--- title: Ping Identity DevOps Docker Image - pingbase description: This docker image provides a base image for all Ping Identity DevOps product images. component: devops page_id: devops::docker-images/pingbase/README canonical_url: https://developer.pingidentity.com/devops/docker-images/pingbase/README.html section_ids: devops-ping-identity-docker-image: Ping Identity Docker Image - pingbase devops-environment-variables: Environment Variables devops-docker-container-hook-scripts: Docker Container Hook Scripts --- # Ping Identity DevOps Docker Image - `pingbase` ## Ping Identity Docker Image - `pingbase` This docker image provides a base image for all Ping Identity DevOps product images. ### Environment Variables The following environment `ENV` variables can be used with this image. | ENV Variable | Default | Description | | ----------------------------------- | ---------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | BASE | ${BASE:-/opt} | Location of the top level directory where everything is located in image/container | | ROOT\_USER | administrator | the default administrative user for PingData | | JAVA\_HOME | /opt/java | | | STAGING\_DIR | ${BASE}/staging | Path to the staging area where the remote and local server profiles can be merged | | OUT\_DIR | ${BASE}/out | Path to the runtime volume | | SERVER\_ROOT\_DIR | ${OUT\_DIR}/instance | Path from which the runtime executes | | IN\_DIR | ${BASE}/in | Location of a local server-profile volume | | SERVER\_BITS\_DIR | ${BASE}/server | Path to the server bits | | BAK\_DIR | ${BASE}/backup | Path to a volume generically used to export or backup data | | LOGS\_DIR | ${BASE}/logs | Path to a volume generically used for logging | | PING\_IDENTITY\_ACCEPT\_EULA | NO | Must be set to 'YES' for the container to start | | PING\_IDENTITY\_DEVOPS\_FILE | devops-secret | File name for devops-creds passed as a Docker secret | | STAGING\_MANIFEST | ${BASE}/staging-manifest.txt | Path to a manifest of files expected in the staging dir on first image startup | | CLEAN\_STAGING\_DIR | false | Whether to clean the staging dir when the image starts | | SECRETS\_DIR | /run/secrets | Default path to the secrets | | TOPOLOGY\_FILE | ${STAGING\_DIR}/topology.json | Path to the topology file | | HOOKS\_DIR | ${STAGING\_DIR}/hooks | Path where all the hooks scripts are stored | | CONTAINER\_ENV | ${STAGING\_DIR}/.env | Environment Property file use to share variables between scripts in container | | SERVER\_PROFILE\_DIR | /tmp/server-profile | Path where the remote server profile is checked out or cloned before being staged prior to being applied on the runtime | | SERVER\_PROFILE\_URL | | A valid git HTTPS URL (not ssh) | | SERVER\_PROFILE\_URL\_REDACT | true | When set to "true", the server profile git URL will not be printed to container output. | | SERVER\_PROFILE\_BRANCH | | A valid git branch (optional) | | SERVER\_PROFILE\_PATH | | The subdirectory in the git repo | | SERVER\_PROFILE\_UPDATE | false | Whether to update the server profile upon container restart | | SECURITY\_CHECKS\_STRICT | false | Requires strict checks on security | | SECURITY\_CHECKS\_FILENAME | .jwk .pin | Perform a check for filenames that may violate security (i.e. secret material) | | UNSAFE\_CONTINUE\_ON\_ERROR | | If this is set to true, then the container will provide a hard warning and continue. | | LICENSE\_DIR | ${SERVER\_ROOT\_DIR} | License directory | | PD\_LICENSE\_DIR | ${STAGING\_DIR}/pd.profile/server-root/pre-setup | PD License directory. Separating from above LICENSE\_DIR to differentiate for different products | | STARTUP\_COMMAND | | The command that the entrypoint will execute in the foreground to instantiate the container | | STARTUP\_FOREGROUND\_OPTS | | The command-line options to provide to the the startup command when the container starts with the server in the foreground. This is the normal start flow for the container | | STARTUP\_BACKGROUND\_OPTS | | The command-line options to provide to the the startup command when the container starts with the server in the background. This is the debug start flow for the container | | PING\_IDENTITY\_DEVOPS\_KEY\_REDACT | true | | | TAIL\_LOG\_FILES | | A whitespace separated list of log files to tail to the container standard output - DO NOT USE WILDCARDS like /path/to/logs/\*.log | | COLORIZE\_LOGS | true | If 'true', the output logs will be colorized with GREENs and REDs, otherwise, no colorization will be done. This is good for tools that monitor logs and colorization gets in the way. | | LOCATION | Docker | Location default value If PingDirectory is deployed in multi cluster mode, that is, K8S\_CLUSTER, K8S\_CLUSTERS and K8S\_SEED\_CLUSTER are defined, LOCATION is ignored and K8S\_CLUSTER is used as the location | | LOCATION\_VALIDATION | true | Any string denoting a logical/physical location | | MAX\_HEAP\_SIZE | 384m | Heap size (for java products) | | JVM\_TUNING | AGGRESSIVE | | | JAVA\_RAM\_PERCENTAGE | 75.0 | Percentage of the container memory to allocate to PingFederate JVM DO NOT set to 100% or your JVM will exit with OutOfMemory errors and the container will terminate | | VERBOSE | false | Triggers verbose messages in scripts using the set -x option. | | PING\_DEBUG | false | Set the server in debug mode, with increased output | | PING\_PRODUCT | | The name of Ping product, i.e. PingFederate, PingDirectory - must be a valid Ping product type. This variable should be overridden by child images. | | PING\_PRODUCT\_VALIDATION | true | i.e. PingFederate,PingDirectory | | ADDITIONAL\_SETUP\_ARGS | | List of setup arguments passed to Ping Data setup-arguments.txt file | | LDAP\_PORT | 1389 | Port over which to communicate for LDAP | | LDAPS\_PORT | 1636 | Port over which to communicate for LDAPS | | HTTPS\_PORT | 1443 | Port over which to communicate for HTTPS | | JMX\_PORT | 1689 | Port for monitoring over JMX protocol | | ORCHESTRATION\_TYPE | | The type of orchestration tool used to run the container, normally set in the deployment (.yaml) file. Expected values include: - compose - swarm - kubernetes Defaults to blank (i.e. No type is set) | | USER\_BASE\_DN | dc=example,dc=com | Base DN for user data | | DOLLAR | '$' | Variable with a literal value of '$', to avoid unwanted variable substitution | | PD\_ENGINE\_PUBLIC\_HOSTNAME | localhost | PD (PingDirectory) public hostname that may be used in redirects | | PD\_ENGINE\_PRIVATE\_HOSTNAME | pingdirectory | PD (PingDirectory) private hostname | | PDP\_ENGINE\_PUBLIC\_HOSTNAME | localhost | PDP (PingDirectoryProxy) public hostname that may be used in redirects | | PDP\_ENGINE\_PRIVATE\_HOSTNAME | pingdirectoryproxy | PDP (PingDirectoryProxy) private hostname | | PDS\_ENGINE\_PUBLIC\_HOSTNAME | localhost | PDS (PingDataSync) public hostname that may be used in redirects | | PDS\_ENGINE\_PRIVATE\_HOSTNAME | pingdatasync | PDS (PingDataSync) private hostname | | PAZ\_ENGINE\_PUBLIC\_HOSTNAME | localhost | PAZ (PingAuthorize) public hostname that may be used in redirects | | PAZ\_ENGINE\_PRIVATE\_HOSTNAME | pingauthorize | PAZ (PingAuthorize) private hostname | | PAZP\_ENGINE\_PUBLIC\_HOSTNAME | localhost | PAZP (PingAuthorize-PAP) public hostname that may be used in redirects | | PAZP\_ENGINE\_PRIVATE\_HOSTNAME | pingauthorizepap | PAZP (PingAuthorize-PAP) private hostname | | PF\_ENGINE\_PUBLIC\_HOSTNAME | localhost | PF (PingFederate) engine public hostname that may be used in redirects | | PF\_ENGINE\_PRIVATE\_HOSTNAME | pingfederate | PF (PingFederate) engine private hostname | | PF\_ADMIN\_PUBLIC\_BASEURL | https\://localhost:9999 | PF (PingFederate) admin public baseurl that may be used in redirects | | PF\_ADMIN\_PUBLIC\_HOSTNAME | localhost | PF (PingFederate) admin public hostname that may be used in redirects | | PF\_ADMIN\_PRIVATE\_HOSTNAME | pingfederate-admin | PF (PingFederate) admin private hostname | | PA\_ENGINE\_PUBLIC\_HOSTNAME | localhost | PA (PingAccess) engine public hostname that may be used in redirects | | PA\_ENGINE\_PRIVATE\_HOSTNAME | pingaccess | PA (PingAccess) engine private hostname | | PA\_ADMIN\_PUBLIC\_HOSTNAME | localhost | PA (PingAccess) admin public hostname that may be used in redirects | | PA\_ADMIN\_PRIVATE\_HOSTNAME | pingaccess-admin | PA (PingAccess) admin private hostname | | ROOT\_USER\_DN | cn=${ROOT\_USER} | DN of the server root user | | ENV | ${BASE}/.profile | | | PS1 | \\${PING\_PRODUCT}:\h:\w\n> | Default shell prompt (i.e. productName:hostname:workingDir) | | PATH | ${JAVA\_HOME}/bin:${BASE}:${SERVER\_ROOT\_DIR}/bin:${PATH} | PATH used by the container | ### Docker Container Hook Scripts Please go [here](https://github.com/pingidentity/pingidentity-devops-getting-started/tree/master/docs/docker-images/pingbase/hooks/README.md) for details on all pingbase hook scripts *** This document is auto-generated from *[pingbase/Dockerfile](https://github.com/pingidentity/pingidentity-docker-builds/blob/master/pingbase/Dockerfile)* Copyright © 2026 Ping Identity Corporation