Configuration Reference
Complete configuration reference for OnePAM environment variables, flags, and options.
The OnePAM Agent is configured through environment variables, typically set in the
/opt/onepam/etc/agent.env file or passed via your deployment tooling.
This page covers all available configuration options and network requirements.
Agent
Agent configuration is set in /opt/onepam/etc/agent.env or via environment variables.
| Variable | Description | Default | |
|---|---|---|---|
AGENT_API_URL | onepam.com server URL (HTTPS) | - | required |
AGENT_TENANT_ID | Organisation tenant UUID | - | required |
AGENT_HEALTH_INTERVAL | Health check interval | 60s | optional |
AGENT_LOG_LEVEL | Log level: debug, info, warn, error | info | optional |
AGENT_DATA_DIR | Data directory for secrets and queue | /opt/onepam/data | optional |
Network Requirements
The agent requires outbound HTTPS connectivity to the OnePAM cloud platform. No inbound ports need to be opened on target hosts.
| Direction | Protocol | Port | Target | Purpose |
|---|---|---|---|---|
| Outbound | HTTPS | 443 | onepam.com |
API, metrics reporting, agent registration |
| Outbound | HTTPS | 443 | *.onepam.com |
Gateway connectivity, updates |
| Outbound | mTLS | 9443 | *.onepam.com |
Secure tunnel between agent and gateway |
No inbound firewall rules are required. The agent establishes all connections outbound to the OnePAM platform.
If your network uses an HTTP proxy, configure
HTTPS_PROXY in the agent environment file.
Agent Configuration Example
# /opt/onepam/etc/agent.env
AGENT_API_URL=https://onepam.com
AGENT_TENANT_ID=00000000-0000-0000-0000-000000000000
AGENT_HEALTH_INTERVAL=60s
AGENT_LOG_LEVEL=info
AGENT_DATA_DIR=/opt/onepam/data