Startup Parameters / Environment variables

Startup Parameters / Environment variables

Note: All parameters must be prefixed with xeotek_kadeck_ (e.g., xeotek_kadeck_secret). The prefix is omitted below for readability.

License

teamid

Your team ID (required)

secret

Your secret (required)

Basic Configuration

port

The port through which the Kadeck Web UI will be accessible.

Default: 8133

Example: 8080

home

Exposes all endpoints at the specified path.

Default: Empty (root path)

Example: kadeckweb (accessible at https://localhost/kadeckweb)

loglevel

The log level of the application.

Default: WARN

Example: DEBUG

session_timeout

The session timeout in seconds.

Default: -1 (no timeout)

Example: 3600 (1 hour)

Database Configuration

db_url

The JDBC URL to your H2 or Postgres database.

Default: In-memory H2 database

Example: jdbc:postgresql://hostname:5432/kadeck_db

db_username

The username of the user that has full permissions to run DDL and SQL queries.

Example: kadeck_db_admin

db_password

The password of the user that has full permissions to run DDL and SQL queries.

Example: kadeck_db_password

Authentication Configuration

authentication_method

Set the authentication method.

Default: internal

Options: internal, ldap, or openid

init_with_userid

The user ID of the first user.

Default: admin

Example: mycustomuserid

Note: Does not affect the initial password.

SSL Configuration

keystore_path

The absolute path to the keystore.

Example: /path/to/keystore

keystore_pass

The keystore password.

Example: password

keystore_alias

The keystore alias.

Example: alias

LDAP Authentication

authentication_ldap_url

The URL of the LDAP server starting with ldap:// or ldaps://.

Example: ldap://10.20.30.40:389/

authentication_ldap_user

The distinguished name (DN) of the Kadeck service user. Used to list users and their groups.

Example: ldap_admin

authentication_ldap_password

The password for the Kadeck service user.

Example: ldap_admin_password

authentication_ldap_base

The path to the Kadeck user accounts.

Example: dc=example,dc=com

authentication_ldap_filter

The query filter for querying the user accounts found under the base path. Kadeck retrieves all users that match this filter.

Example: (ObjectClass=person)

authentication_ldap_user_id_attribute

The attribute used for the userid in Kadeck (must be unique). This is the ID that the user must enter when logging in.

Example: cn

authentication_ldap_user_fullname_attribute

The attribute used for the username in Kadeck. This is the displayed name of the user in Kadeck.

Default: Value of the user_id_attribute

Example: displayname

authentication_ldap_group_attribute

The attribute used to retrieve the user's groups.

Example: memberOf

authentication_ldap_group_regex

A regular expression used to extract the group name from the DNs/names listed under the group_attribute. Only the first matching group of the regular expression is used to match the Kadeck groups.

Example: (?i)cn=(\w+),ou=Groups.*

authentication_ldap_group_management

Enables automatic group assignment of groups in Kadeck via the configured group_attribute. If not enabled, the groups have to be assigned to the users manually in Kadeck.

Default: false

Example: true

authentication_ldap_debug

Output additional information for debugging purposes on log level INFO.

Default: false

Example: true

authentication_ldap_sync_interval_mins

The time interval at which Kadeck updates the users and their group memberships. The first update takes place immediately after the start of Kadeck.

Default: 60

Example: 120

Cluster Configuration

cluster_hostname

The cluster hostname or IP.

Example: 10.20.30.40

cluster_port

The cluster port number.

Default: 2551

Example: 2551

cluster_bind_hostname

Interface to which the cluster will bind.

Example: 10.20.30.40

cluster_bind_port

Port to which the cluster interface will bind.

Default: Same as cluster_port

Example: 2551

cluster_nodes

The host names or IPs and respective ports of the nodes that constitute the cluster. The current node will try to connect indefinitely to that list of nodes until it succeeds or is shutdown.

Default: The local node only (cluster_hostname:cluster_port)

Example: 10.20.30.40:2551,10.20.30.41:2551

Monitoring Configuration

monitoring_mode

Sets the monitoring behavior.

Default: strict

Options:

  • strict: Standard monitoring behavior
  • flex: Limits the number of simultaneous monitoring scans per connection to one. The monitoring interval is no longer guaranteed.

sync_max_interval_mins

The sync interval for pulling data from the Xeotek Uplink server.

Default: 120

Example: 60

Audit Configuration

audit_mode

Specifies where audit logs are stored.

Default: DB (stores logs in the database)

Example: KAFKA (additionally ingests audit logs into an Apache Kafka topic)

audit_topic

The topic to be used if audit_mode is set to "KAFKA".

Default: _kadeck.audit

Example: my_kadeck_audit_topic

audit_connection

The ID of the configured Kafka connection to use for audit logging. Required if audit_mode is set to "KAFKA".

Default: 0

Example: 1

Initialization Files

init_roles_file

Path to a YAML file defining all roles available in Kadeck.

Example: /opt/roles.yaml

init_groups_file

Path to a YAML file defining all groups available in Kadeck.

Example: /opt/groups.yaml

    • Related Articles

    • Startup Parameters / Environment variables

      The following list of startup parameters needs to be supplied through environment variables to the Kadeck Teams instance. Prefix "xeotek_kadeck_" required All values in the table need to be prefixed with 'xeotek_kadeck_', e.g. xeotek_kadeck_secret. ...

    • Startup parameters for Desktop

      You can pass any parameter to Kadeck's Java backend by adding them to the KA_DECK_OPTS environment variable. Windows cmd /c "SET KA_DECK_OPTS='-Xmx6G'&KaDeck.exe MacOS launchctl setenv KA_DECK_OPTS "-Xms6G" && open Kadeck.app/ Linux ...

    • Download Kadeck docker image for offline use

      Offline docker setup These are the steps to transfer the Kadeck Teams docker image to a server that runs docker without internet access: On a device with internet access: use docker save xeotek/kadeck:VERSION > kadeck.tar to save the file ...

    • General SASL/Keberos configuration

      This article describes how to configure a server connection with SASL and Kerberos correctly. Introduction Kadeck supports a variety of configurations when connecting to a server using SASL. Supported security protocols SASL_PLAINTEXT SASL_SSL ...

    • Using Placeholders in Apache Kafka and Amazon Kinesis connections

      When configuring connections to Apache Kafka or Amazon Kinesis, you can use environment variable placeholders to dynamically insert sensitive or environment-specific values (e.g., credentials, file paths, or hostnames). This feature is supported both ...