Skip to main content

Configuration

To configure the CLI plugins, create a new directory in a location of your choice, and within it create a YAML file called config.yaml with the following contents (including the information for the plugins you intend to use):

logging:
  log_level: LEVEL
plugins:
  auth0:
    domain: DOMAIN
    client-id: ID
    client-secret: SECRET
  json:
    from-file: PATH_TO_FILE
    to-file: PATH_TO_OUTPUT_FILE
  aserto:
    tenant: TENANT_ID
    authorizer: AUTHORIZER
    api-key: AUTHORIZER_API_KEY
  okta:
    domain: OKTA_DOMAIN
    api-token: TOKEN
  azuread:
    tenant: AZUREAD_TENANT
    client-id: AZUREAD_CLIENT_ID
    client-secret: AZUREAD_CLIENT_SECRET

Configuration elements

General

log_level: the possible logging level values are: trace, debug, warning and info

Auth0

note

These values should come from a machine-to-machine (M2M) application. To learn how to set one up in Auth0, refer to this guide.

  • domain: Auth0 domain
  • client-id: Auth0 client ID for a M2M application
  • client-secret: Auth0 client secret for the same M2M application

JSON

  • from-file: path to the JSON file users will be read from
  • to-file: path to the JSON file users will be written to

Aserto

  • tenant: the tenant ID for the account or organization
  • authorizer: the address of your authorizer, appended with the port 8443. For example, authorizer.prod.aserto.com:8443
  • api-key: the Authorizer API key (you can obtain this from the Authorizer connection in the console)

Okta

  • domain: the Okta machine-to-machine (M2M) Okta domain
  • api-token: the Okta machine-to-machine (M2M) Client Secret

Entra / AzureAD

note

To get these values, navigate to the Azure Portal => Azure Active Directory => App Registrations, locate your Azure AD app and select Certificates & Secrets

  • tenant: the AzureAD tenant
  • client-id: the AzureAD client ID
  • client-secret: the AzureAD secret for the provided client ID