Sidecar Environment Variables
These variables apply to both AWS Secrets Manager and Azure Key Vault, except the ones noted.
Key | Required/Optional | Description | Example |
|---|---|---|---|
ALTR_PRIVATE_KEY_CONTENT | Optional | The private key in the key-pair used to authenticate the sidecar in ALTR’s control plane. The public key is registered in ALTR. Do not provide this variable if you have mounted your private key to the sidecar. |
|
ALTR_PRIVATE_KEY_PATH | Optional | Defines the location of a mounted private key. If not provided, the sidecar assumes a mounted key exists as /app/private.pem | -- |
AWS_DEFAULT_REGION | Required (only for AWS Secrets Manager) | AWS region for Secrets Manager and other AWS services. These are required for database credential retrieval |
|
AWS_REGION | Required (only for AWS Secrets Manager) | ||
LOG_AUDITS_TO_STDOUT | Optional | This toggle causes logs to be generated and stored, in JSON format, to stdout. The default is |
|
LOG_LEVEL | Optional | Controls the application/root logging level used by sidecar (e.g., DEBUG, INFO, WARN, ERROR). The default is INFO. |
|
LOG_MAX_FILE_SIZE | Optional | Maximum size of the active log file before sidecar rotates it (rolled files are compressed archives). The default is 100MB. |
|
LOG_MAX_HISTORY | Optional | Number of rotated log archives to keep before older ones are deleted. The default is 30. |
|
LOG_ROTATION_INTERVAL_DAYS | Optional | Time-based log rotation interval in days (rotation can happen due to time and/or size - whichever occurs first). The default is 1. |
|
SERVER_BIND_ADDRESS | Optional | IP address the sidecar's database listener ports bind to; 0.0.0.0 allows external/Docker access, 127.0.0.1 limits to local machine only. The default is 0.0.0.0. |
|
SIDECAR_CONFIG_REFRESH_INTERVAL | Optional | How often the runtime polls the control plane / data plane for updated sidecar configuration and applies changes (e.g., listener ports/bindings/flags). The default is 5 minutes. |
|
SIDECAR_DATAPLANE_BASE_URL | Required | Base URL for the control plane API that manages configuration and policies. This is the Data Plan URL that you copy from ALTR once you register the sidecar to ALTR. |
|
SIDECAR_HEALTH_CHECK_IP | Optional | IP address the health-check endpoint binds to (port 8080 is fixed); set to 0.0.0.0 if a load balancer must reach it. Used for customers to check the health of a deployed sidecar. The default is 127.0.0.1. |
|
SIDECAR_ID | Required | Unique identifier for this specific sidecar instance. It is used to identify this sidecar in the control plane. This is the Sidecar ID that you copy from ALTR once you register the sidecar to ALTR. |
|
SIDECAR_INSTANCE_ID | Optional | The ID that the sidecar software uses to identify itself when communicating with ALTR. If it is not set, the instance generates a random UUID. Setting an Instance ID provides a consistent identifier that makes monitoring and troubleshooting easier across reboots. |
|
SIDECAR_ORG_ID | Required | Your organization’s identifier in ALTR. This ID is used for auditing, telemetry and configuration retrieval. This is the Client ID visible once you register the sidecar to ALTR. |
|
SIDECAR_POLICY_REFRESH_INTERVAL | Optional | Defines how often (in minutes) to refresh policies from the control plane. |
|
SIDECAR_TAGS | Optional | Comma-separated key=value telemetry tags used to label/group sidecar deployments. If not set, the default is no tags. If set, it must be non-empty, else start up fails. NOTES:
|
|