Documentation
Configuration Reference
Complete reference for all PolicyCortex configuration options and settings
YAML ConfigurationEnvironment VariablesDocker & K8sCLI Integration
Configuration Options
Platform Configuration
Core platform settings and global configuration options
api_endpoint
stringAPI endpoint URL for PolicyCortex platform
Default:
"https://api.policycortex.com"
Example:
https://api.us-east-1.policycortex.com
Environment Variable:
POLICYCORTEX_API_ENDPOINT
Additional Info:
See documentation for detailed constraints and validation rules.
auth_method
enumrequiredAuthentication method for API access
Default:
"api_key"
Example:
api_key
Options:
api_keyoauth2saml
Additional Info:
See documentation for detailed constraints and validation rules.
api_key
stringrequiredsensitiveAPI key for authentication
Default:
null
Example:
pc_api_key_abcd1234efgh5678
Environment Variable:
POLICYCORTEX_API_KEY
Additional Info:
See documentation for detailed constraints and validation rules.
organization_id
stringrequiredOrganization identifier
Default:
null
Example:
org_abc123def456
Environment Variable:
POLICYCORTEX_ORG_ID
Additional Info:
See documentation for detailed constraints and validation rules.
timeout
integerAPI request timeout in seconds
Default:
30
Example:
60
Additional Info:
See documentation for detailed constraints and validation rules.
retry_attempts
integerNumber of retry attempts for failed requests
Default:
3
Example:
5
Additional Info:
See documentation for detailed constraints and validation rules.
log_level
enumLogging level for platform operations
Default:
"info"
Example:
debug
Options:
debuginfowarnerror
Additional Info:
See documentation for detailed constraints and validation rules.
Scanning Configuration
Settings for resource scanning and policy evaluation
concurrent_scans
integerMaximum number of concurrent scan operations
Default:
10
Example:
20
Additional Info:
See documentation for detailed constraints and validation rules.
scan_timeout
integerMaximum scan duration in seconds
Default:
1800
Example:
3600
Additional Info:
See documentation for detailed constraints and validation rules.
resource_batch_size
integerNumber of resources to process per batch
Default:
1000
Example:
500
Additional Info:
See documentation for detailed constraints and validation rules.
excluded_resource_types
arrayResource types to exclude from scanning
Default:
[]
Example:
["aws.ec2.snapshot","azure.storage.blob"]
Additional Info:
See documentation for detailed constraints and validation rules.
scan_schedule
stringCron expression for scheduled scans
Default:
"0 2 * * *"
Example:
0 6 * * 1-5
Additional Info:
See documentation for detailed constraints and validation rules.
enable_real_time_scanning
booleanEnable real-time event-driven scanning
Default:
true
Example:
false
Additional Info:
See documentation for detailed constraints and validation rules.
Cloud Integrations
Configuration for cloud provider integrations
aws_regions
arrayAWS regions to include in scans
Default:
["us-east-1"]
Example:
["us-east-1","us-west-2","eu-west-1"]
Additional Info:
See documentation for detailed constraints and validation rules.
aws_assume_role_arn
stringAWS IAM role ARN for cross-account access
Default:
null
Example:
arn:aws:iam::123456789012:role/PolicyCortexRole
Environment Variable:
AWS_ASSUME_ROLE_ARN
Additional Info:
See documentation for detailed constraints and validation rules.
azure_subscription_ids
arrayAzure subscription IDs to scan
Default:
[]
Example:
["12345678-1234-1234-1234-123456789012"]
Additional Info:
See documentation for detailed constraints and validation rules.
gcp_project_ids
arrayGCP project IDs to include in scans
Default:
[]
Example:
["my-project-123","production-env"]
Additional Info:
See documentation for detailed constraints and validation rules.
kubernetes_contexts
arrayKubernetes contexts to scan
Default:
[]
Example:
["production","staging"]
Additional Info:
See documentation for detailed constraints and validation rules.
Policy Configuration
Settings for policy management and execution
policy_engine_version
stringPolicy engine version to use
Default:
"v2"
Example:
v2
Options:
v1v2
Additional Info:
See documentation for detailed constraints and validation rules.
default_policy_severity
enumDefault severity level for new policies
Default:
"medium"
Example:
high
Options:
lowmediumhighcritical
Additional Info:
See documentation for detailed constraints and validation rules.
policy_cache_ttl
integerPolicy cache time-to-live in seconds
Default:
300
Example:
600
Additional Info:
See documentation for detailed constraints and validation rules.
enable_policy_inheritance
booleanEnable policy inheritance from parent organizations
Default:
true
Example:
false
Additional Info:
See documentation for detailed constraints and validation rules.
custom_policy_paths
arrayAdditional paths to search for custom policies
Default:
[]
Example:
["/opt/policies","./custom-policies"]
Additional Info:
See documentation for detailed constraints and validation rules.
Notification Settings
Configuration for alerts and notifications
webhook_url
stringWebhook URL for real-time notifications
Default:
null
Example:
https://hooks.slack.com/services/...
Environment Variable:
POLICYCORTEX_WEBHOOK_URL
Additional Info:
See documentation for detailed constraints and validation rules.
email_notifications
booleanEnable email notifications
Default:
true
Example:
false
Additional Info:
See documentation for detailed constraints and validation rules.
notification_severity_threshold
enumMinimum severity level for notifications
Default:
"medium"
Example:
high
Options:
lowmediumhighcritical
Additional Info:
See documentation for detailed constraints and validation rules.
alert_aggregation_window
integerTime window for alert aggregation in seconds
Default:
300
Example:
600
Additional Info:
See documentation for detailed constraints and validation rules.
Security Settings
Security and encryption configuration
encrypt_at_rest
booleanEnable encryption at rest for stored data
Default:
true
Example:
true
Additional Info:
See documentation for detailed constraints and validation rules.
encryption_key_id
stringsensitiveKMS key ID for data encryption
Default:
null
Example:
arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012
Environment Variable:
POLICYCORTEX_KMS_KEY_ID
Additional Info:
See documentation for detailed constraints and validation rules.
enable_audit_logging
booleanEnable comprehensive audit logging
Default:
true
Example:
true
Additional Info:
See documentation for detailed constraints and validation rules.
session_timeout
integerUser session timeout in seconds
Default:
3600
Example:
7200
Additional Info:
See documentation for detailed constraints and validation rules.
ip_whitelist
arrayIP addresses or CIDR blocks allowed to access the platform
Default:
[]
Example:
["10.0.0.0/8","192.168.1.100"]
Additional Info:
See documentation for detailed constraints and validation rules.
Configuration Files
Main Configuration
~/.policycortex/config.yaml
Primary configuration file for CLI and platform settings
# PolicyCortex Configuration
api_endpoint: https://api.policycortex.com
organization_id: org_abc123def456
auth_method: api_key
api_key: pc_api_key_abcd1234efgh5678
# Scanning settings
scanning:
concurrent_scans: 10
scan_timeout: 1800
excluded_resource_types:
- aws.ec2.snapshot
- azure.storage.blob
# Integrations
integrations:
aws:
regions:
- us-east-1
- us-west-2
assume_role_arn: arn:aws:iam::123456789012:role/PolicyCortexRole
azure:
subscription_ids:
- 12345678-1234-1234-1234-123456789012
# Notifications
notifications:
email_notifications: true
webhook_url: https://hooks.slack.com/services/...
severity_threshold: highEnvironment Variables
.env
Environment variables for sensitive configuration
# Authentication
POLICYCORTEX_API_KEY=pc_api_key_abcd1234efgh5678
POLICYCORTEX_ORG_ID=org_abc123def456
# API Configuration
POLICYCORTEX_API_ENDPOINT=https://api.policycortex.com
# AWS Configuration
AWS_ASSUME_ROLE_ARN=arn:aws:iam::123456789012:role/PolicyCortexRole
# Security
POLICYCORTEX_KMS_KEY_ID=arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012
POLICYCORTEX_WEBHOOK_URL=https://hooks.slack.com/services/...Docker Compose
docker-compose.yml
Docker configuration for containerized deployments
version: '3.8'
services:
policycortex:
image: policycortex/platform:latest
environment:
- POLICYCORTEX_API_KEY=${POLICYCORTEX_API_KEY}
- POLICYCORTEX_ORG_ID=${POLICYCORTEX_ORG_ID}
- LOG_LEVEL=info
volumes:
- ./config:/etc/policycortex
- ./policies:/opt/policies
ports:
- "8080:8080"
restart: unless-stoppedKubernetes ConfigMap
k8s-config.yaml
Kubernetes configuration for container orchestration
apiVersion: v1
kind: ConfigMap
metadata:
name: policycortex-config
namespace: policycortex
data:
config.yaml: |
api_endpoint: https://api.policycortex.com
organization_id: org_abc123def456
scanning:
concurrent_scans: 20
scan_timeout: 3600
integrations:
aws:
regions:
- us-east-1
- us-west-2
---
apiVersion: v1
kind: Secret
metadata:
name: policycortex-secrets
namespace: policycortex
type: Opaque
data:
api-key: cGNfYXBpX2tleV9hYmNkMTIzNGVmZ2g1Njc4Related Resources
Explore configuration guides and deployment documentation.