# Environment Variables The StrongDM command line recognizes environment variables to control and modify its functionality. This document details the available environment variables and their function. Environment variables can be set on a StrongDM systemd service by adding to the environment file: * For service accounts, it is usually located at `/etc/sysconfig/sdm`. * For gateways and relays, it is usually located at `/etc/sysconfig/sdm-proxy`. * For bridge and proxy workers, it is usually located at `/etc/sysconfig/sdm-worker`. | Name | Format | Function | | -------------------- | --------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | HTTP\_PROXY | `111.222.333.444:5555` | (Or http\_proxy) The HTTP proxy URL to user in corporate environments where all outbound traffic must pass through a corporate proxy; respected for client traffic to the StrongDM control plane or proxy clusters | | HTTPS\_PROXY | `111.222.333.444:5555` | (Or https\_proxy) The HTTPS proxy URL to user in corporate environments where all outbound traffic must pass through a corporate proxy; respected for client traffic to the StrongDM control plane or proxy cluster | | NO\_PROXY | `111.222.333.444:5555,111.222.344:5555` | (Or no\_proxy) A comma-separated list of URLs that should not use a corporate proxy when being accessed | | SDM\_ADMIN\_TOKEN | `` | An admin token or service account token to use for `sdm` authentication; if set, this token is used by StrongDM and there is no need to log in via the CLI or desktop app | | SDM\_APP\_DOMAIN | `app.strongdm.com` | Address of the control plane. | | SDM\_APP\_PORT | `:1234` | Specified port for custom proxy, including the colon; defaults to `:443` if not set explicitly | | SDM\_EMAIL | `SDM_EMAIL=email-address-value@example.com` | If set, the specified email address is used automatically when using the `sdm login` command in the CLI | | SDM\_FALLBACK\_DNS | `:` | DNS address to use as a fallback if a call to `app.strongdm.com` fails; defaults to `1.1.1.1:53` and can be set to `0` to disable fallback | | SDM\_HOME | `/path/to/home` | The location where `sdm` places its logs and keys; defaults to `~/.sdm`; must be writable by the user running `sdm` | | SDM\_HTTP\_PROXY | `http://example.example.com:8080` | The HTTP proxy URL to use in corporate environments where specifically StrongDM outbound traffic must pass through a corporate proxy; respected for client traffic to the StrongDM control plane or proxy clusters | | SDM\_HTTPS\_PROXY | `https://example.example.com:8080` | The HTTPS proxy URL to use in corporate environments where specifically StrongDM traffic must pass through a corporate proxy; respected for client traffic to the StrongDM control plane or proxy clusters | | SDM\_VERBOSE | `true`\|`false` | If set, log verbosity is set to high for troubleshooting purposes | | SDM\_DISABLE\_UPDATE | `true`\|`false` | If set to `true`, disables auto-updates. | | SDM\_DOCKERIZED |

true
false
stderr

| If `true`, logs go to `STDOUT` rather than `sdm.log` for Docker or Kubernetes deployments or for troubleshooting purposes; if `stderr`, logs go to `STDERR` | | | | | ### Variables Only for Gateways, Relays, and Proxy Clusters The following variables are only for use with gateways, relays, proxy workers, and bridge workers. | Name | Format | Function | | ------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | AZURE\_SUBSCRIPTION\_ID | `2e498348-6938-5da8-91a3-5e22f480e7de` | Your node's Azure Subscription ID (See the [Microsoft documentation](https://learn.microsoft.com/en-us/azure/azure-portal/get-subscription-tenant-id) for more details), used for connecting the node to your cloud | | AZURE\_TENANT\_ID | `2e498348-6938-5da8-91a3-5e22f480e7de` | Your node's Tenant ID (See the [Microsoft documentation](https://learn.microsoft.com/en-us/azure/azure-portal/get-subscription-tenant-id) for more details), used for connecting the node to your cloud | | SDM\_HOSTNAME\_CURL\_ADDRESS | URI | If set within the StrongDM Gateway AMI in the userdata field at instance launch, the gateway reaches out to the specified address to determine its public hostname instead of the default AWS address | | SDM\_MAINTENANCE\_WINDOW\_START | `integer` | If set, schedules the hour of the day (0 to 23 UTC) when gateways and relays can terminate connections and restart (default: 7) | | SDM\_METRICS\_LISTEN\_ADDRESS | `:port` | If set in the gateway or relay's environment on port 9999, enables the gateway or relay to listen for metrics on the specified port | | SDM\_ORCHESTRATOR\_PROBES | `:port` | If set, enables the `http://:port/liveness` URL to check whether the gateway or relay is in good health | | SDM\_RELAY\_LOG\_ENCRYPTION |

plaintext
pubkey:///pubkeyfullpath/file.pem

| Overrides relay log encryption settings configured in the Admin UI | | SDM\_RELAY\_LOG\_FORMAT |

csv
json

| Overrides relay log format settings configured in the Admin UI | | SDM\_RELAY\_LOG\_STORAGE |

stdout
file
none
tcp\://host:port
socket:///fullpath/
syslog://host:port

| Overrides relay log storage settings configured in the Admin UI | | | | | ### Variables Only for Gateways and Relays | Name | Format | Function | | ----------------- | ------------- | ------------------------------------------------------------------------------------------------------------------------------------------- | | SDM\_RELAY\_TOKEN | `` | A gateway or relay token to use when invoking the `sdm` binary; normally not needed as this is entered when installing the gateway or relay | ### Variables Only for Proxy Clusters | Name | Format | Function | | -------------------------------- | ----------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------- | | SDM\_PROXY\_CLUSTER\_ACCESS\_KEY | `pk-xxxxx` | ID of the proxy cluster key used to authenticate to the control plane | | SDM\_PROXY\_CLUSTER\_SECRET\_KEY | `(base64)` | Secret portion of the proxy cluster key used to authenticate to the control plane | | SDM\_BRIDGE | `local` or `example.com:port` | When set to `local`, instructs the worker to run as a bridge worker; when set to an address, instructs the worker to connect to a bridge at that address | --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.strongdm.com/admin/deployment/environment-variables.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.