CLI Configuration
This guide covers configuring the Voidkey CLI for different environments and use cases.
Configuration Methods
Section titled “Configuration Methods”The Voidkey CLI can be configured in multiple ways, with the following precedence order (highest to lowest):
- Command-line flags - Override everything
- Environment variables - Per-session configuration
- Configuration file - Persistent user/project settings
- Default values - Built-in defaults
Environment Variables
Section titled “Environment Variables”The CLI respects these environment variables:
| Variable | Description | Default |
|---|---|---|
VOIDKEY_BROKER_URL | Broker endpoint URL | - |
VOIDKEY_OIDC_TOKEN | OIDC authentication token | - |
VOIDKEY_OUTPUT_FORMAT | Default output format | env |
VOIDKEY_CONFIG_PATH | Configuration file path | ~/.voidkey/config.yaml |
VOIDKEY_DEBUG | Enable debug logging | false |
VOIDKEY_NO_COLOR | Disable colored output | false |
VOIDKEY_TIMEOUT | Request timeout | 30s |
Setting Environment Variables
Section titled “Setting Environment Variables”Bash/Zsh:
export VOIDKEY_BROKER_URL="https://voidkey.example.com"export VOIDKEY_OIDC_TOKEN="eyJhbGciOiJSUzI1NiIs..."export VOIDKEY_OUTPUT_FORMAT="json"Fish:
set -gx VOIDKEY_BROKER_URL "https://voidkey.example.com"set -gx VOIDKEY_OIDC_TOKEN "eyJhbGciOiJSUzI1NiIs..."PowerShell:
$env:VOIDKEY_BROKER_URL = "https://voidkey.example.com"$env:VOIDKEY_OIDC_TOKEN = "eyJhbGciOiJSUzI1NiIs..."Windows Command Prompt:
set VOIDKEY_BROKER_URL=https://voidkey.example.comset VOIDKEY_OIDC_TOKEN=eyJhbGciOiJSUzI1NiIs...Configuration File
Section titled “Configuration File”The CLI uses a YAML configuration file for persistent settings.
Default Location
Section titled “Default Location”- Linux/macOS:
~/.voidkey/config.yaml - Windows:
%USERPROFILE%\.voidkey\config.yaml
Creating Configuration
Section titled “Creating Configuration”Initialize a configuration file:
voidkey config initThis creates a default configuration:
broker_url: ""output_format: envtimeout: 30sdebug: false
# Default keys to use when --all is not specifieddefault_keys: []
# Key aliases for common combinationsaliases: {}Configuration Options
Section titled “Configuration Options”| Option | Type | Description | Example |
|---|---|---|---|
broker_url | string | Broker endpoint URL | https://voidkey.example.com |
output_format | string | Default output format (env, json, yaml) | json |
timeout | string | Request timeout duration | 60s |
debug | boolean | Enable debug logging | true |
default_keys | array | Keys to mint when no —keys specified | ["AWS_DEPLOY"] |
aliases | object | Named key combinations | See below |
Complete Configuration Example
Section titled “Complete Configuration Example”# Broker connectionbroker_url: https://voidkey.example.comtimeout: 45s
# Output preferencesoutput_format: jsondebug: false
# Default behaviordefault_keys: - AWS_DEV - MINIO_LOCAL
# Key aliases for common scenariosaliases: # Development environment dev: - AWS_DEV - MINIO_LOCAL - GCP_DEV
# Production deployment prod: - AWS_PROD_DEPLOY - DOCKER_REGISTRY_PROD
# Monitoring and observability monitoring: - PROMETHEUS_READ - GRAFANA_ADMIN - ELASTICSEARCH_READ
# Environment-specific overridesenvironments: development: broker_url: http://localhost:3000 debug: true timeout: 10s
staging: broker_url: https://voidkey-staging.example.com timeout: 30s
production: broker_url: https://voidkey.example.com timeout: 60s debug: falseConfiguration Commands
Section titled “Configuration Commands”Initialize Configuration
Section titled “Initialize Configuration”Create a new configuration file with defaults:
voidkey config init
# With custom pathvoidkey config init --config /path/to/config.yamlView Configuration
Section titled “View Configuration”Display current configuration:
# Show all configurationvoidkey config show
# Show specific valuevoidkey config show broker_urlvoidkey config show output_formatSet Configuration Values
Section titled “Set Configuration Values”Update configuration values:
# Set broker URLvoidkey config set broker_url https://voidkey.example.com
# Set output formatvoidkey config set output_format json
# Set timeoutvoidkey config set timeout 60s
# Enable debug modevoidkey config set debug true
# Set default keysvoidkey config set default_keys AWS_DEPLOY,GCP_READONLYRemove Configuration Values
Section titled “Remove Configuration Values”# Remove specific value (revert to default)voidkey config unset broker_url
# Clear default keysvoidkey config unset default_keysAliases
Section titled “Aliases”Create aliases for common key combinations:
Setting Aliases
Section titled “Setting Aliases”# Create alias for development keysvoidkey config set aliases.dev AWS_DEV,MINIO_LOCAL,GCP_DEV
# Create alias for production deploymentvoidkey config set aliases.prod AWS_PROD_DEPLOY,DOCKER_REGISTRY
# Create alias for monitoringvoidkey config set aliases.monitoring PROMETHEUS_READ,GRAFANA_ADMINUsing Aliases
Section titled “Using Aliases”# Use alias instead of listing individual keysvoidkey mint --keys @dev
# Equivalent to:voidkey mint --keys AWS_DEV,MINIO_LOCAL,GCP_DEV
# Combine aliases with individual keysvoidkey mint --keys @prod,ADDITIONAL_KEYListing Aliases
Section titled “Listing Aliases”# Show all aliasesvoidkey config show aliases
# Show specific aliasvoidkey config show aliases.devEnvironment-Specific Configuration
Section titled “Environment-Specific Configuration”Multiple Environments
Section titled “Multiple Environments”Configure different environments:
environments: local: broker_url: http://localhost:3000 debug: true
dev: broker_url: https://voidkey-dev.example.com timeout: 30s
staging: broker_url: https://voidkey-staging.example.com
prod: broker_url: https://voidkey.example.com timeout: 60s debug: falseUsing Environments
Section titled “Using Environments”# Use specific environmentvoidkey --env dev mint --keys AWS_DEPLOY
# Set default environmentexport VOIDKEY_ENV=stagingvoidkey mint --keys AWS_DEPLOYProject-Specific Configuration
Section titled “Project-Specific Configuration”Create project-specific configuration files:
Project Configuration File
Section titled “Project Configuration File”# .voidkey.yaml (in project root)broker_url: https://company-voidkey.internaloutput_format: json
default_keys: - AWS_PROJECT_DEPLOY - GCP_PROJECT_READ
aliases: deploy: - AWS_PROJECT_DEPLOY - DOCKER_REGISTRY_PUSH
test: - AWS_PROJECT_TEST - MINIO_PROJECT_TESTUsing Project Configuration
Section titled “Using Project Configuration”# CLI automatically finds .voidkey.yaml in current directorycd /path/to/projectvoidkey mint --keys @deploy
# Or specify explicitlyvoidkey --config .voidkey.yaml mint --keys @deployToken Management
Section titled “Token Management”Token Sources
Section titled “Token Sources”Configure how to obtain OIDC tokens:
token_sources: github: command: "gh auth token --scopes read:org" cache_duration: 300s
auth0: command: "auth0 token" cache_duration: 600s
gcloud: command: "gcloud auth print-identity-token" cache_duration: 900sToken Caching
Section titled “Token Caching”Enable local token caching:
token_cache: enabled: true directory: ~/.voidkey/cache max_age: 300s # 5 minutesUse cached tokens:
# Cache token from commandvoidkey config set-token --source github
# Use cached tokenvoidkey mint --keys AWS_DEPLOY # Uses cached token automaticallyAdvanced Configuration
Section titled “Advanced Configuration”Custom Output Templates
Section titled “Custom Output Templates”Define custom output templates:
output_templates: custom_env: | {{- range $key, $creds := .credentials }} {{- range $name, $value := $creds }} export {{ $name }}="{{ $value }}" {{- end }} {{- end }}
docker_env: | {{- range $key, $creds := .credentials }} {{- range $name, $value := $creds }} {{ $name }}={{ $value }} {{- end }} {{- end }}Use custom templates:
voidkey mint --keys AWS_DEPLOY --output custom_envvoidkey mint --keys AWS_DEPLOY --output docker_envHTTP Configuration
Section titled “HTTP Configuration”Configure HTTP client behavior:
http: timeout: 30s retry_attempts: 3 retry_delay: 1s user_agent: "voidkey-cli/0.8.0"
# TLS configuration tls: insecure: false ca_file: /path/to/ca.pem cert_file: /path/to/client.pem key_file: /path/to/client-key.pem
# Proxy configuration proxy: http: http://proxy.example.com:8080 https: https://proxy.example.com:8080 no_proxy: - localhost - "*.internal"Logging Configuration
Section titled “Logging Configuration”Configure logging behavior:
logging: level: info # debug, info, warn, error format: text # text, json file: ~/.voidkey/logs/cli.log
# Rotate logs rotate: max_size: 10MB max_files: 5 max_age: 30dGlobal vs Local Configuration
Section titled “Global vs Local Configuration”Global Configuration
Section titled “Global Configuration”Stored in user home directory:
- Linux/macOS:
~/.voidkey/config.yaml - Windows:
%USERPROFILE%\.voidkey\config.yaml
# Edit global configvoidkey config edit
# Show global config locationvoidkey config pathLocal Configuration
Section titled “Local Configuration”Project-specific configuration files:
# .voidkey.yaml in current directoryvoidkey mint --keys AWS_DEPLOY
# Custom local configvoidkey --config ./my-config.yaml mint --keys AWS_DEPLOYConfiguration Merging
Section titled “Configuration Merging”Configuration sources are merged in this order:
- Global configuration (
~/.voidkey/config.yaml) - Local configuration (
.voidkey.yaml) - Environment variables
- Command-line flags
Configuration Validation
Section titled “Configuration Validation”Validate Configuration
Section titled “Validate Configuration”Check configuration file syntax:
# Validate current configurationvoidkey config validate
# Validate specific filevoidkey config validate --config /path/to/config.yamlConfiguration Schema
Section titled “Configuration Schema”The CLI validates configuration against this schema:
type: objectproperties: broker_url: type: string format: uri output_format: type: string enum: [env, json, yaml] timeout: type: string pattern: '^\d+[smh]$' debug: type: boolean default_keys: type: array items: type: string aliases: type: object additionalProperties: type: array items: type: stringTroubleshooting Configuration
Section titled “Troubleshooting Configuration”Debug Configuration Loading
Section titled “Debug Configuration Loading”Enable debug mode to see configuration loading:
voidkey --debug config showOutput includes:
- Configuration file locations checked
- Values loaded from each source
- Final merged configuration
Common Issues
Section titled “Common Issues”Configuration file not found:
# Check expected locationvoidkey config path
# Create missing directorymkdir -p ~/.voidkey
# Initialize configurationvoidkey config initInvalid YAML syntax:
# Validate configurationvoidkey config validate
# Check YAML syntaxyamllint ~/.voidkey/config.yamlPermission issues:
# Check file permissionsls -la ~/.voidkey/config.yaml
# Fix permissionschmod 600 ~/.voidkey/config.yamlExamples
Section titled “Examples”Developer Setup
Section titled “Developer Setup”broker_url: https://voidkey-dev.company.comoutput_format: jsondebug: truetimeout: 30s
default_keys: - AWS_DEV - MINIO_LOCAL
aliases: full: - AWS_DEV - GCP_DEV - MINIO_LOCAL - DOCKER_DEVUsage:
# Quick development credential mintingvoidkey mint # Uses default_keys
# Full development environmentvoidkey mint --keys @fullCI/CD Setup
Section titled “CI/CD Setup”# Environment variables in CI/CDexport VOIDKEY_BROKER_URL="https://voidkey.company.com"export VOIDKEY_OIDC_TOKEN="$CI_OIDC_TOKEN"export VOIDKEY_OUTPUT_FORMAT="env"export VOIDKEY_TIMEOUT="60s"
# No configuration file neededvoidkey mint --keys AWS_PROD_DEPLOYProduction Setup
Section titled “Production Setup”broker_url: https://voidkey.company.comtimeout: 60sdebug: false
# No default keys for securitydefault_keys: []
# Specific production aliasesaliases: deploy: - AWS_PROD_DEPLOY - DOCKER_REGISTRY_PUSH
monitor: - PROMETHEUS_READ - GRAFANA_READNext Steps
Section titled “Next Steps”- CLI Commands - Learn available commands
- API Authentication - Understand token requirements
- Examples - Real-world usage examples
- Troubleshooting - Solve common issues