ALTR Sidecar RPM Repository

# ======================================================================= # ALTR Sidecar Configuration # ======================================================================= # This file contains the environment configuration for the ALTR Sidecar. # # IMPORTANT: This file will be preserved during RPM upgrades. # Check config.env.example for new configuration options after upgrades. # ======================================================================= # REQUIRED: ALTR Organization and Sidecar IDs # Obtain these from the ALTR console when creating your sidecar SIDECAR_ORG_ID= SIDECAR_ID= # OPTIONAL: Sidecar Instance ID # Unique identifier for this specific sidecar instance # Default: Auto-generated UUID if not specified #SIDECAR_INSTANCE_ID= # REQUIRED: ALTR Data Plane endpoint # Production: https://sc-data.live.altr.com SIDECAR_DATAPLANE_BASE_URL=https://sc-data.live.altr.com # AWS Configuration AWS_DEFAULT_REGION=us-east-1 AWS_REGION=us-east-1 # Polling intervals for configuration and policy updates # Supported formats: Xh (hours), Xm (minutes), Xs (seconds) # Default: 5m if not specified #SIDECAR_POLICY_REFRESH_INTERVAL=5m #SIDECAR_CONFIG_REFRESH_INTERVAL=5m # Private Key Configuration # Option 1: Use the mounted private.pem file (default) # Option 2: Set ALTR_PRIVATE_KEY_CONTENT and remove the bind mount from altr-sidecar.container # Option 3: Set custom path to private key file (this is local to the container) #ALTR_PRIVATE_KEY_PATH=/custom/path/to/private.pem #ALTR_PRIVATE_KEY_CONTENT= # Logging Configuration # Set to "true" to log all audits to stdout as JSON (default: false) # Useful for log aggregation systems #LOG_AUDITS_TO_STDOUT=true # Optional: Override log level (DEBUG, INFO, WARN, ERROR) #LOG_LEVEL=INFO # Optional: Log Rotation Settings # Rotation occurs when either the size limit or the time interval is reached. # Files are compressed (.gz) upon rotation. # Maximum size of a single log file before rotation (e.g., 10MB, 1GB) # Default: 100MB #LOG_MAX_FILE_SIZE=100MB # Interval in days for time-based rotation # Default: 1 #LOG_ROTATION_INTERVAL_DAYS=1 # Number of archived log files to retain before deletion # Default: 30 #LOG_MAX_HISTORY=30 # Optional: Bind address for the sidecar server (default: 0.0.0.0) # Set to 127.0.0.1 for local-only access #SERVER_BIND_ADDRESS=0.0.0.0 # Optional: Oracle Proxy Mode # Set to "passthrough" to run the Oracle sidecar in passthrough mode, # forwarding traffic directly to the database without inspection. # Useful for diagnostic logging around connection failures. # Default: smart proxy (omit or leave commented) #ORCL_SIDECAR_MODE=passthrough # Optional: Health Check Configuration # IP address for health check endpoint (default: 127.0.0.1) # Set to 0.0.0.0 if you need load balancer access to health checks # Health check is always available on port 8080 #SIDECAR_HEALTH_CHECK_IP=127.0.0.1 # Optional: User-defined tags for telemetry # Comma-separated key-value pairs. Max 50 tags. # Keys: 1-128 characters, cannot start with 'altr:' (lowercase only; 'ALTR:', 'Altr:', etc. are allowed). # Values: 0-256 characters (empty values allowed). # Allowed characters: Unicode letters, numbers, spaces, and: _ . : / = + - @ # Commas and quotes are NOT allowed in keys or values. # Every comma-delimited segment must contain exactly one unescaped "=". # Empty segments (consecutive or trailing commas) will cause startup failure. # If SIDECAR_TAGS is set, it must not be empty; an empty value fails startup. # Each tag must have exactly ONE unescaped "=" as the key-value separator. # Any additional "=" characters anywhere in the key or value MUST be escaped as \= . # Duplicate keys: later values overwrite earlier ones (warning logged); the 50-tag limit applies after duplicates are consolidated. # # Escaping with backslash: # \= represents a literal equals sign (not treated as separator) # Other escape sequences are NOT allowed (e.g., \\ and \a are invalid) # IMPORTANT: Backslashes can ONLY escape equals signs. To include literal backslashes # in keys/values (e.g., Windows paths), use forward slashes instead: # path=C:/Users/admin (correct) # path=C:\Users\admin (FAILS - \U and \a are invalid escapes) # # Whitespace handling: # All whitespace in keys and values is preserved as-is. # Whitespace-only keys are valid: " =value" has key " " (three spaces). # # Examples: # Standard: env=prod,region=us-east-1 # Escaped key: my\=key=value → key "my=key", value "value" # Escaped value: key=val\=ue → key "key", value "val=ue" # Both escaped: my\=key=my\=value → key "my=key", value "my=value" # Empty value: key= → key "key", value "" # Invalid commas: key=value, → startup failure (trailing comma) # # Invalid examples: # key="value" → startup failure (quotes not allowed) # my=key=value → startup failure (too many unescaped =) # If key="my" and value="key=value", use: my=key\=value # If key="my=key" and value="value", use: my\=key=value # key=value=more → startup failure (too many unescaped =) # If key="key" and value="value=more", use: key=value\=more # key=val\ue → startup failure (invalid escape \u) # key=path\ → startup failure (trailing backslash) # key=path\\file → startup failure (invalid escape \\) # # NOTE: Tags are logged verbatim once at startup when telemetry reporting is configured to # avoid log bloat; subsequent telemetry logs only include counts. With full logs you # can reconstruct the exact tag set that is sent. # WARNING: Do not include sensitive information (passwords, tokens, API keys, PII, etc.) in tags. # Tags are logged verbatim (once) and transmitted to ALTR telemetry services. #SIDECAR_TAGS=env=prod,region=us-east-1,owner=platform-team