Environment Variables
Environment variables defined within the container enable dynamic configuration of all Request Manager Agent properties and operations.
Request Manager Agent Configuration
The Request Manager Agent's runtime behavior is controlled by the DATAGRAIL_AGENT_CONFIG environment variable. This configuration defines the target systems for integration, the locations of associated credentials, and metadata used to parameterize privacy request execution logic. A properly formatted configuration variable is required for successful Agent startup.
| Name | Value |
|---|---|
| DATAGRAIL_AGENT_CONFIG | object(AgentConfig) JSON object that defines connectors, credential locations, cloud storage, etc. |
AgentConfig Schema
| Fields | |
|---|---|
| connections[] | object(Connection) (required) Defines the target systems, their capabilities and privacy request logic. |
| customer_domain | string (required) Your DataGrail domain. |
| datagrail_agent_credentials_location | string (required) Location of the OAuth Client Credentials. |
| datagrail_credentials_location | string (required) Location of the Callback Token. |
| platform | object(Platform) (required) Credentials and cloud storage providers to use. |
| redis_url | string (optional) Used for multi-node deployments that need to share an external Redis instance. |
| job_timeout_seconds | integer (optional) Duration in seconds before a job times out. The default is 180 (3 minutes). |
{
"connections": [
object(Connection)
],
"customer_domain": string,
"datagrail_agent_credentials_location": string,
"datagrail_credentials_location": string,
"platform": object(Platform),
"redis_url": string,
"job_timeout_seconds": integer
}
Cloud Provider Credentials
Enables cloud provider credentials to be set when role-based access controls are unavailable (e.g., local development environment).
When deploying the agent, the use of role-based access controls is recommended so long-lived credentials are not stored in plain text in the container's environment.
Amazon Web Services
| Name | Value |
|---|---|
| AWS_ACCESS_KEY_ID | AWS access key associated with an IAM account. |
| AWS_SECRET_ACCESS_KEY | Secret key associated with the access key. This is essentially the "password" for the access key. |
| AWS_REGION | The AWS Region to send the request to. |
Google Cloud Platform
| Name | Value |
|---|---|
| GOOGLE_APPLICATION_CREDENTIALS_JSON | Extracted Google credentials file JSON. |
Microsoft Azure
| Name | Value |
|---|---|
| AZURE_TENANT_ID | The Azure Active Directory tenant (directory) ID. |
| AZURE_CLIENT_ID | The client (application) ID of an App Registration in the tenant. |
| AZURE_CLIENT_SECRET | A client secret that was generated for the App Registration. |
Disclaimer: The information contained in this message does not constitute as legal advice. We would advise seeking professional counsel before acting on or interpreting any material.