Starting the Approval Server Docker container by retrieving parameters from Vault

Learn about how to start the Approval Server Docker container container by specifying CONFIGURE_MODE=Vault.

Mandatory environment variables

These are the mandatory parameters that you need to specify to configure the container to retrieve more parameters from Vault. You can pass these parameters only as container environment variables.


Environment variable name	Description
TENANT	The name of the group that contains your set of environments. For example, `MyCompany`.
ENVIRONMENT	The name of the environment. For example, `Non-production`.
ENVTYPE	The environment type. Accepted values are `auth` and `live`.
VAULT_TOKEN	The Vault token to use to connect to Vault and request certification from Vault PKI.
VAULT_URL	The Vault URL to use to connect to Vault and request certification from Vault PKI.

Mandatory Vault key values

These are the mandatory Vault key values that you must specify within Vault to configure the Approval Server Docker container container to use the Vault configuration mode.


Key name	Value
`${VAULT_URL}/${TENANT}/${ENVIRONMENT}/auth/toolingOrigin` or `${VAULT_URL}/${TENANT}/${ENVIRONMENT}/auth/toolingBaseUrl`	The Auth Tooling web URL. The sample format is: `https://www.${TENANT}${ENVIRONMENT}auth.{{ include "external.domain" $ }}` `https://www.${TENANT}${ENVIRONMENT}auth.{{ include "external.domain" $ }}/tooling` Note: If `toolingOrigin` is not specified and `toolingBaseUrl` is specified, then the tooling origin value will be derived from the tooling base URL (all characters before the first slash). Optional for a SoFy environment Helm Chart.
`${VAULT_URL}/${TENANT}/${ENVIRONMENT}/live/toolingOrigin` or `${VAULT_URL}/${TENANT}/${ENVIRONMENT}/live/toolingBaseUrl`	The live Tooling web URL. The sample format is: `https://www.${TENANT}${ENVIRONMENT}live.{{ include "external.domain" $ }}` https://www.${TENANT}${ENVIRONMENT}live.{{ include "external.domain" $ }}/tooling Note: Optional for a SoFy environment Helm Chart.
`${VAULT_URL}/${TENANT}/${ENVIRONMENT}/spiUserPwd`	The encrypted password for the spiuser. For more information, see Setting the spiuser password in your Docker images.
`${VAULT_URL}/${TENANT}/${ENVIRONMENT}/sessionKeyEncrypt`	The encrypted session key. Note: This parameter was optional in all releases prior to HCL Commerce 9.1.12.0.
`${VAULT_URL}/${TENANT}/${ENVIRONMENT}/authJWKS`	The JSON Web Key Set (JWKS) containing the JSON Web Key (JWK) used to validate the JSON Web Token (JWT) that is issued by the Transaction server. TheApproval server only requires the public key related information from the JWT. In the event that the private key information is also included in the JWKS, the Approval server will remove the private key information and only configure the public key for use with the application.

Optional Vault key values

These are the optional Vault key values that you can specify within Vault to configure the Approval Server Docker container container when used with the Vault configuration mode.


Key name	Value
`${VAULT_URL}/${TENANT}/${ENVIRONMENT}/domainName`	The internal service domain name. The default value is `default.svc.cluster.local`. If the deployed environment is on a special namespace on Kubernetes, then the domain name should be `.svc.cluster.local`.
`${VAULT_URL}/${TENANT}/${ENVIRONMENT}/externalDomainName`	The external domain name specifies the Store server web external domain name, which can be recognized by your browser. For example, in the hostname `store.demo4qaauth.hcl.com`, then `hcl.com` is the external domain name.
`${VAULT_URL}/${TENANT}/${ENVIRONMENT}/auth/txToolingHost`	The Auth Tooling web hostname. The Default value is `${TENANT}${ENVIRONMENT}authts-web.$DOMAIN_NAME`.
`${VAULT_URL}/${TENANT}/${ENVIRONMENT}/auth/txToolingPort`	The Auth Tooling web port. The Default value is `8000`.
`${VAULT_URL}/${TENANT}/${ENVIRONMENT}/live/txToolingHost`	The Live Tooling web hostname. The Default value is `${TENANT}${ENVIRONMENT}livets-web.$DOMAIN_NAME`.
`${VAULT_URL}/${TENANT}/${ENVIRONMENT}/live/txToolingPort`	The Live Tooling web port. The Default value is `8000`.
`${VAULT_URL}/${TENANT}/${ENVIRONMENT}/auth/reactStoreHost`	The Auth Store server web hostname. The default value is `www.${TENANT}${ENVIRONMENT}auth${EXTERNAL_DOMAIN_NAME}`.
`${VAULT_URL}/${TENANT}/${ENVIRONMENT}/auth/reactStorePort`	The Auth Store server web port. The default value is `443`.
`${VAULT_URL}/${TENANT}/${ENVIRONMENT}/live/reactStoreHost`	The Live Store server web hostname. The default value is `www.${TENANT}${ENVIRONMENT}live${EXTERNAL_DOMAIN_NAME}`.
`${VAULT_URL}/${TENANT}/${ENVIRONMENT}/live/reactStorePort`	The Live Store server web port. The default value is `443`.
`${VAULT_URL}/${TENANT}/${ENVIRONMENT}/spiUserName`	The SPIUSER name. The default value is `spiuser`.
`${VAULT_URL}/${TENANT}/${ENVIRONMENT}/extraAllowedOrigins/approval`	Extra allowed origins for the Approval server.
`${VAULT_URL}/${TENANT}/${ENVIRONMENT}/adminUser`	The Spring security user name.
`${VAULT_URL}/${TENANT}/${ENVIRONMENT}/adminPassword`	The Spring security user password.
`${VAULT_URL}/${TENANT}/${ENVIRONMENT}/traceSpecification/approval-app`	The log level used for troubleshooting purposes. Available log levels are: `trace` `debug` `info` `warn` `error` `fatal` Note: When configured as `trace`, all messages are displayed. When configured as `debug`, all messages are displayed except those tagged as `trace`. When configured as `info`, all messages at levels `info` through `fatal` are displayed. By default, server-side API client log messages are displayed at level: `info` `trace` .