***
title: Configuration File Reference
position: 1
deprecated: false
hidden: false
---------------------
For clean Markdown of any page, append .md to the page URL. For a complete documentation index, see https://docs.moveworks.com/agent-studio/core-platform/moveworks-agent/moveworks-agent-configuration-guides/llms.txt. For full documentation content, see https://docs.moveworks.com/agent-studio/core-platform/moveworks-agent/moveworks-agent-configuration-guides/llms-full.txt.
The agent container requires the configuration to be in YAML format in the `/home/moveworks/agent/conf` directory with the file name as `agent_config.yml`.
The configuration encompasses various aspects such as Moveworks-specific settings, LDAP and REST client configurations, secrets management, and proxy settings.
# Secret Object
A secret object is a field in the configuration that is a protected value. All credentials in the configuration are stored as a secret object. There are 3 types of secret objects:
1. **Plaintext/Encrypted Plaintext**: These secrets are stored in the config YAML itself. Once the agent starts, all `value` objects are converted to `encrypted_value` objects for security.
```yaml
value: "your-default-secret"
# Or after encryption:
# encrypted_value: "your-encrypted-secret"
```
2. **AWS Secrets Manager**: These secrets can be fetched from AWS Secrets Manager.
```yaml
aws_entry:
secret_name: "my-aws-secret" # Name of the secret in AWS Secrets Manager
region: "us-west-2" # AWS region where the secret is stored
refresh_time_sec: 3600 # Time interval in seconds to refresh / retrieve the secret
```
3. **Azure Key Vault**: These secrets can be fetched from Azure Key Vault
```yaml
azure_entry:
secret_name: "my-azure-secret" # Name of the secret in Azure Key Vault
vault: "my-azure-vault" # Name of the Azure Key Vault
refresh_time_sec: 3600 # Time interval in seconds to refresh / retrieve the secret
```
## Top-Level Configuration Fields
1. `bond_version`
1. **Type:** `string`
2. **Description:** Indicates the version of the bond configuration being used.
3. **Example:** `"2.10.3"`
2. `secrets_provider_config`
1. **Description:** Configuration for secrets management, to either AWS Secrets Manager or Azure Key Vault. Only specified if using any of the above management methods.
2. **`aws`** (object, optional):
1. **Description:** Configuration specific to AWS Secrets Manager.
2. **Fields:**
1. `default_region`: Default AWS region for accessing secrets. Example: `"us-west-2"`
3. **`azure`** (object, optional):
1. **Description:** Configuration specific to Azure Key Vault.
2. **Fields:**
1. `default_vault`: Default Azure Key Vault to use. Example: `"your-vault-name"`
3. `moveworks_config`
1. `auth_url`:
1. **Type:** `string`
2. **Description:** The URL used for authentication with Moveworks systems.
3. **Example:** `"https://agent.moveworks.com/api/v1/auth"`
2. `config_url`:
1. **Type:** `string`
2. **Description:** The URL where configuration data is fetched from.
3. **Example:** `"https://agent.moveworks.com/api/v1/config"`
3. `access_key`:
1. **Type:** `string`
2. **Description:** The key used for access authorization. Generally org name.
3. **Example:** `"your-access-key"`
4. `moveworks_access_secret`:
**Type:** `secret object`
**Description:** Secret entry for Moveworks access credentials.
5. `path_to_cert`:
1. **Type:** `string`
2. **Description:** File path to the certificate used for secure connections.
3. **Optional:** True
4. **Example:** `"/home/moveworks/agent/certs/cert.pem"`
4. `ldap_config`
1. `enabled`:
1. **Type**: `boolean`
2. **Description**: Whether the LDAP configuration is enabled.
2. `host`:
1. **Type:** `string`
2. **Description:** The hostname or IP address of the LDAP server.
3. **Example:** `"ldap.example.com"`
3. `port`:
1. **Type:** `int32`
2. **Description:** The port on which the LDAP server listens.
3. **Example:** `389`
4. `domain`:
1. **Type:** `string`
2. **Description:** The domain for LDAP authentication, without `ldap://` prefix.
3. **Example:** `"example.com"`
5. `service_user`:
1. **Type:** `string`
2. **Description:** The service user account for LDAP operations.
3. **Example:** `"service_user"`
6. `ldap_service_password`:
1. **Type:** `secret object`
2. **Description:** Password for the LDAP service user.
7. `use_ssl`:
1. **Type:** `boolean`
2. **Description:** Whether to connect to the LDAP server using SSL.
3. **Example:** `true`
8. `use_start_tls`:
1. **Type:** `boolean`
2. **Description:** Whether to initiate a StartTLS connection to the LDAP server.
3. **Example:** `false`
9. `path_to_cert`:
1. **Type:** `string`
2. **Description:** File path to the LDAP server's certificate.
3. **Optional:** True
4. **Example:** `"/home/moveworks/agent/certs/ldap_cert.pem"`
10. `tls_skip_verify`:
1. **Type:** `boolean`
2. **Description:** Whether to skip TLS certificate verification for LDAP.
3. **Optional:** True
4. **Example:** `false`
5. `ldap_forest_config` (Map)
1. **Description:** A map of LDAP forest configurations, keyed by forest name.
2. **Fields per forest:**
1. `host`:
1. \*\*Type: \*\* `string`
2. **Description:** Hostname or IP address of the LDAP forest server.
3. \*\*Example: \*\* `"forest-ldap.example.com"`
2. `port`:
1. **Type:** `int32 `
2. **Description:** Port number for the LDAP forest server.
3. **Example:** `636`
3. `domain`:
1. **Type:** `string`
2. **Description:** LDAP domain for the forest server, without `ldap://` prefix.
3. **Example:** `"forest.example.com"`
4. `service_user`
1. **Type:** `string`
2. **Description:** Service user for operations within the LDAP forest.
3. **Example:** `"forest_service_user"`
5. `ldap_service_password`:
1. **Type:** `secret object`
2. **Description:** Password for the service user in the LDAP forest.
6. `use_ssl`:
1. **Type:** `boolean`
2. **Optional:** `True`
3. **Description:** Whether SSL is used for connections to the forest server.
4. **Example:** `true`
7. `path_to_cert`:
1. **Type:**` string`
2. **Optional:**`True`
3. **Description:** Path to the certificate used by the LDAP forest server.
4. **Example:** `"/path/to/forest_cert.pem"`
8. `tls_skip_verify`:
1. **Type:**` boolean`
2. **Optional:** `True`
3. **Description:** Whether to skip TLS verification in forest configurations.
4. **Example:** `false`
6. `rest_configs` (Map)
1. **Description:** A map of REST client configurations, keyed by service name (e.g., `JIRA`, `SNOW`).
2. **Fields per service:**
1. `enabled`:
1. **Type**: `boolean`
2. **Description**: Whether the REST configuration is enabled
2. `service`:
1. **Type:** `string`
2. **Description:** The identifier of the external service.
3. **Example:** `"example_service"`
3. `header_decorators`:
1. **Type:** `array`
2. **Description:** A list of configurations for modifying request headers. See [Header Decorators](#decorators) section below.
4. `body_decorators`:
1. **Type:** `array`
2. **Description:** A list of configurations for modifying the request body. See [Body Decorators](#decorators) section below.
5. `url_decorators`:
1. **Type:** `array`
2. **Description:** A list of configurations for modifying the request URL. See [https://www.geeksforgeeks.org/python/decorators-in-python/(#decorators)](https://www.geeksforgeeks.org/python/decorators-in-python/\(#decorators\)) section below.
6. `do_not_use_rest_proxy`:
1. **Type:** `boolean`
2. **Description:** Whether to bypass any configured REST proxy for local requests.
3. **Optional:** True
4. **Example:** `true`
7. `ca_cert_path`:
1. **Type:** `string`
2. **Description:** File path to an additional CA certificate used in TLS configuration.
3. **Optional:** True
4. **Example:** `"/home/moveworks/agent/certs/ca-cert.pem"`
8. `tls_skip_verify`:
1. **Type:** `boolean`
2. **Description:** Whether to skip TLS certificate verification for REST communications.
3. **Optional:** True
4. **Example:** `false`
9. `max_response_size`:
1. **Type:** `int32`
2. **Description:** Maximum size of the response in bytes that the REST client will accept.
3. **Optional:** True
4. **Example:** `1048576` (1 MB)
10. `use_ntlmv2`:
1. **Type:** `boolean`
2. **Description:** Whether to use NTLMv2 authentication for REST calls.
3. **Optional:** True
4. **Example:** `false`
7. `moveworks_proxy_configs` (Map)
1. **Description:** A map of proxy configurations, keyed by proxy name.
2. **Fields per proxy:**
1. `target_url`:
1. **Type:** `string`
2. **Description:** URL of the target where all forwarded requests should go.
3. **Example:** `"https://proxy.example.com"`
2. `port`:
1. **Type:** `int32`
2. **Description:** Port number on which the proxy listens for requests.
3. **Example:** `8080`
## Decorators
### Header Decorators
For `rest_configs`, you can define header decorators to add different types of headers to the request.
* **Plain (KV Pair)**
* **Description:** A simple key-value pair to be added to the request headers.
* **Fields:** `header_key` (string), `header_value` (string).
* **File**
* **Description:** To load multiple headers from a JSON file.
* **Fields:** `file_path` (string).
* **Basic Auth**
* **Description:** To add authentication via Username and Password.
* **Fields:** `username` (string), `password` (secret object).
* **Oauth2 Client Credentials**
* **Description:** To add authentication via OAuth2 client credentials (client ID and secret).
* **Fields:**
* `client_id`: (string)
* `client_secret`: (secret object)
* `scope`: (string)
* `rest_call_config`: (object) Defines the auth call for the access token.
* `url`: (secret object) Auth URL for authentication.
* `method`: (string) HTTP method type. Default: `POST`.
* `header_key`: (string) HTTP header to send the auth token in. Default: `Authentication`.
* `header_template`: (string) Template for the HTTP header value. Default: `Bearer %s`.
* `refresh_time_sec`: (int32) Time between auth token calls. Default: `60`.
* `token_body_key`: (string) Key to pull the token from in the response body. Default: empty (takes whole response).
* `request_body`: (string) Body of the auth request. Default: empty.
* `auth_headers`: (map\) Headers of the auth request. Default: `\{"content_type": "application/x-www-form-urlencoded"}`.
* **Oauth2 Client Credentials Basic Auth**
* **Description:** To add authentication via OAuth2 client credentials basic authentication (clientid:secret). All fields are the same as Oauth2 Client Credentials Auth.
* **Oauth2 Refresh Token**
* **Description:** To add authentication via OAuth2 Refresh Token Auth.
* **Fields:**
* `client_id` (string)
* `client_secret` (secret object)
* `scope` (string)
* `client_refresh_token` (secret object)
* `rest_call_config` (same as Oauth2 Client Credentials Auth)
### Body Decorators
For `rest_configs`, you can define body decorators to add different types of body to the request.
* **Plain (KV Pair)**
* **Description:** A simple key-value pair to be added to the request body.
* **Fields:**:
* `query_key` (string)
* `query_value` (secret object).
* **Oracle Web centre auth**
* **Description:** For Oracle WebCenter Authentication.
* **Fields**:
* `username`: (string)
* `password`: (secret object)
* `rest_call_config`: Same as `rest_call_config` in Oauth2 Refresh Token.
* `query_key`: (string) Query param key.
* `query_template`: (string) Template for the query value.