Infrastructure Layer

Advanced Configuration

You can configure the Gremlin daemon either via environment variables or a configuration file.

Using Environment Variables

The daemon supports the following environment variables:

Environment Variable Description
GREMLIN_TEAM_ID Your Team ID (required for authentication)
GREMLIN_TEAM_SECRET Your Team Secret (should only require secret or PEM certificates, not both)
GREMLIN_TEAM_PRIVATE_KEY_OR_FILE Your PEM-encoded private key or path/filename to a file containing the private key (required for authentication)
GREMLIN_TEAM_CERTIFICATE_OR_FILE The PEM-encoded public-key certificate or path/filename to the file containing your PEM-encoded public-key certificate (required for authentication)
GREMLIN_IDENTIFIER Custom name for this client (default as the host's IP address)
GREMLIN_CLIENT_TAGS Comma-separated list of custom tags to assign to this client (e.g. GREMLIN_CLIENT_TAGS="zone=us-east1,role=mysql,foo=bar")

In addition, the following standard Linux environment variables allow proxy configuration:

Environment variable Description
http_proxy In the form http[s]://[username:password@]address:port
https_proxy In the form http[s]://[username:password@]address:port

Using the Configuration File

To configure the daemon using a configuration file instead, create the file, /etc/default/gremlind or copy from /etc/default/gremlind.example:

#==============================#
# Gremlin Daemon Configuration #
#==============================#

# This file is used to expose configuration to the Gremlin daemon process (`gremlind`)

# NOTE: Some process managers such as sysvinit may require these variables to be preceded
# by `export`

# When the Gremlin daemon starts, it will automatically issue a `gremlin init` command to
# register this machine with the Gremlin Control Plane. This requires the following team and
# secret values to be set. If these values are not set, the Gremlin daemon will continue to
# start up. However `gremlin init` will need to be run separately before attacks can be run.
#GREMLIN_TEAM_ID=
#GREMLIN_TEAM_PRIVATE_KEY_OR_FILE=
#GREMLIN_TEAM_CERTIFICATE_OR_FILE=

# Supply extra options to `gremlin init` via this variable
# Example: `GREMLIN_INIT_OPTS=--tag service=api` (see https://www.gremlin.com/docs/infrastructure-layer/advanced-configuration/)
#GREMLIN_INIT_OPTS=

# To use Gremlin with an http proxy, provide the proxy information. Note that all of Gremlin's
# communication with the Gremlin Control Plane is via outbound HTTPs, therefore `https_proxy`
# (not `http_proxy` should be used in most cases)
# Example: https_proxy=https://proxyuser:proxypass@10.0.0.3:3218
#https_proxy=

# Any additional Gremlin Daemon variables (such as GREMLIN_IDENTIFIER) may be defined here
# (see https://www.gremlin.com/docs/infrastructure-layer/advanced-configuration/)

You can set any of the environment variables listed in the previous section in the configuration file.