Configuration Settings Reference

The following configuration settings can be applied when using Ping CLI.

The following configuration settings can be applied by using the config set command to persist the configuration value for a given Configuration Key in the Ping CLI configuration file.

The configuration file is created at .pingcli/config.yaml in the user’s home directory.

General properties

Configuration Key Data Type Equivalent Parameter Purpose

Configuration Key	Data Type	Equivalent Parameter	Purpose
`activeProfile`	String		The name of the stored custom configuration profile to use by default.
`noColor`	Boolean	`--no-color`	Disable text output in color.
`outputFormat`	String (Enum)	`--output-format` / `-O`	Specify the console output format. Options are: `json`, `text`.

activeProfile

String

The name of the stored custom configuration profile to use by default.

noColor

Boolean

--no-color

Disable text output in color.

outputFormat

String (Enum)

--output-format / -O

Specify the console output format. Options are: json, text.

Ping Identity platform service properties

Configuration Key Data Type Equivalent Parameter Purpose

Configuration Key	Data Type	Equivalent Parameter	Purpose
`service.pingfederate.adminAPIPath`	String	`--pingfederate-admin-api-path`	The PingFederate API URL path used to communicate with PingFederate’s admin API. Example: `/pf-admin-api/v1`
`service.pingfederate.authentication.accessTokenAuth.accessToken`	String	`--pingfederate-access-token`	The PingFederate access token used to authenticate to the PingFederate admin API when using a custom OAuth 2.0 token method.
`service.pingfederate.authentication.basicAuth.password`	String	`--pingfederate-password`	The PingFederate password used to authenticate to the PingFederate admin API when using basic authentication.
`service.pingfederate.authentication.basicAuth.username`	String	`--pingfederate-username`	The PingFederate username used to authenticate to the PingFederate admin API when using basic authentication. Example: `administrator`
`service.pingfederate.authentication.clientCredentialsAuth.clientID`	String	`--pingfederate-client-id`	The PingFederate OAuth client ID used to authenticate to the PingFederate admin API when using the OAuth 2.0 client credentials grant type.
`service.pingfederate.authentication.clientCredentialsAuth.clientSecret`	String	`--pingfederate-client-secret`	The PingFederate OAuth client secret used to authenticate to the PingFederate admin API when using the OAuth 2.0 client credentials grant type.
`service.pingfederate.authentication.clientCredentialsAuth.scopes`	String Array	`--pingfederate-scopes`	The PingFederate OAuth scopes used to authenticate to the PingFederate admin API when using the OAuth 2.0 client credentials grant type. Accepts a comma-separated string to delimit multiple scopes. Example: `openid,profile`
`service.pingfederate.authentication.clientCredentialsAuth.tokenURL`	String	`--pingfederate-token-url`	The PingFederate OAuth token URL used to authenticate to the PingFederate admin API when using the OAuth 2.0 client credentials grant type.
`service.pingfederate.authentication.type`	String (Enum)	`--pingfederate-authentication-type`	The authentication type to use when connecting to the PingFederate admin API. Options are `accessTokenAuth`, `basicAuth`, and `clientCredentialsAuth`. Example: `basicAuth`
`service.pingfederate.caCertificatePemFiles`	String Array	`--pingfederate-ca-certificate-pem-files`	Relative or full paths to PEM-encoded certificate files to be trusted as root CAs when connecting to the PingFederate server over HTTPS. Accepts a comma-separated string to delimit multiple PEM files.
`service.pingfederate.httpsHost`	String	`--pingfederate-https-host`	The PingFederate HTTPS host used to communicate with PingFederate’s admin API. Example: `https://pingfederate-admin.bxretail.org`
`service.pingfederate.insecureTrustAllTLS`	Boolean	`--pingfederate-insecure-trust-all-tls`	Trust any certificate when connecting to the PingFederate server admin API. This is insecure and shouldn’t be enabled outside of testing.
`service.pingfederate.xBypassExternalValidationHeader`	Boolean	`--pingfederate-x-bypass-external-validation-header`	Bypass connection tests when configuring PingFederate (the `X-BypassExternalValidation` header when using PingFederate’s admin API).
`service.pingone.authentication.type`	String (Enum)	`--pingone-authentication-type`	The authentication type to use to authenticate to the PingOne management API. Option is `worker`. Example: `worker`
`service.pingone.authentication.worker.clientID`	String (UUID Format)	`--pingone-worker-client-id`	The worker client ID used to authenticate to the PingOne management API.
`service.pingone.authentication.worker.clientSecret`	String	`--pingone-worker-client-secret`	The worker client secret used to authenticate to the PingOne management API.
`service.pingone.authentication.worker.environmentID`	String (UUID Format)	`--pingone-worker-environment-id`	The ID of the PingOne environment that contains the worker client used to authenticate to the PingOne management API.
`service.pingone.regionCode`	String (Enum)	`--pingone-region-code`	The region code of the PingOne tenant. Options are: `AP`, `AU`, `CA`, `EU`, `NA`. Example: `NA`

service.pingfederate.adminAPIPath

String

--pingfederate-admin-api-path

The PingFederate API URL path used to communicate with PingFederate’s admin API. Example: /pf-admin-api/v1

service.pingfederate.authentication.accessTokenAuth.accessToken

String

--pingfederate-access-token

The PingFederate access token used to authenticate to the PingFederate admin API when using a custom OAuth 2.0 token method.

service.pingfederate.authentication.basicAuth.password

String

--pingfederate-password

The PingFederate password used to authenticate to the PingFederate admin API when using basic authentication.

service.pingfederate.authentication.basicAuth.username

String

--pingfederate-username

The PingFederate username used to authenticate to the PingFederate admin API when using basic authentication. Example: administrator

service.pingfederate.authentication.clientCredentialsAuth.clientID

String

--pingfederate-client-id

The PingFederate OAuth client ID used to authenticate to the PingFederate admin API when using the OAuth 2.0 client credentials grant type.

service.pingfederate.authentication.clientCredentialsAuth.clientSecret

String

--pingfederate-client-secret

The PingFederate OAuth client secret used to authenticate to the PingFederate admin API when using the OAuth 2.0 client credentials grant type.

service.pingfederate.authentication.clientCredentialsAuth.scopes

String Array

--pingfederate-scopes

The PingFederate OAuth scopes used to authenticate to the PingFederate admin API when using the OAuth 2.0 client credentials grant type. Accepts a comma-separated string to delimit multiple scopes. Example: openid,profile

service.pingfederate.authentication.clientCredentialsAuth.tokenURL

String

--pingfederate-token-url

The PingFederate OAuth token URL used to authenticate to the PingFederate admin API when using the OAuth 2.0 client credentials grant type.

service.pingfederate.authentication.type

String (Enum)

--pingfederate-authentication-type

The authentication type to use when connecting to the PingFederate admin API. Options are accessTokenAuth, basicAuth, and clientCredentialsAuth. Example: basicAuth

service.pingfederate.caCertificatePemFiles

String Array

--pingfederate-ca-certificate-pem-files

Relative or full paths to PEM-encoded certificate files to be trusted as root CAs when connecting to the PingFederate server over HTTPS. Accepts a comma-separated string to delimit multiple PEM files.

service.pingfederate.httpsHost

String

--pingfederate-https-host

The PingFederate HTTPS host used to communicate with PingFederate’s admin API. Example: https://pingfederate-admin.bxretail.org

service.pingfederate.insecureTrustAllTLS

Boolean

--pingfederate-insecure-trust-all-tls

Trust any certificate when connecting to the PingFederate server admin API. This is insecure and shouldn’t be enabled outside of testing.

service.pingfederate.xBypassExternalValidationHeader

Boolean

--pingfederate-x-bypass-external-validation-header

Bypass connection tests when configuring PingFederate (the X-BypassExternalValidation header when using PingFederate’s admin API).

service.pingone.authentication.type

String (Enum)

--pingone-authentication-type

The authentication type to use to authenticate to the PingOne management API. Option is worker. Example: worker

service.pingone.authentication.worker.clientID

String (UUID Format)

--pingone-worker-client-id

The worker client ID used to authenticate to the PingOne management API.

service.pingone.authentication.worker.clientSecret

String

--pingone-worker-client-secret

The worker client secret used to authenticate to the PingOne management API.

service.pingone.authentication.worker.environmentID

String (UUID Format)

--pingone-worker-environment-id

The ID of the PingOne environment that contains the worker client used to authenticate to the PingOne management API.

service.pingone.regionCode

String (Enum)

--pingone-region-code

The region code of the PingOne tenant. Options are: AP, AU, CA, EU, NA. Example: NA

Platform export properties

Configuration Key Data Type Equivalent Parameter Purpose

Configuration Key	Data Type	Equivalent Parameter	Purpose
`export.format`	String	`--format` / `-f`	Specifies the export format. Options are: `HCL`.
`export.outputDirectory`	String	`--output-directory` / `-d`	Specifies the output directory for export. Example: `$HOME/pingcli-export`
`export.overwrite`	Boolean	`--overwrite` / `-o`	Overwrites the existing generated exports in output directory.
`export.pingone.environmentID`	String (UUID Format)	`--pingone-export-environment-id`	The ID of the PingOne environment to export. Must be a valid PingOne UUID.
`export.services`	String (Enum)	`--services` / `-s`	Specifies the service(s) to export. Accepts a comma-separated string to delimit multiple services. Options are `pingfederate`, `pingone-mfa`, `pingone-platform`, `pingone-protect`, and `pingone-sso`. Example: `pingone-sso,pingone-mfa,pingfederate`

export.format

String

--format / -f

Specifies the export format. Options are: HCL.

export.outputDirectory

String

--output-directory / -d

Specifies the output directory for export. Example: $HOME/pingcli-export

export.overwrite

Boolean

--overwrite / -o

Overwrites the existing generated exports in output directory.

export.pingone.environmentID

String (UUID Format)

--pingone-export-environment-id

The ID of the PingOne environment to export. Must be a valid PingOne UUID.

export.services

String (Enum)

--services / -s

Specifies the service(s) to export. Accepts a comma-separated string to delimit multiple services. Options are pingfederate, pingone-mfa, pingone-platform, pingone-protect, and pingone-sso. Example: pingone-sso,pingone-mfa,pingfederate

Custom request properties

Configuration Key Data Type Equivalent Parameter Purpose

Configuration Key	Data Type	Equivalent Parameter	Purpose
`request.service`	String (Enum)	`--service` / `-s`	The Ping Identity service (configured in the active profile) to which to send the custom request. Options are: `pingone`. Example: `pingone`

request.service

String (Enum)

--service / -s

The Ping Identity service (configured in the active profile) to which to send the custom request. Options are: pingone. Example: pingone

Configuration Automation - Ping CLI

Configuration Settings Reference

General properties

Ping Identity platform service properties

Platform export properties

Custom request properties