Startup Parameters / Environment variables
The following list of startup parameters needs to be supplied through environment variables to the Kadeck Teams instance.
Prefix "xeotek_kadeck_" required
All values in the table need to be prefixed with 'xeotek_kadeck_', e.g. xeotek_kadeck_secret. The prefix is omitted for readability.
All values in the table need to be prefixed with 'xeotek_kadeck_', e.g. xeotek_kadeck_secret. The prefix is omitted for readability.
| Variable Name | Example Value | Description |
| monitoring_mode | strict | flex | Set to flex to limit the number of simultaneous monitoring scans per connection to one. When set to flex, the monitoring interval is no longer guaranteed. Default is "strict". |
cluster_bind_hostname | 10.20.30.40 | interface to which the cluster will bind to |
cluster_bind_port | 2551 | port to which the cluster interface will bind to. Defaults to cluster_port |
cluster_hostname | 10.20.30.40 | the cluster hostname or ip. |
cluster_port | 2551 | the cluster port number. |
cluster_nodes | 10.20.30.40:2551,10.20.30.41:2551 | the host names or ips and respective ports of the nodes that constitute the cluster. The current node will try to connect indefinitely to that list of nodes until it succeeds or is shutdown. Defaults to the local node only (cluster_hostname:cluster_port). |
| db_url | jdbc:h2:localhost | the jdbc url to your database. Currently only H2 and Postgres are supported. An H2 in memory database is the default |
| db_username | kadeck_db_admin | the username of the user that has full permissions to run DDL and SQL queries |
| db_password | kadeck_db_password | tha password of the suer that has full permissions to run DDL and SQL queries |
| home | kadeckweb | exposes all endpoints at the specified path (e.g https://localhost/kadeckweb). Default value is the empty string |
| init_with_userid | mycustomuserid | the user id of the first user. Defaults to admin. The initial password is not affected |
| keystore_alias | alias | the keystore alias |
| keystore_path | /path/to/keystore | the absolute path to the keystore |
| keystore_pass | password | the keystore password |
authentication_method | internal | Set to "ldap" or "openid" to activate the ldap or openid authentication module |
authentication_ldap_url | ldap://10.20.30.40:389/ | The url of the LDAP server starting with ldap:// or ldaps:// |
authentication_ldap_user | ldap_admin | The distinguished name (DN) of the Kadeck service user. Used to list users and their groups. |
authentication_ldap_password | ldap_admin_password | The password for the Kadeck service user. |
authentication_ldap_debug | true | Output additional information for debugging purposes on log level INFO. |
authentication_ldap_sync_interval_mins | 60 | The time interval at which Kadeck updates the users and their group memberships. The first update takes place immediately after the start of Kadeck. |
authentication_ldap_base | dc=example,dc=com | The path to the Kadeck user accounts. |
authentication_ldap_filter | (ObjectClass=person) | The query filter for querying the user accounts found under the base path. Kadeck retrieves all users that match this filter |
authentication_ldap_user_id_attribute | cn | The attribute used for the userid in Kadeck (must be unique). This is the id that the user must enter when logging in. |
authentication_ldap_user_fullname_attribute | displayname | The attribute is used for the username in Kadeck. This is the displayed name of the user in Kadeck (when editing views for example). Uses the value of the user_id_attribute by default. |
authentication_ldap_group_attribute | memberOf | The attribute is used to retrieve the user’s groups. |
authentication_ldap_group_regex | (?i)cn=(\w+),ou=Groups.* | A regular expression used to extract the group name from the DNs/names listed under the group_attribute. Only the first matching group of the regular expression is used to match the Kadeck groups. |
authentication_ldap_group_management | false | Enables automatic group assignment of groups in Kadeck via the configured group_attribute. If not enabled, the groups have to be assigned to the users manually in Kadeck. |
| loglevel | DEBUG | the log level of the application. Default is WARN. |
| port | 80 | the port through which the Kadeck Web UI will be accessible |
| sync_max_interval_mins | 120 | the sync interval for pulling data from the Xeotek Uplink server |
| session_timeout | -1 | The session timeout in seconds. |
| secret | password | Your secret authentication code |
| teamid | myteamname.randomcharacters | Your team id |
Additional parameters
Please prefix all variable names with xeotek_kadeck_, e.g.: xeotek_kadeck_audit_mode.
| Variable Name | Example Value | Description |
| audit_mode | KAFKA | Specifies where audit logs are stored. Set to "KAFKA" to additionally ingest audit logs into an Apache Kafka topic. Defaults to "DB", which stores logs in the database. |
| audit_topic | _kadeck.audit | The topic to be used if audit_mode is set to "KAFKA". Defaults to "_kadeck.audit". |
| audit_connection | 0 | The ID of the configured Kafka connection to use for audit logging. Required if audit_mode is set to "KAFKA". Defaults to 0. |
| init_roles_file | /opt/roles.yaml | Path to a YAML file defining all roles available in Kadeck. |
| init_groups_file | /opt/groups.yaml | Path to a YAML file defining all groups available in Kadeck. |
trust_proxy_ssl | false | Set to true if TLS termination is handled by ingress. |
Related Articles
Startup Parameters / Environment variables
The following list of startup parameters needs to be supplied through environment variables to the Kadeck Teams instance. Prefix "xeotek_kadeck_" required All values in the table need to be prefixed with 'xeotek_kadeck_', e.g. xeotek_kadeck_secret. ...Startup parameters for Desktop
You can pass any parameter to Kadeck's Java backend by adding them to the KA_DECK_OPTS environment variable. Windows cmd /c "SET KA_DECK_OPTS='-Xmx6G'&KaDeck.exe MacOS launchctl setenv KA_DECK_OPTS "-Xms6G" && open Kadeck.app/ Linux ...Download Kadeck docker image for offline use
Offline docker setup These are the steps to transfer the Kadeck Teams docker image to a server that runs docker without internet access: On a device with internet access: use docker save xeotek/kadeck:VERSION > kadeck.tar to save the file ...General SASL/Keberos configuration
This article describes how to configure a server connection with SASL and Kerberos correctly. Introduction Kadeck supports a variety of configurations when connecting to a server using SASL. Supported security protocols SASL_PLAINTEXT SASL_SSL ...Using Placeholders in Apache Kafka and Amazon Kinesis connections
When configuring connections to Apache Kafka or Amazon Kinesis, you can use environment variable placeholders to dynamically insert sensitive or environment-specific values (e.g., credentials, file paths, or hostnames). This feature is supported both ...