Skip to main content

Configurations

Shield can be configured with config.yaml file. An example of such is:

version: 1

# logging configuration
log:
# debug, info, warning, error, fatal - default 'info'
level: debug
activity:
# none, stdout, db - default 'none'
sink: stdout


app:
port: 8000
identity_proxy_header: X-Shield-Email
# full path prefixed with scheme where resources config yaml files are kept
# e.g.:
# local storage file "file:///tmp/resources_config"
# GCS Bucket "gs://shield/resources_config"
resources_config_path: file:///tmp/resources_config\
# secret required to access resources config
# e.g.:
# system environment variable "env://TEST_RULESET_SECRET"
# local file "file:///opt/auth.json"
# secret string "val://user:password"
# optional
resources_config_path_secret: env://TEST_RESOURCE_CONFIG_SECRET

db:
driver: postgres
url: postgres://shield:@localhost:5432/shield?sslmode=disable
max_query_timeout: 500ms

spicedb:
host: spicedb.localhost
pre_shared_key: randomkey
port: 50051

# proxy configuration
proxy:
services:
- name: test
host: 0.0.0.0
# port where the proxy will be listening on for requests
port: 5556
# full path prefixed with scheme where ruleset yaml files are kept
# e.g.:
# local storage file "file:///tmp/rules"
# GCS Bucket "gs://shield/rules"
ruleset: file:///tmp/rules
# secret required to access ruleset
# e.g.:
# system environment variable "env://TEST_RULESET_SECRET"
# local file "file:///opt/auth.json"
# secret string "val://user:password"
# optional
ruleset_secret: env://TEST_RULESET_SECRET