# Advanced Settings ### Overview The settings in this document control the features and security of the Automator service. *** #### Setting: `automator_debug` Env Variable: `AUTOMATOR_DEBUG` Description: This is an easier way to turn on/off debug logging in Automator. *** #### Setting: `automator_config_key` Env Variable: `AUTOMATOR_CONFIG_KEY` Default: Empty Description: Base64-url-encoded 256-bit AES key. This is normally only used as an environment variable. (since v3.1.0). This setting is required to load the encrypted configuration from the Keeper cloud if there is no shared /usr/mybin/config file storage between container instances. *** #### Setting: `automator_host` Env Variable: `AUTOMATOR_HOST` Default: localhost Description: The hostname or IP address where the Automator service is listening locally. If SSL is enabled (`ssl_mode` parameter), the automator\_host value needs to match the SSL certificate subject name. The setting `disable_sni_check` can be set to `false` if the subject name does not match. If the service is running on a machine with multiple network IPs, this setting will bind the Automator service to the specified IP. If you encounter binding errors in the service startup, it is recommended to use the local network IP address in the host setting instead of localhost. *** #### Setting: `automator_port` Env Variable: `AUTOMATOR_PORT` Default: 8089 Description: The port where the Automator listens. If running in Docker, use the default 8089. *** #### Setting: `disable_sni_check` Env Variable: `DISABLE_SNI_CHECK` Default: false Description: Disable the SNI check against the certificate subject name, if SSL is being used. *** #### Setting: `email_domains` Env Variable: `EMAIL_DOMAINS` Default: null Description: A comma-separated list of user email domains for which Automator will approve devices or teams. Example: "example.com, test.com, mydomain.com". This depends on the filter\_by\_email\_domains setting to be enabled as well. *** #### Setting: `filter_by_email_domains` Env Variable: `FILTER_BY_EMAIL_DOMAINS` Description: If true, Keeper will consult the **email\_domains** list. If false, the **email\_domains** list will be ignored. *** #### Setting: `enabled` Env Variable: N/A Default: false Description: This determines if Automator is enabled or disabled. *** #### Setting: `enable_rate_limits` Env Variable: `ENABLE_RATE_LIMITS` Default: false Description: If true, Automator will rate limit incoming calls per the following schedule: `approve_device`: 100 calls/minute with bursts to 200 `approve_teams_for_user`: 100 calls/minute with bursts to 200 `full_reset`: 4 per minute, with bursts to 6 `health`: 4 per minute `initialize`: 4 per minute, with bursts to 6 `setup`: 4 per minute, with bursts to 6 `status`: 5 per minute *** #### Setting: `ip_allow` and `ip_deny` Env Variable: `IP_ALLOW` and `IP_DENY` Default: "" Description: This restriction allows users to be eligible for automatic approval. Users accepted by the IP restriction filter still need to be approved in the usual way by Automator. Users denied by the IP restriction filter will not be automatically approved. If "ip\_allow" is empty, all IP addresses are allowed except those listed in the "ip\_deny" list. If used, devices at IP addresses outside the allowed range are not approved by Automator. The values are a comma-separated list of single IP addresses or IP ranges. The "ip\_allow" list is checked first, then the "ip\_deny" list is checked. Example 1:\ ip\_allow= ip\_deny= Example 2: ip\_allow=10.10.1.1-10.10.1.255, 172.58.31.3, 175.200.1.10-175.200.1.20 ip\_deny=10.10.1.25 *** #### Setting: `name` Env Variable: N/A Default: Automator-1 Description: The name of the Automator. It should be unique inside an Enterprise. An automator can be referenced by its name or by its ID. *** #### Setting: `persist_state` Env Variable: N/A Default: true Description: If true, the Automator state will be preserved across shutdowns. Leave this on. *** #### Setting: `skill` Env Variable: N/A Default: device\_approval Description: “device\_approval” means device approval. “team\_for\_user\_approval” means team approvals. An Automator can have multiple skills. “device\_approval” is the default. *** #### Setting: `ssl_certificate` Env Variable: `SSL_CERTIFICATE` Default: null Description: A Base64-encoded string containing the contents of the PFX file used for the SSL certificate. For example, on UNIX `base64 -i my-certificate.pfx` will produce the required value. Using this environment variable will override the `ssl_certificate_filename` setting. *** #### Setting: `ssl_certificate_file_password` Env Variable: `SSL_CERTIFICATE_PASSWORD` Default: "" Description: The password on the SSL file. If used, the key password should be empty, or should be the same. The library we use does not allow different passwords. *** #### Setting: `ssl_certificate_key_password` Env Variable: `SSL_CERTIFICATE_KEY_PASSWORD` Default: "" Description: The password on the private key inside the SSL file. This should be empty or the same as the file password. *** #### Setting: `ssl_mode` Env Variable: `SSL_MODE` Default: certificate Description: The method of communication on the Automator service. This can be: `certificate`, `self_signed`, or `none`. If `none`, the Automator server will use HTTP instead of HTTPS. This may be acceptable when Automator is hosted under a load balancer that decrypts SSL traffic. *** #### Setting: `url` Env Variable: N/A Default: "" Description: The URL where the Automator can be contacted. ***