Configuration Settings Reference

The following configuration settings can be applied when using Ping CLI.

The following configuration settings can be applied by using the config set command to persist the configuration value for a given Configuration Key in the Ping CLI configuration file.

The configuration file is created at .pingcli/config.yaml in the user’s home directory.

General Properties

Configuration Key Equivalent Parameter Environment Variable Data Type Purpose

Configuration Key	Equivalent Parameter	Environment Variable	Data Type	Purpose
`activeProfile`			String
`description`			String
`detailedExitCode`	`--detailed-exitcode` / `-D`	PINGCLI_DETAILED_EXITCODE	Boolean	Enable detailed exit code output. (default false) 0 - pingcli command succeeded with no errors or warnings. 1 - pingcli command failed with errors. 2 - pingcli command succeeded with warnings.
`noColor`	`--no-color`	PINGCLI_NO_COLOR	Boolean	Disable text output in color. (default false)
`outputFormat`	`--output-format` / `-O`	PINGCLI_OUTPUT_FORMAT	String (Enum)	Specify the console output format. (default text) Options are: json, text.
`plugins`			String Array

activeProfile

String

description

String

detailedExitCode

--detailed-exitcode / -D

PINGCLI_DETAILED_EXITCODE

Boolean

Enable detailed exit code output. (default false) 0 - pingcli command succeeded with no errors or warnings. 1 - pingcli command failed with errors. 2 - pingcli command succeeded with warnings.

noColor

--no-color

PINGCLI_NO_COLOR

Boolean

Disable text output in color. (default false)

outputFormat

--output-format / -O

PINGCLI_OUTPUT_FORMAT

String (Enum)

Specify the console output format. (default text) Options are: json, text.

plugins

String Array

Ping Identity Platform Service Properties

Configuration Key Equivalent Parameter Environment Variable Data Type Purpose

Configuration Key	Equivalent Parameter	Environment Variable	Data Type	Purpose
`service.pingfederate.adminAPIPath`	`--pingfederate-admin-api-path`	PINGCLI_PINGFEDERATE_ADMIN_API_PATH	String	The PingFederate API URL path used to communicate with PingFederate’s admin API. (default /pf-admin-api/v1)
`service.pingfederate.authentication.accessTokenAuth.accessToken`	`--pingfederate-access-token`	PINGCLI_PINGFEDERATE_ACCESS_TOKEN	String	The PingFederate access token used to authenticate to the PingFederate admin API when using a custom OAuth 2.0 token method.
`service.pingfederate.authentication.basicAuth.password`	`--pingfederate-password`	PINGCLI_PINGFEDERATE_PASSWORD	String	The PingFederate password used to authenticate to the PingFederate admin API when using basic authentication.
`service.pingfederate.authentication.basicAuth.username`	`--pingfederate-username`	PINGCLI_PINGFEDERATE_USERNAME	String	The PingFederate username used to authenticate to the PingFederate admin API when using basic authentication. Example: 'administrator'
`service.pingfederate.authentication.clientCredentialsAuth.clientID`	`--pingfederate-client-id`	PINGCLI_PINGFEDERATE_CLIENT_ID	String	The PingFederate OAuth client ID used to authenticate to the PingFederate admin API when using the OAuth 2.0 client credentials grant type.
`service.pingfederate.authentication.clientCredentialsAuth.clientSecret`	`--pingfederate-client-secret`	PINGCLI_PINGFEDERATE_CLIENT_SECRET	String	The PingFederate OAuth client secret used to authenticate to the PingFederate admin API when using the OAuth 2.0 client credentials grant type.
`service.pingfederate.authentication.clientCredentialsAuth.scopes`	`--pingfederate-scopes`	PINGCLI_PINGFEDERATE_SCOPES	String Array	The PingFederate OAuth scopes used to authenticate to the PingFederate admin API when using the OAuth 2.0 client credentials grant type. (default []) Accepts a comma-separated string to delimit multiple scopes. Example: 'openid,profile'
`service.pingfederate.authentication.clientCredentialsAuth.tokenURL`	`--pingfederate-token-url`	PINGCLI_PINGFEDERATE_TOKEN_URL	String	The PingFederate OAuth token URL used to authenticate to the PingFederate admin API when using the OAuth 2.0 client credentials grant type.
`service.pingfederate.authentication.type`	`--pingfederate-authentication-type`	PINGCLI_PINGFEDERATE_AUTHENTICATION_TYPE	String (Enum)	The authentication type to use when connecting to the PingFederate admin API. Options are: accessTokenAuth, basicAuth, clientCredentialsAuth. Example: 'basicAuth'
`service.pingfederate.caCertificatePemFiles`	`--pingfederate-ca-certificate-pem-files`	PINGCLI_PINGFEDERATE_CA_CERTIFICATE_PEM_FILES	String Array	Relative or full paths to PEM-encoded certificate files to be trusted as root CAs when connecting to the PingFederate server over HTTPS. (default []) Accepts a comma-separated string to delimit multiple PEM files.
`service.pingfederate.httpsHost`	`--pingfederate-https-host`	PINGCLI_PINGFEDERATE_HTTPS_HOST	String	The PingFederate HTTPS host used to communicate with PingFederate’s admin API. Example: 'https://pingfederate-admin.bxretail.org'
`service.pingfederate.insecureTrustAllTLS`	`--pingfederate-insecure-trust-all-tls`	PINGCLI_PINGFEDERATE_INSECURE_TRUST_ALL_TLS	Boolean	Trust any certificate when connecting to the PingFederate server admin API. (default false) This is insecure and shouldn’t be enabled outside of testing.
`service.pingfederate.xBypassExternalValidationHeader`	`--pingfederate-x-bypass-external-validation-header`	PINGCLI_PINGFEDERATE_X_BYPASS_EXTERNAL_VALIDATION_HEADER	Boolean	Bypass connection tests when configuring PingFederate (the X-BypassExternalValidation header when using PingFederate’s admin API). (default false)
`service.pingone.authentication.type`	`--pingone-authentication-type`	PINGCLI_PINGONE_AUTHENTICATION_TYPE	String (Enum)	The authentication type to use to authenticate to the PingOne management API. (default worker) Options are: worker.
`service.pingone.authentication.worker.clientID`	`--pingone-worker-client-id`	PINGCLI_PINGONE_WORKER_CLIENT_ID	String (UUID Format)	The worker client ID used to authenticate to the PingOne management API.
`service.pingone.authentication.worker.clientSecret`	`--pingone-worker-client-secret`	PINGCLI_PINGONE_WORKER_CLIENT_SECRET	String	The worker client secret used to authenticate to the PingOne management API.
`service.pingone.authentication.worker.environmentID`	`--pingone-worker-environment-id`	PINGCLI_PINGONE_WORKER_ENVIRONMENT_ID	String (UUID Format)	The ID of the PingOne environment that contains the worker client used to authenticate to the PingOne management API.
`service.pingone.regionCode`	`--pingone-region-code`	PINGCLI_PINGONE_REGION_CODE	String (Enum)	The region code of the PingOne tenant. Options are: AP, AU, CA, EU, NA. Example: 'NA'

service.pingfederate.adminAPIPath

--pingfederate-admin-api-path

PINGCLI_PINGFEDERATE_ADMIN_API_PATH

String

The PingFederate API URL path used to communicate with PingFederate’s admin API. (default /pf-admin-api/v1)

service.pingfederate.authentication.accessTokenAuth.accessToken

--pingfederate-access-token

PINGCLI_PINGFEDERATE_ACCESS_TOKEN

String

The PingFederate access token used to authenticate to the PingFederate admin API when using a custom OAuth 2.0 token method.

service.pingfederate.authentication.basicAuth.password

--pingfederate-password

PINGCLI_PINGFEDERATE_PASSWORD

String

The PingFederate password used to authenticate to the PingFederate admin API when using basic authentication.

service.pingfederate.authentication.basicAuth.username

--pingfederate-username

PINGCLI_PINGFEDERATE_USERNAME

String

The PingFederate username used to authenticate to the PingFederate admin API when using basic authentication. Example: 'administrator'

service.pingfederate.authentication.clientCredentialsAuth.clientID

--pingfederate-client-id

PINGCLI_PINGFEDERATE_CLIENT_ID

String

The PingFederate OAuth client ID used to authenticate to the PingFederate admin API when using the OAuth 2.0 client credentials grant type.

service.pingfederate.authentication.clientCredentialsAuth.clientSecret

--pingfederate-client-secret

PINGCLI_PINGFEDERATE_CLIENT_SECRET

String

The PingFederate OAuth client secret used to authenticate to the PingFederate admin API when using the OAuth 2.0 client credentials grant type.

service.pingfederate.authentication.clientCredentialsAuth.scopes

--pingfederate-scopes

PINGCLI_PINGFEDERATE_SCOPES

String Array

The PingFederate OAuth scopes used to authenticate to the PingFederate admin API when using the OAuth 2.0 client credentials grant type. (default []) Accepts a comma-separated string to delimit multiple scopes. Example: 'openid,profile'

service.pingfederate.authentication.clientCredentialsAuth.tokenURL

--pingfederate-token-url

PINGCLI_PINGFEDERATE_TOKEN_URL

String

The PingFederate OAuth token URL used to authenticate to the PingFederate admin API when using the OAuth 2.0 client credentials grant type.

service.pingfederate.authentication.type

--pingfederate-authentication-type

PINGCLI_PINGFEDERATE_AUTHENTICATION_TYPE

String (Enum)

The authentication type to use when connecting to the PingFederate admin API. Options are: accessTokenAuth, basicAuth, clientCredentialsAuth. Example: 'basicAuth'

service.pingfederate.caCertificatePemFiles

--pingfederate-ca-certificate-pem-files

PINGCLI_PINGFEDERATE_CA_CERTIFICATE_PEM_FILES

String Array

Relative or full paths to PEM-encoded certificate files to be trusted as root CAs when connecting to the PingFederate server over HTTPS. (default []) Accepts a comma-separated string to delimit multiple PEM files.

service.pingfederate.httpsHost

--pingfederate-https-host

PINGCLI_PINGFEDERATE_HTTPS_HOST

String

The PingFederate HTTPS host used to communicate with PingFederate’s admin API. Example: 'https://pingfederate-admin.bxretail.org'

service.pingfederate.insecureTrustAllTLS

--pingfederate-insecure-trust-all-tls

PINGCLI_PINGFEDERATE_INSECURE_TRUST_ALL_TLS

Boolean

Trust any certificate when connecting to the PingFederate server admin API. (default false) This is insecure and shouldn’t be enabled outside of testing.

service.pingfederate.xBypassExternalValidationHeader

--pingfederate-x-bypass-external-validation-header

PINGCLI_PINGFEDERATE_X_BYPASS_EXTERNAL_VALIDATION_HEADER

Boolean

Bypass connection tests when configuring PingFederate (the X-BypassExternalValidation header when using PingFederate’s admin API). (default false)

service.pingone.authentication.type

--pingone-authentication-type

PINGCLI_PINGONE_AUTHENTICATION_TYPE

String (Enum)

The authentication type to use to authenticate to the PingOne management API. (default worker) Options are: worker.

service.pingone.authentication.worker.clientID

--pingone-worker-client-id

PINGCLI_PINGONE_WORKER_CLIENT_ID

String (UUID Format)

The worker client ID used to authenticate to the PingOne management API.

service.pingone.authentication.worker.clientSecret

--pingone-worker-client-secret

PINGCLI_PINGONE_WORKER_CLIENT_SECRET

String

The worker client secret used to authenticate to the PingOne management API.

service.pingone.authentication.worker.environmentID

--pingone-worker-environment-id

PINGCLI_PINGONE_WORKER_ENVIRONMENT_ID

String (UUID Format)

The ID of the PingOne environment that contains the worker client used to authenticate to the PingOne management API.

service.pingone.regionCode

--pingone-region-code

PINGCLI_PINGONE_REGION_CODE

String (Enum)

The region code of the PingOne tenant. Options are: AP, AU, CA, EU, NA. Example: 'NA'

Platform Export Properties

Configuration Key Equivalent Parameter Environment Variable Data Type Purpose

Configuration Key	Equivalent Parameter	Environment Variable	Data Type	Purpose
`export.format`	`--format` / `-f`	PINGCLI_EXPORT_FORMAT	String (Enum)	Specifies the export format. (default HCL) Options are: HCL.
`export.outputDirectory`	`--output-directory` / `-d`	PINGCLI_EXPORT_OUTPUT_DIRECTORY	String	Specifies the output directory for export. Can be an absolute filepath or a relative filepath of the present working directory. Example: '/Users/example/pingcli-export' Example: 'pingcli-export'
`export.overwrite`	`--overwrite` / `-o`	PINGCLI_EXPORT_OVERWRITE	Boolean	Overwrites the existing generated exports in output directory. (default false)
`export.pingone.environmentID`	`--pingone-export-environment-id`	PINGCLI_PINGONE_EXPORT_ENVIRONMENT_ID	String (UUID Format)	The ID of the PingOne environment to export. Must be a valid PingOne UUID.
`export.serviceGroup`	`--service-group` / `-g`	PINGCLI_EXPORT_SERVICE_GROUP	String (Enum)	Specifies the service group to export. Options are: pingone. Example: 'pingone'
`export.services`	`--services` / `-s`	PINGCLI_EXPORT_SERVICES	String Array	Specifies the service(s) to export. Accepts a comma-separated string to delimit multiple services. Options are: pingfederate, pingone-authorize, pingone-mfa, pingone-platform, pingone-protect, pingone-sso. Example: 'pingone-sso,pingone-mfa,pingfederate'

export.format

--format / -f

PINGCLI_EXPORT_FORMAT

String (Enum)

Specifies the export format. (default HCL) Options are: HCL.

export.outputDirectory

--output-directory / -d

PINGCLI_EXPORT_OUTPUT_DIRECTORY

String

Specifies the output directory for export. Can be an absolute filepath or a relative filepath of the present working directory. Example: '/Users/example/pingcli-export' Example: 'pingcli-export'

export.overwrite

--overwrite / -o

PINGCLI_EXPORT_OVERWRITE

Boolean

Overwrites the existing generated exports in output directory. (default false)

export.pingone.environmentID

--pingone-export-environment-id

PINGCLI_PINGONE_EXPORT_ENVIRONMENT_ID

String (UUID Format)

The ID of the PingOne environment to export. Must be a valid PingOne UUID.

export.serviceGroup

--service-group / -g

PINGCLI_EXPORT_SERVICE_GROUP

String (Enum)

Specifies the service group to export. Options are: pingone. Example: 'pingone'

export.services

--services / -s

PINGCLI_EXPORT_SERVICES

String Array

Specifies the service(s) to export. Accepts a comma-separated string to delimit multiple services. Options are: pingfederate, pingone-authorize, pingone-mfa, pingone-platform, pingone-protect, pingone-sso. Example: 'pingone-sso,pingone-mfa,pingfederate'

License Properties

Configuration Key Equivalent Parameter Environment Variable Data Type Purpose

Configuration Key	Equivalent Parameter	Environment Variable	Data Type	Purpose
`license.devopsKey`	`--devops-key` / `-k`	PINGCLI_LICENSE_DEVOPS_KEY	String	The DevOps key for the license request. See https://developer.pingidentity.com/devops/how-to/devopsRegistration.html on how to register a DevOps user. You can save the DevOps user and key in your profile using the 'pingcli config' commands.
`license.devopsUser`	`--devops-user` / `-u`	PINGCLI_LICENSE_DEVOPS_USER	String	The DevOps user for the license request. See https://developer.pingidentity.com/devops/how-to/devopsRegistration.html on how to register a DevOps user. You can save the DevOps user and key in your profile using the 'pingcli config' commands.

license.devopsKey

--devops-key / -k

PINGCLI_LICENSE_DEVOPS_KEY

String

The DevOps key for the license request. See https://developer.pingidentity.com/devops/how-to/devopsRegistration.html on how to register a DevOps user. You can save the DevOps user and key in your profile using the 'pingcli config' commands.

license.devopsUser

--devops-user / -u

PINGCLI_LICENSE_DEVOPS_USER

String

The DevOps user for the license request. See https://developer.pingidentity.com/devops/how-to/devopsRegistration.html on how to register a DevOps user. You can save the DevOps user and key in your profile using the 'pingcli config' commands.

Custom Request Properties

Configuration Key Equivalent Parameter Environment Variable Data Type Purpose

Configuration Key	Equivalent Parameter	Environment Variable	Data Type	Purpose
`request.accessToken`			String
`request.accessTokenExpiry`			Integer
`request.fail`	`--fail` / `-f`		Boolean	Return non-zero exit code when HTTP custom request returns a failure status code.
`request.service`	`--service` / `-s`	PINGCLI_REQUEST_SERVICE	String (Enum)	The Ping service (configured in the active profile) to send the custom request to. Options are: pingone. Example: 'pingone'

request.accessToken

String

request.accessTokenExpiry

Integer

request.fail

--fail / -f

Boolean

Return non-zero exit code when HTTP custom request returns a failure status code.

request.service

--service / -s

PINGCLI_REQUEST_SERVICE

String (Enum)

The Ping service (configured in the active profile) to send the custom request to. Options are: pingone. Example: 'pingone'

Configuration Automation - Ping CLI

Configuration Settings Reference

General Properties

Ping Identity Platform Service Properties

Platform Export Properties

License Properties

Custom Request Properties