Configure the PLOSSYS Administrator Environment¶

In the configuration of the seal-plossysadmin service, specify the following keys:
- AUTH_CLIENT_ID: Client name configured in the OIDC identity provider for the seal-plossyadmin client, by default seal-plossysadmin
- AUTH_CLIENT_SECRET: Client secret generated in the OIDC identity provider for the seal-plossysadmin client
Example - setting keys via PLOSSYS CLI
```
plossys config set AUTH_CLIENT_ID seal-plossysadmin --service plossysadmin --insecure
```
```
plossys config set AUTH_CLIENT_SECRET <client_secret_plossysadmin> --service plossysadmin --insecure
```
Hint - FQDN and lower case letters

Use the fully-qualified domain name (FQDN) of the OIDC identity provider server in lower case letters!
If you have installed PLOSSYS Output Engine with a separate management server, specify the following keys:
- KIBANA_LINK: URL under which the Kibana app is available, that means http://<management_server>:5601/app/kibana
- ELASTICSEARCH_REST_URL: URL of the Elasticsearch server, that means http://<management_server>:9200
Example - setting keys via PLOSSYS CLI
```
plossys config set KIBANA_LINK http://<management_server>:5601/app/kibana --service plossysadmin --insecure
```
```
plossys config set ELASTICSEARCH_REST_URL http://<management_server>:9200 --service rest --insecure
```
Hint - SEAL test certificates

When working with the SEAL test certificates, the server name not FQDN has to be used for ELASTICSEARCH_REST_URL.
If you use a customized index pattern in Kibana, specify the following key for the seal-plossysadmin service:
- KIBANA_INDEX_PATTERN_LOG: Index pattern in Kibana used for the messages of PLOSSYS Administrator
Example - setting KIBANA_INDEX_PATTERN_LOG via PLOSSYS CLI
```
plossys config set KIBANA_INDEX_PATTERN_LOG <custom_index_name> --service plossysadmin --insecure
```
As of Elasticsearch 8.17.3, minimal security is configured by default, refer to SEAL Elastic Stack: Minimal Security for Windows or Linux. Therefore the following adjustments are needed:
- In kibana.yml, specify these parameters for elasticsearch:
  - username
  - password
  username and password are displayed during the installation. If you missed it and need to reset it, refer to Resetting Passwords.
  Example - kibana.yml for minimal security
```
...
output:
  elasticsearch:
    username: elastic
    password: my_$uper_s3Cure_pa$$word11!11
...
```
- The ELASTICSEARCH_REST_URL has to include username and password as specified in the kibana.yml:
  - http:\\<username>:<password>@<management_server>:9200 when using HTTP
  - https:\\<username>:<password>@<management_server>:9200 with TLS encryption activated
If self-signed certificates are used with PLOSSYS Output Engine, the following key has to be set to 0 for the seal-plossysadmin service. With minimal security as of Elasticsearch 8.17.3, the key is also needed for the seal-rest service:
- NODE_TLS_REJECT_UNAUTHORIZED: Flag if self-signed certificates are allowed
Example - setting key via PLOSSYS CLI
```
plossys config set NODE_TLS_REJECT_UNAUTHORIZED 0 --service plossysadmin --insecure
```
```
plossys config set NODE_TLS_REJECT_UNAUTHORIZED 0 --service rest --insecure
```