***

title: Configuration File Reference
deprecated: false
hidden: false
metadata:
robots: index
-------------

The agent container requires the configuration to be in YAML format in the `/home/moveworks/agent/conf` directory with the file name as `agent_config.yml`.

The configuration encompasses various aspects such as Moveworks-specific settings, LDAP and REST client configurations, secrets management, and proxy settings.

# Secret Object

A secret object is a field in the configuration that is a protected value. All credentials in the configuration are stored as a secret object. There are 3 types of secret objects:

1. **Plaintext/Encrypted Plaintext**: These secrets are stored in the config YAML itself. Once the agent starts, all `value` objects are converted to `encrypted_value` objects for security.
   ```yaml
   value: "your-default-secret"
   # Or after encryption:
   # encrypted_value: "your-encrypted-secret"
   ```
2. **AWS Secrets Manager**: These secrets can be fetched from AWS Secrets Manager.
   ```yaml
   aws_entry:
     secret_name: "my-aws-secret"  # Name of the secret in AWS Secrets Manager
     region: "us-west-2"           # AWS region where the secret is stored
     refresh_time_sec: 3600        # Time interval in seconds to refresh / retrieve the secret
   ```
3. **Azure Key Vault**: These secrets can be fetched from Azure Key Vault
   ```yaml
   azure_entry:
     secret_name: "my-azure-secret"  # Name of the secret in Azure Key Vault
     vault: "my-azure-vault"         # Name of the Azure Key Vault
     refresh_time_sec: 3600          # Time interval in seconds to refresh / retrieve the secret
   ```
   <br />

## Top-Level Configuration Fields

1. `bond_version`
   1. **Type:** `string`
   2. **Description:** Indicates the version of the bond configuration being used.
   3. **Example:** `"2.10.3"`
2. `secrets_provider_config`
   1. **Description:** Configuration for secrets management, to either AWS Secrets Manager or Azure Key Vault. Only specified if using any of the above management methods.
   2. **`aws`** (object, optional):
      1. **Description:** Configuration specific to AWS Secrets Manager.
      2. **Fields:**
         1. `default_region`: Default AWS region for accessing secrets. Example: `"us-west-2"`
   3. **`azure`** (object, optional):
      1. **Description:** Configuration specific to Azure Key Vault.
      2. **Fields:**
         1. `default_vault`: Default Azure Key Vault to use. Example: `"your-vault-name"`
3. `moveworks_config`
   1. `auth_url`:
      1. **Type:** `string`
      2. **Description:** The URL used for authentication with Moveworks systems.
      3. **Example:** `"https://agent.moveworks.com/api/v1/auth"`
   2. `config_url`:
      1. **Type:** `string`
      2. **Description:** The URL where configuration data is fetched from.
      3. **Example:** `"https://agent.moveworks.com/api/v1/config"`
   3. `access_key`:
      1. **Type:** `string`
      2. **Description:** The key used for access authorization. Generally org name.
      3. **Example:** `"your-access-key"`
   4. `moveworks_access_secret`:
      **Type:** `secret object`
      **Description:** Secret entry for Moveworks access credentials.
   5. `path_to_cert`:
      1. **Type:** `string`
      2. **Description:** File path to the certificate used for secure connections.
      3. **Optional:** True
      4. **Example:** `"/home/moveworks/agent/certs/cert.pem"`
4. `ldap_config`
   1. `enabled`:
      1. **Type**: `boolean`
      2. **Description**: Whether the LDAP configuration is enabled.
   2. `host`:
      1. **Type:** `string`
      2. **Description:** The hostname or IP address of the LDAP server.
      3. **Example:** `"ldap.example.com"`
   3. `port`:
      1. **Type:** `int32`
      2. **Description:** The port on which the LDAP server listens.
      3. **Example:** `389`
   4. `domain`:
      1. **Type:** `string`
      2. **Description:** The domain for LDAP authentication, without `ldap://` prefix.
      3. **Example:** `"example.com"`
   5. `service_user`:
      1. **Type:** `string`
      2. **Description:** The service user account for LDAP operations.
      3. **Example:** `"service_user"`
   6. `ldap_service_password`:
      1. **Type:** `secret object`
      2. **Description:** Password for the LDAP service user.
   7. `use_ssl`:
      1. **Type:** `boolean`
      2. **Description:** Whether to connect to the LDAP server using SSL.
      3. **Example:** `true`
   8. `use_start_tls`:
      1. **Type:** `boolean`
      2. **Description:** Whether to initiate a StartTLS connection to the LDAP server.
      3. **Example:** `false`
   9. `path_to_cert`:
      1. **Type:** `string`
      2. **Description:** File path to the LDAP server's certificate.
      3. **Optional:** True
      4. **Example:** `"/home/moveworks/agent/certs/ldap_cert.pem"`
   10. `tls_skip_verify`:
       1. **Type:** `boolean`
       2. **Description:** Whether to skip TLS certificate verification for LDAP.
       3. **Optional:** True
       4. **Example:** `false`
5. `ldap_forest_config` (Map)
   1. **Description:** A map of LDAP forest configurations, keyed by forest name.
   2. **Fields per forest:**
      1. `host`:
         1. \*\*Type: \*\* `string`
         2. **Description:** Hostname or IP address of the LDAP forest server.
         3. \*\*Example: \*\* `"forest-ldap.example.com"`
      2. `port`:
         1. **Type:** `int32 `
         2. **Description:** Port number for the LDAP forest server.
         3. **Example:** `636`
      3. `domain`:
         1. **Type:** `string`
         2. **Description:** LDAP domain for the forest server, without `ldap://` prefix.
         3. **Example:** `"forest.example.com"`
      4. `service_user`
         1. **Type:** `string`
         2. **Description:** Service user for operations within the LDAP forest.
         3. **Example:** `"forest_service_user"`
      5. `ldap_service_password`:
         1. **Type:** `secret object`
         2. **Description:** Password for the service user in the LDAP forest.
      6. `use_ssl`:
         1. **Type:** `boolean`
         2. **Optional:** `True`
         3. **Description:** Whether SSL is used for connections to the forest server.
         4. **Example:** `true`
      7. `path_to_cert`:
         1. **Type:**` string`
         2. **Optional:**`True`
         3. **Description:** Path to the certificate used by the LDAP forest server.
         4. **Example:** `"/path/to/forest_cert.pem"`
      8. `tls_skip_verify`:
         1. **Type:**` boolean`
         2. **Optional:** `True`
         3. **Description:** Whether to skip TLS verification in forest configurations.
         4. **Example:** `false`
6. `rest_configs` (Map)
   1. **Description:** A map of REST client configurations, keyed by service name (e.g., `JIRA`, `SNOW`).
   2. **Fields per service:**
      1. `enabled`:
         1. **Type**: `boolean`
         2. **Description**: Whether the REST configuration is enabled
      2. `service`:
         1. **Type:** `string`
         2. **Description:** The identifier of the external service.
         3. **Example:** `"example_service"`
      3. `header_decorators`:
         1. **Type:** `array`
         2. **Description:** A list of configurations for modifying request headers. See [Header Decorators](#decorators)  section below.
      4. `body_decorators`:
         1. **Type:** `array`
         2. **Description:** A list of configurations for modifying the request body. See [Body Decorators](#decorators)  section below.
      5. `url_decorators`:
         1. **Type:** `array`
         2. **Description:** A list of configurations for modifying the request URL. See [https://www.geeksforgeeks.org/python/decorators-in-python/(#decorators)](https://www.geeksforgeeks.org/python/decorators-in-python/\(#decorators\)) section below.
      6. `do_not_use_rest_proxy`:
         1. **Type:** `boolean`
         2. **Description:** Whether to bypass any configured REST proxy for local requests.
         3. **Optional:** True
         4. **Example:** `true`
      7. `ca_cert_path`:
         1. **Type:** `string`
         2. **Description:** File path to an additional CA certificate used in TLS configuration.
         3. **Optional:** True
         4. **Example:** `"/home/moveworks/agent/certs/ca-cert.pem"`
      8. `tls_skip_verify`:
         1. **Type:** `boolean`
         2. **Description:** Whether to skip TLS certificate verification for REST communications.
         3. **Optional:** True
         4. **Example:** `false`
      9. `max_response_size`:
         1. **Type:** `int32`
         2. **Description:** Maximum size of the response in bytes that the REST client will accept.
         3. **Optional:** True
         4. **Example:** `1048576` (1 MB)
      10. `use_ntlmv2`:
          1. **Type:** `boolean`
          2. **Description:** Whether to use NTLMv2 authentication for REST calls.
          3. **Optional:** True
          4. **Example:** `false`
7. `moveworks_proxy_configs` (Map)
   1. **Description:** A map of proxy configurations, keyed by proxy name.
   2. **Fields per proxy:**
      1. `target_url`:
         1. **Type:** `string`
         2. **Description:** URL of the target where all forwarded requests should go.
         3. **Example:** `"https://proxy.example.com"`
      2. `port`:
         1. **Type:** `int32`
         2. **Description:** Port number on which the proxy listens for requests.
         3. **Example:** `8080`

## Decorators

### Header Decorators

For `rest_configs`, you can define header decorators to add different types of headers to the request.

* **Plain (KV Pair)**
  * **Description:** A simple key-value pair to be added to the request headers.
  * **Fields:** `header_key` (string), `header_value` (string).
* **File**
  * **Description:** To load multiple headers from a JSON file.
  * **Fields:** `file_path` (string).
* **Basic Auth**
  * **Description:** To add authentication via Username and Password.
  * **Fields:** `username` (string), `password` (secret object).
* **Oauth2 Client Credentials**
  * **Description:** To add authentication via OAuth2 client credentials (client ID and secret).
  * **Fields:**
    * `client_id`: (string)
    * `client_secret`: (secret object)
    * `scope`: (string)
    * `rest_call_config`: (object) Defines the auth call for the access token.
      * `url`: (secret object) Auth URL for authentication.
      * `method`: (string) HTTP method type. Default: `POST`.
      * `header_key`: (string) HTTP header to send the auth token in. Default: `Authentication`.
      * `header_template`: (string) Template for the HTTP header value. Default: `Bearer %s`.
      * `refresh_time_sec`: (int32) Time between auth token calls. Default: `60`.
      * `token_body_key`: (string) Key to pull the token from in the response body. Default: empty (takes whole response).
      * `request_body`: (string) Body of the auth request. Default: empty.
      * `auth_headers`: (map\<string, string>) Headers of the auth request. Default: `\{"content_type": "application/x-www-form-urlencoded"}`.
* **Oauth2 Client Credentials Basic Auth**
  * **Description:** To add authentication via OAuth2 client credentials basic authentication (clientid:secret). All fields are the same as Oauth2 Client Credentials Auth.
* **Oauth2 Refresh Token**
  * **Description:** To add authentication via OAuth2 Refresh Token Auth.
  * **Fields:**
    * `client_id` (string)
    * `client_secret` (secret object)
    * `scope` (string)
    * `client_refresh_token` (secret object)
    * `rest_call_config` (same as Oauth2 Client Credentials Auth)
    <br />

### Body Decorators

For `rest_configs`, you can define body decorators to add different types of body to the request.

* **Plain (KV Pair)**
  * **Description:** A simple key-value pair to be added to the request body.
  * **Fields:**:
    * `query_key` (string)
    * `query_value` (secret object).
* **Oracle Web centre auth**
  * **Description:** For Oracle WebCenter Authentication.
  * **Fields**:
    * `username`: (string)
    * `password`: (secret object)
    * `rest_call_config`: Same as `rest_call_config` in Oauth2 Refresh Token.
    * `query_key`: (string) Query param key.
    * `query_template`: (string) Template for the query value.