPROXY_RETRY_DELAYRetry delay on errors in seconds.
Default:
60Range: 1-300
From schema:
credentials.retry_delayCREDPROXY_REQUEST_TIMEOUTRequest timeout for external requests in seconds.
Default:
30Range: 1-300
From schema:
credentials.request_timeout
Dynamic Services Configuration¶
CREDPROXY_DYNAMIC_SERVICES_ENABLEDEnable dynamic services monitoring.
Default:
falseFrom schema:
dynamic_services.enabledCREDPROXY_DYNAMIC_SERVICES_DIRECTORIESList of directories to monitor for service configuration files. For new per-directory format, this accepts comma-separated paths only. For full per-directory configuration (include/exclude patterns), use YAML configuration file.
Default:
/credproxy/dynamicFrom schema:
dynamic_services.directoriesNote: Environment variable only supports directory paths. For include/exclude patterns, use YAML configuration file.
CREDPROXY_DYNAMIC_SERVICES_RELOAD_INTERVALReload interval in seconds for debouncing file changes.
Default:
5Range: 1-60
From schema:
dynamic_services.reload_interval
Metrics Configuration¶
CREDPROXY_METRICS_PROMETHEUS_ENABLEDEnable Prometheus metrics endpoint.
Default:
trueFrom schema:
metrics.prometheus.enabledCREDPROXY_METRICS_PROMETHEUS_HOSTHost address for Prometheus metrics server.
Default:
0.0.0.0From schema:
metrics.prometheus.hostCREDPROXY_METRICS_PROMETHEUS_PORTPort for Prometheus metrics server (separate from main API).
Default:
9090Range: 1024-65535
From schema:
metrics.prometheus.port
Usage Examples¶
Docker Compose¶
services:
credproxy:
image: public.ecr.aws/compose-x/aws/credproxy:latest
environment:
- CREDPROXY_LOG_LEVEL=info
- CREDPROXY_LOG_HEALTH_CHECKS=true
- CREDPROXY_REFRESH_BUFFER_SECONDS=600
- CREDPROXY_METRICS_PROMETHEUS_ENABLED=true
Kubernetes¶
apiVersion: v1
kind: Pod
metadata:
name: credproxy
spec:
containers:
- name: credproxy
image: public.ecr.aws/compose-x/aws/credproxy:latest
env:
- name: CREDPROXY_LOG_LEVEL
value: "info"
- name: CREDPROXY_CONFIG_FILE
value: "/config/credproxy.yaml"
- name: CREDPROXY_DYNAMIC_SERVICES_ENABLED
value: "true"
ECS Task Definition¶
{
"containerDefinitions": [
{
"name": "credproxy",
"image": "public.ecr.aws/compose-x/aws/credproxy:latest",
"environment": [
{
"name": "CREDPROXY_LOG_LEVEL",
"value": "info"
},
{
"name": "CREDPROXY_METRICS_PROMETHEUS_ENABLED",
"value": "true"
}
]
}
]
}