--- title: Ping Identity DevOps Docker Image - pingauthorize description: This docker image includes the Ping Identity PingAuthorize product binaries and associated hook scripts to create and run a PingAuthorize instance or instances. component: devops page_id: devops::docker-images/pingauthorize/README canonical_url: https://developer.pingidentity.com/devops/docker-images/pingauthorize/README.html section_ids: devops-ping-identity-devops-docker-image: Ping Identity DevOps Docker Image - pingauthorize devops-related-docker-images: Related Docker Images devops-environment-variables: Environment Variables devops-ports-exposed: Ports Exposed devops-running-a-pingauthorize-container: Running a PingAuthorize container devops-stoppingremoving-the-container: Stopping/Removing the container devops-docker-container-hook-scripts: Docker Container Hook Scripts --- # Ping Identity DevOps Docker Image - `pingauthorize` ## Ping Identity DevOps Docker Image - `pingauthorize` This docker image includes the Ping Identity PingAuthorize product binaries and associated hook scripts to create and run a PingAuthorize instance or instances. ### Related Docker Images * `pingidentity/pingbase` - Parent Image > This image inherits, and can use, Environment Variables from [pingidentity/pingbase](https://devops.pingidentity.com/docker-images/pingbase/) * `pingidentity/pingdatacommon` - Common Ping files (i.e. hook scripts) ### Environment Variables In addition to environment variables inherited from **[pingidentity/pingbase](https://devops.pingidentity.com/docker-images/pingbase/)**, the following environment `ENV` variables can be used with this image. | ENV Variable | Default | Description | | ------------------------------------------ | --------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | SHIM | ${SHIM} | | | IMAGE\_VERSION | ${IMAGE\_VERSION} | | | IMAGE\_GIT\_REV | ${IMAGE\_GIT\_REV} | | | DATE | ${DATE} | | | PING\_PRODUCT\_VERSION | ${VERSION} | | | PING\_PRODUCT | PingAuthorize | Ping product name | | LICENSE\_DIR | ${PD\_LICENSE\_DIR} | PD License directory. This value is set from the pingbase dockerfile | | LICENSE\_FILE\_NAME | PingAuthorize.lic | Name of license file | | LICENSE\_SHORT\_NAME | PingAuthorize | Short name used when retrieving license from License Server | | LICENSE\_VERSION | ${LICENSE\_VERSION} | Version used when retrieving license from License Server | | MAX\_HEAP\_SIZE | 1g | Minimal Heap size required for PingAuthorize | | STARTUP\_COMMAND | ${SERVER\_ROOT\_DIR}/bin/start-server | The command that the entrypoint will execute in the foreground to instantiate the container | | STARTUP\_FOREGROUND\_OPTS | --nodetach | The command-line options to provide to the startup command when the container starts with the server in the foreground. This is the normal start flow for the container | | STARTUP\_BACKGROUND\_OPTS | | The command-line options to provide to the startup command when the container starts with the server in the background. This is the debug start flow for the container | | ROOT\_USER\_PASSWORD\_FILE | | Location of file with the root user password (i.e. cn=directory manager). Defaults to /SECRETS\_DIR/root-user-password | | ENCRYPTION\_PASSWORD\_FILE | | Location of file with the passphrase for setting up encryption Defaults to /SECRETS\_DIR/encryption-password | | KEYSTORE\_FILE | | Location of the keystore file containing the server certificate. If left undefined, the SECRETS\_DIR will be checked for a keystore. If that keystore does not exist, the server will generate a self-signed certificate. | | KEYSTORE\_PIN\_FILE | | Location of the pin file for the keystore defined in KEYSTORE\_FILE. You must specify a KEYSTORE\_PIN\_FILE when a KEYSTORE\_FILE is present. This value does not need to be defined when allowing the server to generate a self-signed certificate. | | KEYSTORE\_TYPE | | Format of the keystore defined in KEYSTORE\_FILE. One of "jks", "pkcs12", "pem", or "bcfks" (in FIPS mode). If not defined, the keystore format will be inferred based on the file extension of the KEYSTORE\_FILE, defaulting to "jks". | | TRUSTSTORE\_FILE | | Location of the truststore file for the server. If left undefined, the SECRETS\_DIR will be checked for a truststore. If that truststore does not exist, the server will generate a truststore, containing its own certificate. | | TRUSTSTORE\_PIN\_FILE | | Location of the pin file for the truststore defined in TRUSTSTORE\_FILE. You must specify a TRUSTSTORE\_PIN\_FILE when a TRUSTSTORE\_FILE is present. This value does not need to be defined when allowing the server to generate a truststore. | | TRUSTSTORE\_TYPE | | Format of the truststore defined in TRUSTSTORE\_FILE. One of "jks", "pkcs12", "pem", or "bcfks" (in FIPS mode). If not defined, the truststore format will be inferred based on the file extension of the TRUSTSTORE\_FILE, defaulting to "jks". | | TAIL\_LOG\_FILES | ${SERVER\_ROOT\_DIR}/logs/trace ${SERVER\_ROOT\_DIR}/logs/policy-decision ${SERVER\_ROOT\_DIR}/logs/ldap-access | Files tailed once container has started | | PD\_PROFILE | ${STAGING\_DIR}/pd.profile | Directory for the profile used by the PingData manage-profile tool | | UNBOUNDID\_SKIP\_START\_PRECHECK\_NODETACH | true | Setting this variable to true speeds up server startup time by skipping an unnecessary JVM check. | | CERTIFICATE\_NICKNAME | | There is an additional certificate-based variable used to identify the certificate alias used within the `KEYSTORE_FILE`. That variable is called `CERTIFICATE_NICKNAME`, which identifies the certificate to use by the server in the `KEYSTORE_FILE`. If a value is not provided, the container will look at the list certs found in the `KEYSTORE_FILE` and if one - and only one - certificate is found of type `PrivateKeyEntry`, that alias will be used. | | COLUMNS | 120 | Sets the number of columns in PingAuthorize command-line tool output | ### Ports Exposed The following ports are exposed from the container. If a variable is used, then it may come from a parent container * ${LDAP\_PORT} * ${LDAPS\_PORT} * ${HTTPS\_PORT} * ${JMX\_PORT} ### Running a PingAuthorize container The easiest way to test a simple standalone image of PingAuthorize is to cut/paste the following command into a terminal on a machine with docker. ```shell docker run \ --name pingauthorize \ --publish 1389:1389 \ --publish 8443:1443 \ --detach \ --env SERVER_PROFILE_URL=https://github.com/pingidentity/pingidentity-server-profiles.git \ --env SERVER_PROFILE_PATH=getting-started/pingauthorize \ --env PING_IDENTITY_ACCEPT_EULA=YES \ --env PING_IDENTITY_DEVOPS_USER \ --env PING_IDENTITY_DEVOPS_KEY \ --tmpfs /run/secrets \ pingidentity/pingauthorize:edge ``` You can view the Docker logs with the command: ```shell docker logs -f pingauthorize ``` You should see the ouptut from a PingAuthorize install and configuration, ending with a message the the PingAuthorize has started. After it starts, you will see some typical access logs. Simply `Ctrl-C` after to stop tailing the logs. ### Stopping/Removing the container To stop the container: ```shell docker container stop pingauthorize ``` To remove the container: ```shell docker container rm -f pingauthorize ``` ### Docker Container Hook Scripts Please go [here](https://github.com/pingidentity/pingidentity-devops-getting-started/tree/master/docs/docker-images/pingauthorize/hooks/README.md) for details on all pingauthorize hook scripts *** This document is auto-generated from *[pingauthorize/Dockerfile](https://github.com/pingidentity/pingidentity-docker-builds/blob/master/pingauthorize/Dockerfile)* Copyright © 2026 Ping Identity Corporation