Global flags and environment variables

Use global flags and environment variables to customize and configure endorctl.

Every command-line flag has a corresponding environment variable that can be set instead of the flag, either directly in your environment or in a dedicated configuration file.

See config-path description in Global Flags and Variables and Set environment variables for details.

To set a command-line flag on the endorctl scan command you can specify the flag with a leading -- for full flag names or a leading - for short flag aliases. If applicable, input arguments are specified after the flag and separated from it with either a blank space or a = character. For example, to set the output-type specify --output-type json or -o=json. If the input argument is a list, then the list elements are separated by a , character, for example --languages=go,python.

Global flags and variables

The following Global flags are supported and configurable for any endorctl command:

Flag Environment Variable Description
api ENDOR_API Set the API URL for the Endor Labs Application (default https://api.endorlabs.com).
api-key ENDOR_API_CREDENTIALS_KEY Set the API key used to authenticate with Endor Labs.
api-secret ENDOR_API_CREDENTIALS_SECRET Set the secret corresponding to the API key used to authenticate with Endor Labs.
aws-role-arn ENDOR_AWS_CREDENTIALS_ROLE_ARN Set the target role ARN for AWS based authentication. AWS authentication is only enabled if this flag is set. See our AWS Keyless Authentication Docs for details.
bypass-host-check ENDOR_BYPASS_HOST_CHECK Bypass the check that verifies that the host machine is correctly setup to use endorctl.
config-path ENDOR_CONFIG_PATH Set the local filesystem path to the endor config directory containing your endor environment variables. By default set to $HOME/.endorctl/config.yaml.
enable-github-action-token ENDOR_GITHUB_ACTION_TOKEN_ENABLE Enable keyless authentication using Github action OIDC tokens. See the GitHub documentation on configuring OpenID Connect in cloud providers for details.
gcp-service-account ENDOR_GCP_CREDENTIALS_SERVICE_ACCOUNT Set the target service account for GCP based authentication. GCP authentication is only enabled if this flag is set.
log-level ENDOR_LOG_LEVEL Set the log level. Set to debug for debug logs. See also the --verbose flag.
namespace ENDOR_NAMESPACE Set to the namespace of the project that you are working with.
token ENDOR_TOKEN Set the authentication token used to authenticate with Endor Labs.
verbose ENDOR_LOG_VERBOSE Enable verbose logging.
version Display the endorctl client version.

Set endorctl environment variables

To set an environment variable run the following command:

export <environment variable>=<value>

For example to set the environment variable ENDOR_TOKEN to “mytoken” run the following command:

export ENDOR_TOKEN=mytoken