Infrastructure Layer

Advanced Configuration

You can configure the Gremlin daemon either via environment variables or a configuration file.

Using Environment Variables

The daemon supports the following environment variables:

Environment Variable Description
GREMLIN_TEAM_ID Your Team ID (required for authentication)
GREMLIN_TEAM_SECRET Your Team Secret (should only require secret or PEM certificates, not both)
GREMLIN_TEAM_PRIVATE_KEY_OR_FILE Your PEM-encoded private key or path/filename to a file containing the private key (required for authentication)
GREMLIN_TEAM_CERTIFICATE_OR_FILE The PEM-encoded public-key certificate or path/filename to the file containing your PEM-encoded public-key certificate (required for authentication)
GREMLIN_IDENTIFIER Custom name for this client (default as the host's IP address)
GREMLIN_CLIENT_TAGS Comma-separated list of custom tags to assign to this client. For example: GREMLIN_CLIENT_TAGS="zone=us-east1,role=mysql,foo=bar"

The following are optional environment variables that may be required in Docker containerized deployments:

Environment Variable Description
GREMLIN_BYPASS_USERNS_REMAP Indicates to run the Gremlin Daemon on the same Docker namespace as the host. By default, Gremlin does not launch with a namespace defined. To set this variable, change the value to 1
GREMLIN_DOCKER_IMAGE Indicates the location and version of the Gremlin Docker image to use. This variable can be used to indicate an internal repository. For example:

In addition, the following standard Linux environment variables allow proxy configuration:

Environment Variable Description
http_proxy In the form http[s]://[username:password@]address:port
https_proxy In the form http[s]://[username:password@]address:port

Using the Configuration File

To configure the daemon using a configuration file instead, create the file, /etc/default/gremlind or copy from /etc/default/gremlind.example:

# Gremlin Daemon Configuration #

# This file is used to expose configuration to the Gremlin daemon process (`gremlind`)

# NOTE: Some process managers such as sysvinit may require these variables to be preceded
# by `export`

# When the Gremlin daemon starts, it will automatically issue a `gremlin init` command to
# register this machine with the Gremlin Control Plane. This requires the following team and
# secret values to be set. If these values are not set, the Gremlin daemon will continue to
# start up. However `gremlin init` will need to be run separately before attacks can be run.

# Supply extra options to `gremlin init` via this variable
# Example: `GREMLIN_INIT_OPTS=--tag service=api` (see

# To use Gremlin with an http proxy, provide the proxy information. Note that all of Gremlin's
# communication with the Gremlin Control Plane is via outbound HTTPs, therefore `https_proxy`
# (not `http_proxy` should be used in most cases)
# Example: https_proxy=https://proxyuser:proxypass@

# Any additional Gremlin Daemon variables (such as GREMLIN_IDENTIFIER) may be defined here
# (see

You can set any of the environment variables listed in the previous section in the configuration file.