This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Global flags and environment variables

Use global flags and environment variables to customize and configure endorctl.

Every command-line flag has a corresponding environment variable that can be set instead of the flag, either directly in your environment or in a dedicated configuration file.

See config-path description in Global Flags and Variables and Set environment variables for details.

To set a command-line flag on the endorctl scan command you can specify the flag with a leading -- for full flag names or a leading - for short flag aliases. If applicable, input arguments are specified after the flag and separated from it with either a blank space or a = character. For example, to set the output-type specify --output-type json or -o=json. If the input argument is a list, then the list elements are separated by a , character, for example --languages=go,python.

Global flags and variables

The following Global flags are supported and configurable for any endorctl command:

Flag Environment Variable Description
api ENDOR_API Set the API URL for the Endor Labs Application (default https://api.endorlabs.com).
api-key ENDOR_API_CREDENTIALS_KEY Set the API key used to authenticate with Endor Labs.
api-secret ENDOR_API_CREDENTIALS_SECRET Set the secret corresponding to the API key used to authenticate with Endor Labs.
aws-role-arn ENDOR_AWS_CREDENTIALS_ROLE_ARN Set the target role ARN for AWS based authentication. AWS authentication is only enabled if this flag is set. See our AWS Keyless Authentication Docs for details.
bypass-host-check ENDOR_BYPASS_HOST_CHECK Bypass the check that verifies that the host machine is correctly setup to use endorctl.
config-path ENDOR_CONFIG_PATH Set the local filesystem path to the endor config directory containing your endor environment variables. By default set to $HOME/.endorctl/config.yaml.
enable-github-action-token ENDOR_GITHUB_ACTION_TOKEN_ENABLE Enable keyless authentication using Github action OIDC tokens. See the GitHub documentation on configuring OpenID Connect in cloud providers for details.
gcp-service-account ENDOR_GCP_CREDENTIALS_SERVICE_ACCOUNT Set the target service account for GCP based authentication. GCP authentication is only enabled if this flag is set.
log-level ENDOR_LOG_LEVEL Set the log level. Set to debug for debug logs. See also the --verbose flag.
namespace ENDOR_NAMESPACE Set to the namespace of the project that you are working with.
token ENDOR_TOKEN Set the authentication token used to authenticate with Endor Labs.
verbose ENDOR_LOG_VERBOSE Enable verbose logging.
version Display the endorctl client version.

Set endorctl environment variables

To set an environment variable run the following command:

export <environment variable>=<value>

For example to set the environment variable ENDOR_TOKEN to “mytoken” run the following command:

export ENDOR_TOKEN=mytoken