Configure CLI settings
The pingcli config command provides four subcommands for reading, writing, and removing configuration values stored in the Ping CLI configuration file. You can find a complete list of available configuration keys and their descriptions in the Configuration settings reference.
Configuration values are stored per-profile. All commands operate on the active profile unless you specify a profile with the --profile / -P flag. For information about creating and managing profiles, refer to Managing Configuration Profiles.
|
Runtime configuration options
Ping CLI supports multiple ways to supply configuration values at runtime:
-
Inline parameters: Pass values directly when invoking a command. Refer to the Command Reference for a full list of available parameters for each command.
-
Configuration file: Persist values in the Ping CLI configuration file, attached to a named configuration profile. Use the commands on this page to read, write, and remove configuration file values.
-
Environment variables: Set values in the shell before running a command. This is most useful in CI/CD environments. Variable names follow the pattern
PINGCLI_*, for examplePINGCLI_OUTPUT_FORMAT.
When the same key is set in multiple places, inline parameters take precedence over environment variables, which take precedence over the configuration file.
Configuration file location
The Ping CLI configuration file is created at .pingcli/config.yaml in the user’s home directory. Configuration is stored in a version-controlled format (configuration model version 2). When Ping CLI is run for the first time after upgrading from a previous major version, any existing configuration is automatically migrated to the current model version.
List available configuration keys
Before setting values, use the pingcli config list-keys command to see every key that Ping CLI can store:
pingcli config list-keysTo output the keys in YAML format (useful for scripting or comparing with a configuration file):
pingcli config list-keys --yamlFor descriptions of each key and its accepted values, see Configuration settings reference.
Set a configuration value
Use the pingcli config set command to persist a value for a configuration key.
Set a value on the active profile:
pingcli config set outputFormat=jsonSet a value on a named profile without changing the active profile:
pingcli config set --profile prod outputFormat=textSet a service-specific setting, for example the PingOne endpoint root domain for a non-default region:
pingcli config set service.pingOne.endpoint.rootDomain=pingone.euRead a configuration value
Use the pingcli config get command to retrieve a stored value.
Read a single key from the active profile:
pingcli config get outputFormatRead all configuration values under a namespace by passing a prefix. For example, to read all PingOne settings:
pingcli config get pingoneRead a key from a named profile:
pingcli config get --profile prod service.pingOne.endpoint.rootDomainRemove a configuration value
Use the pingcli config unset command to remove a stored value. After unsetting, the key reverts to its built-in default.
Remove a value from the active profile:
pingcli config unset outputFormatRemove a value from a named profile:
pingcli config unset --profile prod service.pingOne.endpoint.rootDomain|
The |
Working with sensitive values
Ping CLI masks secret values (such as passwords and client secrets) in command output by default. To reveal the actual value, add the --unmask-values / -U flag.
Read a client secret with its value unmasked:
pingcli config get --unmask-values service.pingOne.authentication.clientCredentials.clientSecretSet a password and confirm the stored value in a single step:
pingcli config set --unmask-values service.pingFederate.authentication.basicAuth.password=mysecret|
Unmasked output displays credentials in plain text in your terminal and shell history. Avoid using |