2026-05-17 08:57:58 +02:00
|
|
|
|
# Triton Manage Server environment template.
|
|
|
|
|
|
# Copy to .env in this directory; install.sh does that automatically.
|
|
|
|
|
|
#
|
|
|
|
|
|
# Required values are flagged. Generated values get auto-filled by install.sh.
|
|
|
|
|
|
|
|
|
|
|
|
# ─── PostgreSQL (auto-generated) ─────────────────────────────────────────
|
|
|
|
|
|
POSTGRES_USER=triton
|
|
|
|
|
|
POSTGRES_PASSWORD=__GENERATED_BY_INSTALL_SH__
|
|
|
|
|
|
POSTGRES_DB=triton_manage
|
|
|
|
|
|
POSTGRES_PORT=5435
|
|
|
|
|
|
|
|
|
|
|
|
# ─── Manage Server core (REQUIRED) ───────────────────────────────────────
|
|
|
|
|
|
# 32-byte HS256 secret as 64 hex chars. Generated once at install.
|
|
|
|
|
|
# Rotating this invalidates every active session — users re-login.
|
|
|
|
|
|
TRITON_MANAGE_JWT_SIGNING_KEY=__GENERATED_BY_INSTALL_SH__
|
|
|
|
|
|
|
|
|
|
|
|
# Public half of the License Server's Ed25519 keypair as 64 hex chars.
|
|
|
|
|
|
# Get this from the License Server operator: it's the last 64 hex
|
|
|
|
|
|
# characters of TRITON_LICENSE_SERVER_SIGNING_KEY.
|
|
|
|
|
|
TRITON_MANAGE_LICENSE_SERVER_PUBKEY=__SET_BY_INSTALL_FLAG__
|
|
|
|
|
|
|
|
|
|
|
|
# ─── Listener ────────────────────────────────────────────────────────────
|
|
|
|
|
|
TRITON_MANAGE_LISTEN=:8082
|
|
|
|
|
|
TRITON_MANAGE_HOST_PORT=8082
|
|
|
|
|
|
|
|
|
|
|
|
# Agent gateway (mTLS). Hostname must be reachable from agents.
|
|
|
|
|
|
TRITON_MANAGE_GATEWAY_LISTEN=:8443
|
|
|
|
|
|
TRITON_MANAGE_GATEWAY_HOST_PORT=8443
|
|
|
|
|
|
TRITON_MANAGE_GATEWAY_HOSTNAME=manage.example.com
|
|
|
|
|
|
# Full URL pushed to enrolled agents. Defaults to https://${HOSTNAME}:${PORT}.
|
|
|
|
|
|
TRITON_MANAGE_GATEWAY_URL=
|
|
|
|
|
|
|
|
|
|
|
|
# Host LAN IP/hostname for "+ This machine" auto-registration. Required in
|
|
|
|
|
|
# containers because the auto-detect picks up the container's own IP.
|
|
|
|
|
|
TRITON_MANAGE_HOST_IP=
|
|
|
|
|
|
TRITON_MANAGE_HOST_HOSTNAME=
|
|
|
|
|
|
|
|
|
|
|
|
# ─── License Server connection (REQUIRED to activate) ────────────────────
|
|
|
|
|
|
# URL of YOUR vendor's License Server.
|
|
|
|
|
|
TRITON_LICENSE_SERVER_URL=https://license.vendor.example.com
|
|
|
|
|
|
# License token issued by the vendor (paste into setup wizard, or here).
|
|
|
|
|
|
TRITON_LICENSE_TOKEN=
|
|
|
|
|
|
# Optional fallback key embedded in binary at build time. Usually empty.
|
|
|
|
|
|
TRITON_LICENSE_KEY=
|
|
|
|
|
|
|
|
|
|
|
|
# ─── Workers ─────────────────────────────────────────────────────────────
|
|
|
|
|
|
# Shared secret presented by sshagent / portscan workers when claiming jobs.
|
|
|
|
|
|
TRITON_MANAGE_WORKER_KEY=__GENERATED_BY_INSTALL_SH__
|
|
|
|
|
|
|
|
|
|
|
|
# Concurrent scan jobs (1–50). Higher = more CPU + RAM.
|
|
|
|
|
|
TRITON_MANAGE_PARALLELISM=10
|
|
|
|
|
|
|
|
|
|
|
|
# ─── Credential vault ────────────────────────────────────────────────────
|
|
|
|
|
|
# PostgreSQL AES-256-GCM vault. Back this up — losing the key makes
|
|
|
|
|
|
# all stored host credentials unreadable.
|
|
|
|
|
|
TRITON_VAULT_KEY=__GENERATED_BY_INSTALL_SH__
|
|
|
|
|
|
|
|
|
|
|
|
# ─── TLS (recommended for production) ────────────────────────────────────
|
|
|
|
|
|
# Two paths:
|
|
|
|
|
|
# A) Reverse proxy terminates TLS — leave these blank.
|
|
|
|
|
|
# B) Container terminates TLS — set CERT + KEY paths inside the container.
|
|
|
|
|
|
TRITON_MANAGE_TLS_CERT=
|
|
|
|
|
|
TRITON_MANAGE_TLS_KEY=
|
|
|
|
|
|
TLS_CERT_HOST_DIR=/etc/triton/tls
|
|
|
|
|
|
|
|
|
|
|
|
# ─── Sessions ────────────────────────────────────────────────────────────
|
|
|
|
|
|
TRITON_MANAGE_SESSION_TTL=24h
|
|
|
|
|
|
|
|
|
|
|
|
# ─── Image ───────────────────────────────────────────────────────────────
|
2026-05-17 07:43:44 +00:00
|
|
|
|
TRITON_MANAGE_IMAGE=ghcr.io/primatekuntech/triton-manageserver:latest
|
