Starting the Orchestration Server Docker container by retrieving parameters from Vault

Learn about how to start the Orchestration Server Docker container by specifying CONFIGURE_MODE=Vault.

Mandatory environment variables

These are the mandatory parameters that you need to specify to configure the container to retrieve more parameters from Vault. You can pass these parameters only as container environment variables.


Environment variable name	Description
TENANT	The name of the group that contains your set of environments. For example, MyCompany.
ENVIRONMENT	The name of the environment. For example, Non-production.
ENVTYPE	The environment type. Accepted values are `auth` and `live`.
VAULT_TOKEN	The Vault token to use to connect to Vault and request certification from Vault `PKI`.
VAULT_URL	The Vault URL to use to connect to Vault and request certification from Vault `PKI`.

Mandatory Vault key values

These are the mandatory Vault key values that you must specify within Vault to configure the Orchestration Server Docker container to use the Vault configuration mode.


Key name	Value
`${VAULT_URL}/${TENANT}/${ENVIRONMENT}/auth/toolingOrigin` Or `${VAULT_URL}/${TENANT}/${ENVIRONMENT}/auth/toolingBaseUrl`	The Auth Tooling origin. The sample format is: `https://tooling.${TENANT}${ENVIRONMENT}.{{ include "external.domain" $ }}` Note: If toolingOrigin is not specified and toolingBaseUrl is specified, then the tooling origin value will be derived from the tooling base URL (all characters before the first slash).
`${VAULT_URL}/${TENANT}/${ENVIRONMENT}/live/toolingOrigin` Or `${VAULT_URL}/${TENANT}/${ENVIRONMENT}/live/toolingBaseUrl`	The Live Tooling origin. The sample format is: `https://tooling.${TENANT}${ENVIRONMENT}.{{ include "external.domain" $ }}`
`${VAULT_URL}/${TENANT}/${ENVIRONMENT}/auth/ search Host`	The encrypted password for the spiuser. For more information, see Setting the spiuser password in your Docker images.

Optional Vault key values

These are the optional Vault key values that you can specify within Vault to configure the Orchestration Server Docker container when used with the Vault configuration mode.


Key name	Value
`${VAULT_URL}/${TENANT}/${ENVIRONMENT}/ domainName`	The internal service domain name. The default value is default.svc.cluster.local. If the deployed environment is on a special namespace on Kubernetes, then the domain name should be .svc.cluster.local.
`${VAULT_URL}/${TENANT}/${ENVIRONMENT}/auth/ txHost`	The Auth Transaction server hostname. The Default value is `${TENANT}${ENVIRONMENT}authts-app.$DOMAIN_NAME`.
`${VAULT_URL}/${TENANT}/${ENVIRONMENT}/auth/ txPort`	The Auth Transaction server port. The Default value is 5443.
`${VAULT_URL}/${TENANT}/${ENVIRONMENT}/live/ txHost`	The Live Transaction server hostname. The Default value is `${TENANT}${ENVIRONMENT}livets-app.$DOMAIN_NAME`.
`${VAULT_URL}/${TENANT}/${ENVIRONMENT}/live/ txPort`	The Live Transaction server port. The Default value is 5443.
`${VAULT_URL}/${TENANT}/${ENVIRONMENT}/auth/search Host`	The Auth Search server hostname. The default value is `${TENANT}${ENVIRONMENT}authsearch-app-master.$DOMAIN_NAME`.
`${VAULT_URL}/${TENANT}/${ENVIRONMENT}/auth/search Port`	The Auth Search server port. The default value is 3738.
`${VAULT_URL}/${TENANT}/${ENVIRONMENT}/live/searchHost`	The Live Search server hostname. The default value is `${TENANT}${ENVIRONMENT}livesearch-app-slave.$DOMAIN_NAME`.
`${VAULT_URL}/${TENANT}/${ENVIRONMENT}/live/searchPort`	The Live Search server port. The default value is 3738.
`${VAULT_URL}/${TENANT}/${ENVIRONMENT}/ spiUserName`	The SPIUSER name. The default value is spiuser.
`${VAULT_URL}/${TENANT}/${ENVIRONMENT}/auth/orchestrationExtraAllowedOrigins`	Comma separated extra allowed origins for the auth orchestration server.
`${VAULT_URL}/${TENANT}/${ENVIRONMENT}/live/orchestrationExtraAllowedOrigins`	Comma separated extra allowed origins for the live orchestration server.