958269a4d1
Update text about webhook auth tokens to clarify MinIO uses the value specified as it is. So if it needs `Bearer` or `Basic` or something else, that must be included in the string. Affected items: - `MINIO_LOGGER_WEBHOOK_AUTH_TOKEN` - `MINIO_AUDIT_WEBHOOK_AUTH_TOKEN` - `MINIO_NOTIFY_WEBHOOK_AUTH_TOKEN` - `mc admin config set logger_webhook auth_token` - `mc admin config set audit_webhook auth_token` - `mc admin config set notify_webhook auth_token` Staged: _Publish Server or Audit Logs to an External Service_ http://192.241.195.202:9000/staging/DOCS-407/linux/operations/monitoring/minio-logging.html#publish-server-logs-to-http-webhook http://192.241.195.202:9000/staging/DOCS-407/linux/operations/monitoring/minio-logging.html#publish-audit-logs-to-http-webhook _mc admin config_ http://192.241.195.202:9000/staging/DOCS-407/linux/reference/minio-mc-admin/mc-admin-config.html#mc-conf.logger_webhook.auth_token http://192.241.195.202:9000/staging/DOCS-407/linux/reference/minio-mc-admin/mc-admin-config.html#mc-conf.audit_webhook.auth_token http://192.241.195.202:9000/staging/DOCS-407/linux/reference/minio-mc-admin/mc-admin-config.html#mc-conf.notify_webhook.auth_token _MinIO Server_ http://192.241.195.202:9000/staging/DOCS-407/linux/reference/minio-server/minio-server.html#envvar.MINIO_LOGGER_WEBHOOK_AUTH_TOKEN http://192.241.195.202:9000/staging/DOCS-407/linux/reference/minio-server/minio-server.html#envvar.MINIO_AUDIT_WEBHOOK_AUTH_TOKEN http://192.241.195.202:9000/staging/DOCS-407/linux/reference/minio-server/minio-server.html#envvar.MINIO_NOTIFY_WEBHOOK_AUTH_TOKEN Fixes https://github.com/minio/docs/issues/407
94 KiB
mc admin config
minio
Table of Contents
mc admin config
Description
The mc admin config
command manages configuration settings for the minio server.
Use mc admin on MinIO Deployments Only
Examples
Syntax
set
Sets a configuration key <minio-server-configuration-settings>
on the MinIO deployment. Configurations defined by environment variables
override configurations defined by this command.
For distributed deployments, use to modify existing endpoints.
Endpoints using the http protocol can be either the hostname or IP
address, and they may use either http or
https.
get
Gets a configuration key <minio-server-configuration-settings>
on the MinIO deployment created using mc admin
config set.
export
Exports any configuration settings created using mc admin config set.
history
Lists the history of changes made to configuration keys by mc admin config.
Configurations defined by environment variables do not show.
import
Imports configuration settings exported using mc admin config export.
reset
Resets config to defaults. Configurations defined in environment variables are not affected.
restore
Roll back changes to configuration keys to a previous point in history.
Does not affect configurations defined by environment variables.
Configuration Settings
The following configuration settings define runtime behavior of the
MinIO server <minio server> process:
API Configuration
api
The top-level configuration key for modifying API-related operations.
root_access
This configuration setting corresponds with the MINIO_API_ROOT_ACCESS
environment variable. To reset after an unintentional lock, set MINIO_API_ROOT_ACCESS
on to override this setting and temporarily re-enable the
root account. You can then change this setting to on
or make the necessary user/policy changes to ensure normal
administrative access through other non-root accounts.
sync_events
This configuration setting corresponds with the MINIO_API_SYNC_EVENTS
environment variable.
Scanner
scanner
Configuration settings that affect the scanner process. MinIO
utilizes the scanner for bucket replication <minio-bucket-replication>,
site replication <minio-site-replication-overview>,
and lifecycle management <minio-lifecycle-management>
tasks.
speed
This configuration setting corresponds with the MINIO_SCANNER_SPEED
environment variable.
HTTP Webhook Log Target
logger_webhook
The top-level configuration key for defining an HTTP webhook target
for publishing MinIO logs <minio-logging>.
Use mc admin config set to set or update an HTTP
webhook target. Specify additional optional arguments as a whitespace
(" ")-delimited list.
mc admin config set logger_webhook \
endpoint="http://webhook.example.net" [ARGUMENTS=VALUE ...]You can specify multiple HTTP webhook targets by appending
[:name] to the top-level key. For example, the following
commands set two distinct HTTP webhook targets as primary
and secondary respectively:
mc admin config set logger_webhook:primary \
endpoint="http://webhook-01.example.net" [ARGUMENTS=VALUE ...]
mc admin config set logger_webhook:secondary \
endpoint="http://webhook-02.example.net" [ARGUMENTS=VALUE ...]The logger_webhook configuration key accepts the
following arguments:
endpoint
Required
The HTTP endpoint of the webhook.
This configuration setting corresponds with the MINIO_LOGGER_WEBHOOK_ENDPOINT environment
variable.
auth_token
Optional
An authentication token of the appropriate type for the endpoint. Omit for endpoints which do not require authentication.
To allow for a variety of token types, MinIO creates the request authentication header using the value exactly as specified. Depending on the endpoint, you may need to include additional information.
For example: for a Bearer token, prepend Bearer:
mc admin config set myminio logger_webhook \
endpoint="https://webhook-1.example.net" \
auth_token="Bearer 1a2b3c4f5e"Modify the value according to the endpoint requirements. A custom authentication format could resemble the following:
mc admin config set myminio logger_webhook \
endpoint="https://webhook-1.example.net" \
auth_token="ServiceXYZ 1a2b3c4f5e"Consult the documenation for the desired service for more details.
This configuration setting corresponds with the MINIO_LOGGER_WEBHOOK_AUTH_TOKEN environment
variable.
client_cert
Optional
The path to the mTLS certificate to use for authenticating to the webhook logger.
This configuration setting corresponds with the MINIO_LOGGER_WEBHOOK_CLIENT_CERT environment
variable.
client_key
Optional
The path to the mTLS certificate key to use to authenticate with the webhook logger service.
This configuration setting corresponds with the MINIO_LOGGER_WEBHOOK_CLIENT_KEY environment
variable.
proxy
MinIO RELEASE.2023-02-22T18-23-45Z
Optional
Define a proxy to use for the webhook logger when communicating from MinIO to external webhooks.
This configuration setting corresponds with the MINIO_LOGGER_WEBHOOK_PROXY
environment variable.
queue_dir
RELEASE.2023-05-18T00-05-36Z
Optional
Specify the directory path, such as /opt/minio/events,
to enable MinIO's persistent event store for undelivered messages. The
MinIO process must have read, write, and list access on the specified
directory.
MinIO stores undelivered events in the specified store while the webhook service is offline and replays the stored events when connectivity resumes.
This configuration setting corresponds with the MINIO_LOGGER_WEBHOOK_QUEUE_DIR environment
variable.
queue_size
Optional
An integer value to use for the queue size for logger webhook
targets. The default is 100000 events.
This configuration setting corresponds with the MINIO_LOGGER_WEBHOOK_QUEUE_SIZE environment
variable.
HTTP Webhook Audit Log Target
audit_webhook
The top-level configuration key for defining an HTTP webhook target
for publishing MinIO audit logs <minio-logging>.
Use mc admin config set to set or update an HTTP
webhook target. Specify additional optional arguments as a whitespace
(" ")-delimited list.
mc admin config set audit_webhook \
endpoint="http://webhook.example.net" [ARGUMENTS=VALUE ...]You can specify multiple HTTP webhook targets by appending
[:name] to the top-level key. For example, the following
commands set two distinct HTTP webhook targets as primary
and secondary respectively:
mc admin config set audit_webhook:primary \
endpoint="http://webhook-01.example.net" [ARGUMENTS=VALUE ...]
mc admin config set audit_webhook:secondary \
endpoint="http://webhook-02.example.net" [ARGUMENTS=VALUE ...]The audit_webhook configuration key accepts the
following arguments:
endpoint
Required
The HTTP endpoint of the webhook.
This configuration setting corresponds with the MINIO_AUDIT_WEBHOOK_ENDPOINT environment
variable.
auth_token
Optional
An authentication token of the appropriate type for the endpoint. Omit for endpoints which do not require authentication.
To allow for a variety of token types, MinIO creates the request authentication header using the value exactly as specified. Depending on the endpoint, you may need to include additional information.
For example: for a Bearer token, prepend Bearer:
mc admin config set myminio audit_webhook \
endpoint="http://webhook.example.net" \
auth_token="Bearer 1a2b3c4f5e"Modify the value according to the endpoint requirements. A command for a custom authentication format could resemble the following:
mc admin config set myminio audit_webhook \
endpoint="http://webhook.example.net" \
auth_token="ServiceXYZ 1a2b3c4f5e"Consult the documenation for the desired service for more details.
This configuration setting corresponds with the MINIO_AUDIT_WEBHOOK_AUTH_TOKEN environment
variable.
client_cert
Optional
The x.509 client certificate to present to the HTTP webhook. Omit for webhooks which do not require clients to present a known TLS certificate.
Requires specifying ~audit_webhook.client_key.
This configuration setting corresponds with the MINIO_AUDIT_WEBHOOK_CLIENT_CERT environment
variable.
client_key
Optional
The x.509 private key to present to the HTTP webhook. Omit for webhooks which do not require clients to present a known TLS certificate.
Requires specifying ~audit_webhook.client_cert.
This configuration setting corresponds with the MINIO_AUDIT_WEBHOOK_CLIENT_KEY environment
variable.
queue_dir
RELEASE.2023-05-18T00-05-36Z
Optional
Specify the directory path, such as /opt/minio/events,
to enable MinIO's persistent event store for undelivered messages. The
MinIO process must have read, write, and list access on the specified
directory.
MinIO stores undelivered events in the specified store while the webhook service is offline and replays the stored events when connectivity resumes.
This configuration setting corresponds with the MINIO_AUDIT_WEBHOOK_QUEUE_DIR environment
variable.
queue_size
Optional
An integer value to use for the queue size for webhook targets. The
default is 100000 events.
This configuration setting corresponds with the MINIO_AUDIT_WEBHOOK_QUEUE_SIZE environment
variable.
Kafka Audit Log Target
audit_kafka
The top-level configuration key for defining a Kafka broker target
for publishing MinIO audit logs <minio-logging>.
Use mc admin config set to set or update a Kafka audit
target. Specify additional optional arguments as a whitespace
(" ")-delimited list.
mc admin config set audit_kafka \
brokers="https://kafka-endpoint.example.net:9092" [ARGUMENTS=VALUE ...]The audit_kafka
configuration key accepts the following arguments:
brokers
This configuration setting corresponds with the MINIO_AUDIT_KAFKA_BROKERS
environment variable.
topic
This configuration setting corresponds with the MINIO_AUDIT_KAFKA_TOPIC
environment variable.
tls
This configuration setting corresponds with the MINIO_AUDIT_KAFKA_TLS
environment variable.
tls_skip_verify
This configuration setting corresponds with the MINIO_AUDIT_KAFKA_TLS_SKIP_VERIFY environment
variable.
tls_client_auth
Requires specifying ~audit_kafka.client_tls_cert and ~audit_kafka.client_tls_key.
This configuration setting corresponds with the MINIO_AUDIT_KAFKA_TLS_CLIENT_AUTH environment
variable.
client_tls_cert
This configuration setting corresponds with the MINIO_AUDIT_KAFKA_CLIENT_TLS_CERT environment
variable.
client_tls_key
This configuration setting corresponds with the MINIO_AUDIT_KAFKA_CLIENT_TLS_KEY environment
variable.
sasl
Requires specifying ~audit_kafka.sasl_username and ~audit_kafka.sasl_password.
This configuration setting corresponds with the MINIO_AUDIT_KAFKA_SASL
environment variable.
sasl_username
This configuration setting corresponds with the MINIO_AUDIT_KAFKA_SASL_USERNAME environment
variable.
sasl_password
This configuration setting corresponds with the MINIO_AUDIT_KAFKA_SASL_PASSWORD environment
variable.
sasl_mechanism
This configuration setting corresponds with the MINIO_AUDIT_KAFKA_SASL_MECHANISM environment
variable.
Important
The PLAIN authentication mechanism sends credentials in
plain text over the network. Use ~audit_kafka.tls to enable TLS connectivity to the
Kafka brokers and ensure secure transmission of SASL credentials.
version
This configuration setting corresponds with the MINIO_AUDIT_KAFKA_VERSION
environment variable.
comment
This configuration setting corresponds with the MINIO_AUDIT_KAFKA_COMMENT
environment variable.
queue_dir
This configuration setting corresponds with the MINIO_AUDIT_KAFKA_QUEUE_DIR environment
variable.
queue_size
This configuration setting corresponds with the MINIO_AUDIT_KAFKA_QUEUE_SIZE environment
variable.
AMQP Service for Bucket Notifications
The following section documents settings for configuring an AMQP
service as a target for Bucket Nofitications <minio-bucket-notifications>.
See minio-bucket-notifications-publish-amqp for a tutorial
on using these environment variables.
notify_amqp
The top-level configuration key for defining an AMQP service endpoint
for use with MinIO bucket notifications <minio-bucket-notifications>.
Use mc admin config set to set or update an AMQP
service endpoint. The ~notify_amqp.url argument is required for
each target. Specify additional optional arguments as a whitespace
(" ")-delimited list.
mc admin config set notify_amqp \
url="amqp://user:password@endpoint:port" \
[ARGUMENT="VALUE"] ... \You can specify multiple AMQP service endpoints by appending
[:name] to the top level key. For example, the following
commands set two distinct AMQP service endpoints as primary
and secondary respectively:
mc admin config set notify_amqp:primary \
url="user:password@amqp://endpoint:port" [ARGUMENT=VALUE ...]
mc admin config set notify_amqp:secondary \
url="user:password@amqp://endpoint:port" [ARGUMENT=VALUE ...]The notify_amqp
configuration key supports the following arguments:
url
Required
This configuration setting corresponds with the MINIO_NOTIFY_AMQP_URL
environment variable.
exchange
Optional
This configuration setting corresponds with the MINIO_NOTIFY_AMQP_EXCHANGE
environment variable.
exchange_type
Optional
This configuration setting corresponds with the MINIO_NOTIFY_AMQP_EXCHANGE_TYPE environment
variable.
routing_key
Optional
This configuration setting corresponds with the MINIO_NOTIFY_AMQP_ROUTING_KEY environment
variable.
mandatory
Optional
This configuration setting corresponds with the MINIO_NOTIFY_AMQP_MANDATORY environment
variable.
durable
Optional
This configuration setting corresponds with the MINIO_NOTIFY_AMQP_DURABLE
environment variable.
no_wait
Optional
This configuration setting corresponds with the MINIO_NOTIFY_AMQP_NO_WAIT
environment variable.
internal
Optional
This configuration setting corresponds with the MINIO_NOTIFY_AMQP_INTERNAL
environment variable.
auto_deleted
Optional
This configuration setting corresponds with the MINIO_NOTIFY_AMQP_AUTO_DELETED environment
variable.
delivery_mode
Optional
This configuration setting corresponds with the MINIO_NOTIFY_AMQP_DELIVERY_MODE environment
variable.
queue_dir
Optional
This configuration setting corresponds with the MINIO_NOTIFY_AMQP_QUEUE_DIR environment
variable.
queue_limit
Optional
This configuration setting corresponds with the MINIO_NOTIFY_AMQP_QUEUE_LIMIT environment
variable.
comment
Optional
This configuration setting corresponds with the MINIO_NOTIFY_AMQP_COMMENT
environment variable.
MQTT Service for Bucket Notifications
The following section documents settings for configuring an MQTT
server/broker as a publishing target for Bucket Nofitications <minio-bucket-notifications>.
See minio-bucket-notifications-publish-mqtt for a tutorial
on using these configuration settings.
notify_mqtt
The top-level configuration key for defining an MQTT server/broker
endpoint for use with MinIO bucket notifications <minio-bucket-notifications>.
Use mc admin config set to set or update an MQTT
server/broker endpoint. The following arguments are required
for each endpoint:
~notify_mqtt.broker~notify_mqtt.topic~notify_mqtt.usernameOptional if MQTT server/broker does not enforce authentication/authorization~notify_mqtt.passwordOptional if MQTT server/broker does not enforce authentication/authorization
Specify additional optional arguments as a whitespace
(" ")-delimited list.
mc admin config set notify_mqtt \
broker="tcp://endpoint:port" \
topic="minio/bucket-name/events/" \
username="username" \
password="password" \
[ARGUMENT="VALUE"] ... \You can specify multiple MQTT server/broker endpoints by appending
[:name] to the top level key. For example, the following
commands set two distinct MQTT service endpoints as primary
and secondary respectively:
mc admin config set notify_mqtt:primary \
broker="tcp://endpoint:port" \
topic="minio/bucket-name/events/" \
username="username" \
password="password" \
[ARGUMENT="VALUE"] ... \
mc admin config set notify_mqtt:secondary \
broker="tcp://endpoint:port" \
topic="minio/bucket-name/events/" \
username="username" \
password="password" \
[ARGUMENT="VALUE"] ... \The notify_mqtt
configuration key supports the following arguments:
broker
Required
This configuration setting corresponds with the MINIO_NOTIFY_MQTT_BROKER
environment variable.
topic
Required
This configuration setting corresponds with the MINIO_NOTIFY_MQTT_TOPIC
environment variable.
username
Required if the MQTT server/broker enforces authentication/authorization
This configuration setting corresponds with the MINIO_NOTIFY_MQTT_TOPIC
environment variable.
password
Required if the MQTT server/broker enforces authentication/authorization
This configuration setting corresponds with the MINIO_NOTIFY_MQTT_PASSWORD
environment variable.
qos
Optional
This configuration setting corresponds with the MINIO_NOTIFY_MQTT_QOS
environment variable.
keep_alive_interval
Optional
This configuration setting corresponds with the MINIO_NOTIFY_MQTT_KEEP_ALIVE_INTERVAL environment
variable.
reconnect_interval
Optional
This configuration setting corresponds with the MINIO_NOTIFY_MQTT_RECONNECT_INTERVAL environment
variable.
queue_dir
Optional
This configuration setting corresponds with the MINIO_NOTIFY_MQTT_QUEUE_DIR environment
variable.
queue_limit
Optional
This configuration setting corresponds with the MINIO_NOTIFY_MQTT_QUEUE_LIMIT environment
variable.
comment
Optional
This configuration setting corresponds with the MINIO_NOTIFY_MQTT_COMMENT
environment variable.
Elasticsearch Service for Bucket Notifications
The following section documents settings for configuring an
Elasticsearch service as a target for Bucket Nofitications <minio-bucket-notifications>.
See minio-bucket-notifications-publish-elasticsearch for a
tutorial on using these configuration settings.
notify_elasticsearch
The top-level configuration key for defining an Elasticsearch service
endpoint for use with MinIO bucket notifications
<minio-bucket-notifications>.
Use mc admin config set to set or update an
Elasticsearch service endpoint. The following arguments are
required for each target:
~notify_elasticsearch.url~notify_elasticsearch.index~notify_elasticsearch.format
Specify additional optional arguments as a whitespace
(" ")-delimited list.
mc admin config set notify_elasticsearch \
url="https://user:password@endpoint:port" \
[ARGUMENT="VALUE"] ... \You can specify multiple Elasticsearch service endpoints by appending
[:name] to the top level key. For example, the following
commands set two distinct Elasticsearch service endpoints as
primary and secondary respectively:
mc admin config set notify_elasticsearch:primary \
url="user:password@https://endpoint:port" [ARGUMENT=VALUE ...]
mc admin config set notify_elasticsearch:secondary \
url="user:password@https://endpoint:port" [ARGUMENT=VALUE ...]The notify_elasticsearch configuration key supports
the following arguments:
url
Required
This configuration setting corresponds with the MINIO_NOTIFY_ELASTICSEARCH_URL environment
variable.
index
Required
This configuration setting corresponds with the MINIO_NOTIFY_ELASTICSEARCH_INDEX environment
variable.
format
Required
This configuration setting corresponds with the MINIO_NOTIFY_ELASTICSEARCH_FORMAT environment
variable.
username
Optional
This configuration setting corresponds with the MINIO_NOTIFY_ELASTICSEARCH_USERNAME environment
variable.
password
Optional
This configuration setting corresponds with the MINIO_NOTIFY_ELASTICSEARCH_PASSWORD environment
variable.
queue_dir
Optional
This configuration setting corresponds with the MINIO_NOTIFY_ELASTICSEARCH_QUEUE_DIR environment
variable.
queue_limit
Optional
This configuration setting corresponds with the MINIO_NOTIFY_ELASTICSEARCH_QUEUE_LIMIT environment
variable.
comment
Optional
This configuration setting corresponds with the MINIO_NOTIFY_ELASTICSEARCH_COMMENT environment
variable.
NSQ Service for Bucket Notifications
The following section documents settings for configuring an NSQ
server/broker as a publishing target for Bucket Nofitications <minio-bucket-notifications>.
See minio-bucket-notifications-publish-nsq for a tutorial
on using these configuration settings.
notify_nsq
The top-level configuration key for defining an NSQ server/broker
endpoint for use with MinIO bucket notifications <minio-bucket-notifications>.
Use mc admin config set to set or update an NSQ
server/broker endpoint. The following arguments are required
for each endpoint:
~notify_nsq.nsqd_address~notify_nsq.topic
Specify additional optional arguments as a whitespace
(" ")-delimited list.
mc admin config set notify_nsq \
nsqd_address="ENDPOINT" \
topic="<string>" \
[ARGUMENT="VALUE"] ... \You can specify multiple NSQ server/broker endpoints by appending
[:name] to the top level key. For example, the following
commands set two distinct NSQ service endpoints as primary
and secondary respectively:
mc admin config set notify_nsq:primary \
nsqd_address="ENDPOINT" \
topic="<string>" \
[ARGUMENT="VALUE"] ... \
mc admin config set notify_nsq:secondary \
nsqd_address="ENDPOINT" \
topic="<string>" \
[ARGUMENT="VALUE"] ... \The notify_nsq
configuration key supports the following arguments:
nsqd_address
Required
This configuration setting corresponds with the MINIO_NOTIFY_NSQ_NSQD_ADDRESS environment
variable.
topic
Required
This configuration setting corresponds with the MINIO_NOTIFY_NSQ_TOPIC
environment variable.
tls
Optional
This configuration setting corresponds with the MINIO_NOTIFY_NSQ_TLS
environment variable.
tls_skip_verify
Optional
This configuration setting corresponds with the MINIO_NOTIFY_NSQ_TLS_SKIP_VERIFY environment
variable.
queue_dir
Optional
This configuration setting corresponds with the MINIO_NOTIFY_NSQ_QUEUE_DIR
environment variable.
queue_limit
Optional
This configuration setting corresponds with the MINIO_NOTIFY_NSQ_QUEUE_LIMIT environment
variable.
comment
Optional
This configuration setting corresponds with the MINIO_NOTIFY_NSQ_COMMENT
environment variable.
Redis Service for Bucket Notifications
The following section documents settings for configuring an Redis
server/broker as a publishing target for Bucket Nofitications <minio-bucket-notifications>.
See minio-bucket-notifications-publish-redis for a
tutorial on using these configuration settings.
notify_redis
The top-level configuration key for defining an Redis server/broker
endpoint for use with MinIO bucket notifications <minio-bucket-notifications>.
Use mc admin config set to set or update an Redis
server/broker endpoint. The following arguments are required
for each endpoint:
~notify_redis.address~notify_redis.key~notify_redis.format
Specify additional optional arguments as a whitespace
(" ")-delimited list.
mc admin config set notify_redis \
address="ENDPOINT" \
key="<string>" \
format="<string>" \
[ARGUMENT="VALUE"] ... \You can specify multiple Redis server/broker endpoints by appending
[:name] to the top level key. For example, the following
commands set two distinct Redis service endpoints as
primary and secondary respectively:
mc admin config set notify_redis:primary \
address="ENDPOINT" \
key="<string>" \
format="<string>" \
[ARGUMENT="VALUE"] ... \
mc admin config set notify_redis:secondary \
address="ENDPOINT" \
key="<string>" \
format="<string>" \
[ARGUMENT="VALUE"] ... \The notify_redis
configuration key supports the following arguments:
address
Required
This configuration setting corresponds with the MINIO_NOTIFY_REDIS_ADDRESS
environment variable.
key
Required
This configuration setting corresponds with the MINIO_NOTIFY_REDIS_KEY
environment variable.
format
Required
This configuration setting corresponds with the MINIO_NOTIFY_REDIS_FORMAT
environment variable.
password
Optional
This configuration setting corresponds with the MINIO_NOTIFY_REDIS_PASSWORD environment
variable.
queue_dir
Optional
This configuration setting corresponds with the MINIO_NOTIFY_REDIS_QUEUE_DIR environment
variable.
queue_limit
Optional
This configuration setting corresponds with the MINIO_NOTIFY_REDIS_QUEUE_LIMIT environment
variable.
comment
Optional
This configuration setting corresponds with the MINIO_NOTIFY_REDIS_COMMENT
environment variable.
NATS Service for Bucket Notifications
The following section documents settings for configuring an NATS
service as a target for Bucket Nofitications <minio-bucket-notifications>.
See minio-bucket-notifications-publish-nats for a tutorial
on using these environment variables.
NATS Streaming Deprecated
NATS Streaming is deprecated. Migrate to JetStream instead.
The related MinIO configuration options and environment variables are deprecated.
notify_nats
The top-level configuration key for defining an NATS service endpoint
for use with MinIO bucket notifications <minio-bucket-notifications>.
Use mc admin config set to set or update an NATS
service endpoint. The ~notify_nats.address and ~notify_nats.subject
arguments are required for each target. Specify additional
optional arguments as a whitespace (" ")-delimited
list.
mc admin config set notify_nats \
address="htpps://nats-endpoint.example.com:4222" \
subject="minioevents" \
[ARGUMENT="VALUE"] ... \You can specify multiple NATS service endpoints by appending
[:name] to the top level key. For example, the following
commands set two distinct NATS service endpoints as primary
and secondary respectively:
mc admin config set notify_nats:primary \
address="htpps://nats-endpoint.example.com:4222" \
subject="minioevents" \
[ARGUMENT=VALUE ...]
mc admin config set notify_nats:secondary \
address="htpps://nats-endpoint.example.com:4222" \
subject="minioevents" \
[ARGUMENT=VALUE ...]The notify_nats
configuration key supports the following arguments:
address
Required
This configuration setting corresponds with the MINIO_NOTIFY_NATS_ADDRESS
environment variable.
subject
Required
This configuration setting corresponds with the MINIO_NOTIFY_NATS_SUBJECT
environment variable.
username
Optional
This configuration setting corresponds with the MINIO_NOTIFY_NATS_USERNAME
environment variable.
password
Optional
This configuration setting corresponds with the MINIO_NOTIFY_NATS_PASSWORD
environment variable.
token
Optional
This configuration setting corresponds with the MINIO_NOTIFY_NATS_TOKEN
environment variable.
tls
Optional"
This configuration setting corresponds with the MINIO_NOTIFY_NATS_TLS
environment variable.
tls_skip_verify
Optional
This configuration setting corresponds with the MINIO_NOTIFY_NATS_TLS_SKIP_VERIFY environment
variable.
ping_interval
Optional
This configuration setting corresponds with the MINIO_NOTIFY_NATS_PING_INTERVAL environment
variable.
jetstream
Optional
This configuration setting corresponds with the MINIO_NOTIFY_NATS_JETSTREAM environment
variable.
streaming
Deprecated
Optional
This configuration setting corresponds with the MINIO_NOTIFY_NATS_STREAMING environment
variable.
streaming_async
Deprecated
Optional
This configuration setting corresponds with the MINIO_NOTIFY_NATS_STREAMING_ASYNC environment
variable.
streaming_max_pub_acks_in_flight
Deprecated
Optional
This configuration setting corresponds with the MINIO_NOTIFY_NATS_STREAMING_MAX_PUB_ACKS_IN_FLIGHT
environment variable.
streaming_cluster_id
Deprecated
Optional
This configuration setting corresponds with the MINIO_NOTIFY_NATS_STREAMING_CLUSTER_ID environment
variable.
cert_authority
Optional
This configuration setting corresponds with the MINIO_NOTIFY_NATS_CERT_AUTHORITY environment
variable.
client_cert
Optional
This configuration setting corresponds with the MINIO_NOTIFY_NATS_CLIENT_CERT environment
variable.
client_key
Optional
This configuration setting corresponds with the MINIO_NOTIFY_NATS_CLIENT_KEY environment
variable.
queue_dir
Optional
This configuration setting corresponds with the MINIO_NOTIFY_NATS_QUEUE_DIR environment
variable.
queue_limit
Optional
This configuration setting corresponds with the MINIO_NOTIFY_NATS_QUEUE_LIMIT environment
variable.
comment
Optional
This configuration setting corresponds with the MINIO_NOTIFY_NATS_COMMENT
environment variable.
PostgreSQL Service for Bucket Notifications
The following section documents settings for configuring an
PostgreSQL service as a target for Bucket Nofitications <minio-bucket-notifications>.
See minio-bucket-notifications-publish-postgresql for a
tutorial on using these environment variables.
notify_postgres
The top-level configuration key for defining an PostgreSQL service
endpoint for use with MinIO bucket notifications <minio-bucket-notifications>.
Use mc admin config set to set or update an PostgreSQL
service endpoint. The following arguments are required for each
target:
~notify_postgres.connection_string~notify_postgres.table~notify_postgres.format
Specify additional optional arguments as a whitespace
(" ")-delimited list.
mc admin config set notify_postgres \
connection_string="host=postgresql.example.com port=5432..."
table="minioevents" \
format="namespace" \
[ARGUMENT="VALUE"] ... \You can specify multiple PostgreSQL service endpoints by appending
[:name] to the top level key. For example, the following
commands set two distinct PostgreSQL service endpoints as
primary and secondary respectively:
mc admin config set notify_postgres:primary \
connection_string="host=postgresql.example.com port=5432..."
table="minioevents" \
format="namespace" \
[ARGUMENT=VALUE ...]
mc admin config set notify_postgres:secondary \
connection_string="host=postgresql.example.com port=5432..."
table="minioevents" \
format="namespace" \
[ARGUMENT=VALUE ...]The notify_postgres configuration key supports the
following arguments:
connection_string
Required
This configuration setting corresponds with the MINIO_NOTIFY_POSTGRES_CONNECTION_STRING environment
variable.
table
Required
This configuration setting corresponds with the MINIO_NOTIFY_POSTGRES_TABLE environment
variable.
format
Required
This configuration setting corresponds with the MINIO_NOTIFY_POSTGRES_FORMAT environment
variable.
max_open_connections
Optional
This configuration setting corresponds with the MINIO_NOTIFY_POSTGRES_MAX_OPEN_CONNECTIONS
environment variable.
queue_dir
Optional
This configuration setting corresponds with the MINIO_NOTIFY_POSTGRES_QUEUE_DIR environment
variable.
queue_limit
Optional
This configuration setting corresponds with the MINIO_NOTIFY_POSTGRES_QUEUE_LIMIT environment
variable.
comment
Optional
This configuration setting corresponds with the MINIO_NOTIFY_POSTGRES_COMMENT environment
variable.
MySQL Service for Bucket Notifications
The following section documents settings for configuring an MySQL
service as a target for Bucket Nofitications <minio-bucket-notifications>.
See minio-bucket-notifications-publish-mysql for a
tutorial on using these environment variables.
notify_mysql
The top-level configuration key for defining an MySQL service
endpoint for use with MinIO bucket notifications <minio-bucket-notifications>.
Use mc admin config set to set or update an MySQL
service endpoint. The following arguments are required for each
target:
~notify_mysql.dsn_string~notify_mysql.table~notify_mysql.format
Specify additional optional arguments as a whitespace
(" ")-delimited list.
mc admin config set notify_mysql \
dsn_string="username:password@tcp(mysql.example.com:3306)/miniodb"
table="minioevents" \
format="namespace" \
[ARGUMENT="VALUE"] ... \You can specify multiple MySQL service endpoints by appending
[:name] to the top level key. For example, the following
commands set two distinct MySQL service endpoints as
primary and secondary respectively:
mc admin config set notify_mysql:primary \
dsn_string="username:password@tcp(mysql.example.com:3306)/miniodb"
table="minioevents" \
format="namespace" \
[ARGUMENT=VALUE ...]
mc admin config set notify_mysql:secondary \
dsn_string="username:password@tcp(mysql.example.com:3306)/miniodb"
table="minioevents" \
format="namespace" \
[ARGUMENT=VALUE ...]The notify_mysql
configuration key supports the following arguments:
dsn_string
Required
This configuration setting corresponds with the MINIO_NOTIFY_MYSQL_DSN_STRING environment
variable.
table
Required
This configuration setting corresponds with the MINIO_NOTIFY_MYSQL_TABLE
environment variable.
format
Required
This configuration setting corresponds with the MINIO_NOTIFY_MYSQL_FORMAT
environment variable.
max_open_connections
Optional
This configuration setting corresponds with the MINIO_NOTIFY_MYSQL_MAX_OPEN_CONNECTIONS environment
variable.
queue_dir
Optional
This configuration setting corresponds with the MINIO_NOTIFY_MYSQL_QUEUE_DIR environment
variable.
queue_limit
Optional
This configuration setting corresponds with the MINIO_NOTIFY_MYSQL_QUEUE_LIMIT environment
variable.
comment
Optional
This configuration setting corresponds with the MINIO_NOTIFY_MYSQL_COMMENT
environment variable.
Kafka Service for Bucket Notifications
The following section documents settings for configuring an Kafka
service as a target for Bucket Nofitications <minio-bucket-notifications>.
See minio-bucket-notifications-publish-kafka for a
tutorial on using these environment variables.
notify_kafka
The top-level configuration key for defining an Kafka service
endpoint for use with MinIO bucket notifications <minio-bucket-notifications>.
Use mc admin config set to set or update an Kafka
service endpoint. The ~notify_kafka.brokers argument is
required for each target. Specify additional optional arguments
as a whitespace (" ")-delimited list.
mc admin config set notify_kafka \
brokers="https://kafka1.example.net:9200, https://kafka2.example.net:9200"
[ARGUMENT="VALUE"] ... \You can specify multiple Kafka service endpoints by appending
[:name] to the top level key. For example, the following
commands set two distinct Kafka service endpoints as
primary and secondary respectively:
mc admin config set notify_kafka:primary \
brokers="https://kafka1.example.net:9200, https://kafka2.example.net:9200"
[ARGUMENT=VALUE ...]
mc admin config set notify_kafka:secondary \
brokers="https://kafka1.example.net:9200, https://kafka2.example.net:9200"
[ARGUMENT=VALUE ...]The notify_kafka
configuration key supports the following arguments:
brokers
Required
This configuration setting corresponds with the MINIO_NOTIFY_KAFKA_BROKERS
environment variable.
topic
Optional
This configuration setting corresponds with the MINIO_NOTIFY_KAFKA_TOPIC
environment variable.
sasl
Optional
This configuration setting corresponds with the MINIO_NOTIFY_KAFKA_SASL
environment variable.
sasl_username
Optional
This configuration setting corresponds with the MINIO_NOTIFY_KAFKA_SASL_USERNAME environment
variable.
sasl_password
Optional
This configuration setting corresponds with the MINIO_NOTIFY_KAFKA_SASL_PASSWORD environment
variable.
sasl_mechanism
Optional
This configuration setting corresponds with the MINIO_NOTIFY_KAFKA_SASL_MECHANISM environment
variable.
tls_client_auth
Optional
This configuration setting corresponds with the MINIO_NOTIFY_KAFKA_TLS_CLIENT_AUTH environment
variable.
tls
Optional
This configuration setting corresponds with the MINIO_NOTIFY_KAFKA_TLS
environment variable.
tls_skip_verify
Optional
This configuration setting corresponds with the MINIO_NOTIFY_KAFKA_TLS_SKIP_VERIFY environment
variable.
client_tls_cert
Optional
This configuration setting corresponds with the MINIO_NOTIFY_KAFKA_CLIENT_TLS_CERT environment
variable.
client_tls_key
Optional
This configuration setting corresponds with the MINIO_NOTIFY_KAFKA_CLIENT_TLS_KEY environment
variable.
version
Optional
This configuration setting corresponds with the MINIO_NOTIFY_KAFKA_VERSION
environment variable.
queue_dir
Optional
This configuration setting corresponds with the MINIO_NOTIFY_KAFKA_QUEUE_DIR environment
variable.
queue_limit
Optional
This configuration setting corresponds with the MINIO_NOTIFY_KAFKA_QUEUE_LIMIT environment
variable.
comment
Optional
This configuration setting corresponds with the MINIO_NOTIFY_KAFKA_COMMENT
environment variable.
Webhook Service for Bucket Notifications
The following section documents settings for configuring an Webhook
service as a target for Bucket Nofitications <minio-bucket-notifications>.
See minio-bucket-notifications-publish-webhook for a
tutorial on using these environment variables.
notify_webhook
The top-level configuration key for defining an Webhook service
endpoint for use with MinIO bucket notifications <minio-bucket-notifications>.
Use mc admin config set to set or update an Webhook
service endpoint. The ~notify_webhook.endpoint argument is
required for each target. Specify additional optional arguments
as a whitespace (" ")-delimited list.
mc admin config set notify_webhook \
endpoint="https://webhook.example.net"
[ARGUMENT="VALUE"] ... \You can specify multiple Webhook service endpoints by appending
[:name] to the top level key. For example, the following
commands set two distinct Webhook service endpoints as
primary and secondary respectively:
mc admin config set notify_webhook:primary \
endpoint="https://webhook1.example.net"
[ARGUMENT=VALUE ...]
mc admin config set notify_webhook:secondary \
endpoint="https://webhook2.example.net
[ARGUMENT=VALUE ...]The notify_webhook configuration key supports the
following arguments:
endpoint
Required
This configuration setting corresponds with the MINIO_NOTIFY_WEBHOOK_ENDPOINT environment
variable.
auth_token
Optional
An authentication token of the appropriate type for the endpoint. Omit for endpoints which do not require authentication.
To allow for a variety of token types, MinIO creates the request authentication header using the value exactly as specified. Depending on the endpoint, you may need to include additional information.
For example: for a Bearer token, prepend Bearer:
mc admin config set myminio notify_webhook \
endpoint="https://webhook-1.example.net" \
auth_token="Bearer 1a2b3c4f5e"Modify the value according to the endpoint requirements. A custom authentication format could resemble the following:
mc admin config set myminio notify_webhook \
endpoint="https://webhook-1.example.net" \
auth_token="ServiceXYZ 1a2b3c4f5e"Consult the documenation for the desired service for more details.
RELEASE.2023-06-23T20-26-00Z
MinIO redacts this value when returned as part of mc admin config get.
This configuration setting corresponds with the MINIO_NOTIFY_WEBHOOK_AUTH_TOKEN environment
variable.
queue_dir
Optional
This configuration setting corresponds with the MINIO_NOTIFY_WEBHOOK_QUEUE_DIR environment
variable.
queue_limit
Optional
This configuration setting corresponds with the MINIO_NOTIFY_WEBHOOK_QUEUE_LIMIT environment
variable.
client_cert
Optional
This configuration setting corresponds with the MINIO_NOTIFY_WEBHOOK_CLIENT_CERT environment
variable.
client_key
Optional
This configuration setting corresponds with the MINIO_NOTIFY_WEBHOOK_CLIENT_KEY environment
variable.
comment
Optional
This configuration setting corresponds with the MINIO_NOTIFY_WEBHOOK_COMMENT environment
variable.
Active Directory / LDAP Identity Management
The following section documents settings for enabling external identity management using an Active Directory or LDAP service.
mc idp ldap commands
are preferred
RELEASE.2023-05-26T23-31-54Z
MinIO recommends using the mc idp ldap commands for LDAP management operations.
These commands offer better validation and additional features, while
providing the same settings as the identity_ldap configuration key. See minio-authenticate-using-ad-ldap-generic for a
tutorial on using mc idp ldap.
The identity_ldap configuration key remains available
for existing scripts and other tools.
identity_ldap
The top-level key for configuring external identity management using Active Directory or LDAP
<minio-external-identity-management-ad-ldap>.
Use the mc admin config set command to set or update the
AD/LDAP configuration. The following arguments are
required:
~identity_ldap.server_addr~identity_ldap.lookup_bind_dn~identity_ldap.lookup_bind_password~identity_ldap.user_dn_search_base_dn~identity_ldap.user_dn_search_filter
mc admin config set identity_ldap \
enabled="true" \
server_addr="ad-ldap.example.net/" \
lookup_bind_dn="cn=miniolookupuser,dc=example,dc=net" \
lookup_bind_dn_password="userpassword" \
user_dn_search_base_dn="dc=example,dc=net" \
user_dn_search_filter="(&(objectCategory=user)(sAMAccountName=%s))"The identity_ldap configuration key supports the
following arguments:
server_addr
Required
This configuration setting corresponds with the MINIO_IDENTITY_LDAP_SERVER_ADDR environment
variable.
lookup_bind_dn
Required
This configuration setting corresponds with the MINIO_IDENTITY_LDAP_LOOKUP_BIND_DN environment
variable.
lookup_bind_password
Required
This configuration setting corresponds with the MINIO_IDENTITY_LDAP_LOOKUP_BIND_PASSWORD
environment variable.
user_dn_search_base_dn
Required
This configuration setting corresponds with the MINIO_IDENTITY_LDAP_USER_DN_SEARCH_BASE_DN
environment variable.
user_dn_search_filter
Required
This configuration setting corresponds with the MINIO_IDENTITY_LDAP_USER_DN_SEARCH_FILTER
environment variable.
enabled
Optional
Set to false to disable the AD/LDAP configuration.
If false, applications cannot generate STS credentials
or otherwise authenticate to MinIO using the configured provider.
Defaults to true or "enabled".
group_search_filter
Optional
This configuration setting corresponds with the MINIO_IDENTITY_LDAP_GROUP_SEARCH_FILTER environment
variable.
group_search_base_dn
Optional
This configuration setting corresponds with the MINIO_IDENTITY_LDAP_GROUP_SEARCH_BASE_DN
environment variable.
tls_skip_verify
Optional
This configuration setting corresponds with the MINIO_IDENTITY_LDAP_TLS_SKIP_VERIFY environment
variable.
server_insecure
Optional
This configuration setting corresponds with the MINIO_IDENTITY_LDAP_SERVER_INSECURE environment
variable.
server_starttls
Optional
This configuration setting corresponds with the MINIO_IDENTITY_LDAP_SERVER_STARTTLS environment
variable.
srv_record_name
RELEASE.2022-12-12T19-27-27Z
Optional
This configuration setting corresponds with the MINIO_IDENTITY_LDAP_SRV_RECORD_NAME environment
variable.
comment
Optional
This configuration setting corresponds with the MINIO_IDENTITY_LDAP_COMMENT environment
variable.
OpenID Identity Management
The following section documents settings for enabling external
identity management using an OpenID Connect (OIDC)-compatible provider.
See minio-external-identity-management-openid for a
tutorial on using these configuration settings.
identity_openid
The top-level configuration key for configuring external identity management using OpenID <minio-external-identity-management-openid>.
Use mc admin config set to set or update the OpenID
configuration. The ~identity_openid.config_url argument is
required. Specify additional optional arguments as a whitespace
(" ")-delimited list.
mc admin config set identity_openid \
config_url="https://openid-provider.example.net/.well-known/openid-configuration"
[ARGUMENT="VALUE"] ... \The identity_openid configuration key supports the
following arguments:
config_url
Required
This configuration setting corresponds with the MINIO_IDENTITY_OPENID_CONFIG_URL environment
variable.
enabled
Optional
Set to false to disable the OpenID configuration.
Applications cannot generate STS credentials or otherwise
authenticate to MinIO using the configured provider if set to
false.
Defaults to true or "enabled".
client_id
Optional
This configuration setting corresponds with the MINIO_IDENTITY_OPENID_CLIENT_ID environment
variable.
client_secret
Optional
This configuration setting corresponds with the MINIO_IDENTITY_OPENID_CLIENT_SECRET environment
variable.
role_policy
Optional
This configuration setting corresponds with the MINIO_IDENTITY_OPENID_ROLE_POLICY environment
variable. This setting is mutually exclusive with the identity_openid claim_name <identity_openid.claim_name>
configuration setting.
claim_name
Optional
This configuration setting corresponds with the MINIO_IDENTITY_OPENID_CLAIM_NAME environment
variable. This setting is mutually exclusive with the identity_openid role_policy <identity_openid.role_policy>
configuration setting.
claim_prefix
Optional
This configuration setting corresponds with the MINIO_IDENTITY_OPENID_CLAIM_PREFIX environment
variable.
display_name
Optional
scopes
This configuration setting corresponds with the MINIO_IDENTITY_OPENID_SCOPES environment
variable.
redirect_uri
Optional
This configuration setting corresponds with the MINIO_IDENTITY_OPENID_REDIRECT_URI environment
variable.
redirect_uri_dynamic
Optional
This configuration setting corresponds with the MINIO_IDENTITY_OPENID_REDIRECT_URI_DYNAMIC
environment variable.
claim_userinfo
Optional
This configuration setting corresponds with the MINIO_IDENTITY_OPENID_CLAIM_USERINFO environment
variable.
vendor
Optional
This configuration setting corresponds with the MINIO_IDENTITY_OPENID_VENDOR environment
variable.
keycloak_realm
Optional
This configuration setting corresponds with the MINIO_IDENTITY_OPENID_KEYCLOAK_REALM environment
variable.
Requires identity_openid.vendor set to
keycloak.
keycloak_admin_url
Optional
This configuration setting corresponds with the MINIO_IDENTITY_OPENID_KEYCLOAK_ADMIN_URL
environment variable.
Requires identity_openid.vendor set to
keycloak.
comment
This configuration setting corresponds with the MINIO_IDENTITY_OPENID_COMMENT environment
variable.
Identity Management Plugin
The following section documents settings for enabling external
identity management using the MinIO Identity Management Plugin. See
minio-external-identity-management-plugin for a
tutorial on using these configuration settings.
identity_plugin
The top-level configuration key for enabling minio-external-identity-management-plugin.
Use mc admin config set to set or update the
configuration. The ~identity_plugin.url and ~identity_plugin.role_policy arguments are
required. Specify additional optional arguments as a whitespace
(" ")-delimited list.
mc admin config set identity_plugin \
url="https://external-auth.example.net:8080/auth" \
role_policy="consoleAdmin" \
[ARGUMENT=VALUE] ... \The identity_plugin configuration key supports the
following arguments:
url
Required
role_policy
Required
enabled
Optional
Set to false to disable the identity provider
configuration.
Applications cannot generate STS credentials or otherwise
authenticate to MinIO using the configured provider if set to
false.
Defaults to true or "enabled".
token
Optional
role_id
Optional
comment
Optional
Data Compression
The following section documents settings for enabling data
compression for objects. See minio-data-compression for tutorials on using these
configuration settings.
compression
The top-level configuration key for enabling minio-data-compression.
Use mc admin config set to set or update the
configuration. Specify optional arguments as a whitespace
(" ")-delimited list.
mc admin config set compression \
[ARGUMENT=VALUE] ... \Enabling data compression compresses the following types of data by default:
The compression
configuration key supports the following arguments:
allow_encryption
Optional
This configuration setting corresponds with the MINIO_COMPRESSION_ALLOW_ENCRYPTION environment
variable.
comment
Optional
enable
Optional
This configuration setting corresponds with the MINIO_COMPRESSION_ENABLE
environment variable.
extensions
Optional
This configuration setting corresponds with the MINIO_COMPRESSION_EXTENSIONS environment
variable.
mime_types
Optional
This configuration setting corresponds with the MINIO_COMPRESSION_MIME_TYPES environment
variable.