PrivX Settings

Scope Name	Section Name	Property Name	Property Description
AUTH	db	conn_max_idletime	Maximum amount of time a connection may be idle. Set 0 to keep the idle connections open from lazily closed.
AUTH	db	conn_max_lifetime	Maximum amount of time a connection may be reused. Set 0 to reuse the connection forever.
AUTH	db	max_idle_conns	Maximum number of idle database connections. Set 0 to lazily remove all idle connections.
AUTH	db	max_open_conns	Maximum number of open connections to the database. Set 0 to use unlimited number of open connections.
AUTH	loginratelimit	enable_username_limit	When enabled, login attempts are limited per username + IP pair.
AUTH	loginratelimit	username_attempts_burst_size	Maximum number of failed logins per user + IP pair.
AUTH	loginratelimit	username_attempts_per_minute	Maximum number of login attempts per user + IP pair per minute.
AUTH	loginratelimit	enable_subnet_limit	When enabled, login attempts are limited per IP subnet.
AUTH	loginratelimit	subnet_attempts_burst_size	Maximum number of failed logins per subnet.
AUTH	loginratelimit	subnet_attempts_per_minute	Maximum number of login attempts per subnet per minute.
AUTH	loginratelimit	remoteip_white_list	Whitelist of remote IP addresses.
AUTH	loginmethods	webauthn_enabled	Enable passkey login and credential registration.
AUTH	loginmethods	sso_enabled	Enable user to log in using single sign-on (SSO).
AUTH	auditevents	skip_event_ids	Comma-separated list of audit-event codes or code ranges, e.g. 1,10,20-30. Specified audit events are not saved to PrivX database, but only logged to syslog.
AUTHORIZER	db	conn_max_idletime	Maximum amount of time a connection may be idle. Set 0 to keep the idle connections open from lazily closed.
AUTHORIZER	db	conn_max_lifetime	Maximum amount of time a connection may be reused. Set 0 to reuse the connection forever.
AUTHORIZER	db	max_idle_conns	Maximum number of idle database connections. Set 0 to lazily remove all idle connections.
AUTHORIZER	db	max_open_conns	Maximum number of open connections to the database. Set 0 to use unlimited number of open connections.
AUTHORIZER	certificate_templates	ssh_cert_templates
AUTHORIZER	auditevents	skip_event_ids	Comma-separated list of audit-event codes or code ranges, e.g. 1,10,20-30. Specified audit events are not saved to PrivX database, but only logged to syslog.
CONNECTION-MANAGER	db	conn_max_idletime	Maximum amount of time a connection may be idle. Set 0 to keep the idle connections open from lazily closed.
CONNECTION-MANAGER	db	conn_max_lifetime	Maximum amount of time a connection may be reused. Set 0 to reuse the connection forever.
CONNECTION-MANAGER	db	max_idle_conns	Maximum number of idle database connections. Set 0 to lazily remove all idle connections.
CONNECTION-MANAGER	db	max_open_conns	Maximum number of open connections to the database. Set 0 to use unlimited number of open connections.
CONNECTION-MANAGER	housekeeping	housekeeping_interval	Interval for connection status housekeeping, in minutes.
CONNECTION-MANAGER	housekeeping	housekeeping_conn_meta_retention	Retention period for connection metadata, in days. Set to -1 to disable metadata removal.
CONNECTION-MANAGER	housekeeping	housekeeping_interval_for_trails	Interval for trail housekeeping, in hours.
CONNECTION-MANAGER	housekeeping	housekeeping_enable_integrity_checker	Enable to verify the integrity of recorded trails during housekeeping.
CONNECTION-MANAGER	housekeeping	housekeeping_integrity_checker_use_checksum	Enable to use SHA-256 checksums when verifying integrity of recorded trails.
CONNECTION-MANAGER	auditevents	skip_event_ids	Comma-separated list of audit-event codes or code ranges, e.g. 1,10,20-30. Specified audit events are not saved to PrivX database, but only logged to syslog.
GLOBAL	audit	timeout_when_no_connmgr	Set to 0 to disable timeout and keep connections open.
GLOBAL	audit	data_folder	Folder for audit trail data.
GLOBAL	audit	trail_expiry	Set to -1 to disable trail removal.
GLOBAL	audit	transferred_files_expiry	Set to -1 to disable downloaded/uploaded file removal.
GLOBAL	audit	file_timestamp_obfuscation	Enable trail file and directory timestamp obfuscation.
GLOBAL	ldapconnections	ldap_connection_timeout	The duration in seconds before the LDAP query connection should timeout.
GLOBAL	ldapconnections	ldap_retry_attempts	The number of times to retry if the LDAP query connection times out.
GLOBAL	ldapconnections	enable_ldap_custom_root_certificates	Specify if PrivX should use custom root certificates.
GLOBAL	ldapconnections	enable_ldap_system_roots_cert_pool	Specify if PrivX should use the system certificates pool.
GLOBAL	ldapconnections	ldap_root_ca_pem	Specify a custom root certificate in PEM format, which will be added to the certificate pool for LDAP connections. Note that the custom root certificates setting must be enabled to use this.
GLOBAL	disclaimer	privx_disclaimer
GLOBAL	application_switcher	privx_app_switcher_links_ukm	Enter the URL of the Universal SSH Key Manager web UI.
GLOBAL	rdp_common	host_certificate_trust_anchors	Specify RDP host certificate trust anchor PEM certificates.
GLOBAL	rdp_common	allow_plaintext_vnc
GLOBAL	ssh_common	audit_enabled	Enable sending SSH events to audit log.
GLOBAL	ssh_common	events_to_audit	Supported SSH event types to audit.
GLOBAL	icap	icap_for_ssh_proxy	Configure whether PrivX performs virus scanning for transferred files.
GLOBAL	icap	icap_for_ssh_mitm	Configure whether PrivX performs virus scanning for transferred files via native SSH.
GLOBAL	icap	icap_for_rdp_proxy	Configure whether PrivX performs virus scanning for transferred files for RDP and Web Access Gateways.
GLOBAL	icap	icap_server_hostname	Hostname for ICAP proxy server.
GLOBAL	icap	icap_server_port	Port number for ICAP proxy server.
GLOBAL	icap	icap_respmod_url	Send a response modification with http request headers, using this url.
GLOBAL	icap	icap_reqmod_url	Send a request modification instead of response modification, using this url.
GLOBAL	icap	icap_preview_length	Maximum preview data size in bytes. Set to 0 to disable preview.
GLOBAL	icap	icap_service_name	Optional ICAP service name.
GLOBAL	live_monitoring	enable_live_ssh
GLOBAL	live_monitoring	enable_live_rdp
GLOBAL	live_monitoring	enable_live_vnc
GLOBAL	live_monitoring	enable_live_web
GLOBAL	invalidated_session_cache	cache_size	Set a positive size for the invalidated session cache. The size determines the number of invalidated sessions that it can hold before eviction.
GLOBAL	watermarking	host_heading
GLOBAL	watermarking	host_watermark
DB-PROXY	db	conn_max_idletime	Maximum amount of time a connection may be idle. Set 0 to keep the idle connections open from lazily closed.
DB-PROXY	db	conn_max_lifetime	Maximum amount of time a connection may be reused. Set 0 to reuse the connection forever.
DB-PROXY	db	max_idle_conns	Maximum number of idle database connections. Set 0 to lazily remove all idle connections.
DB-PROXY	db	max_open_conns	Maximum number of open connections to the database. Set 0 to use unlimited number of open connections.
DB-PROXY	dbproxy_internal	reauthorization_interval_sec	Reauthorization interval, in seconds.
DB-PROXY	certificates	key_type	The Database Proxy server's key pair used to generate dynamic tls certificate for database connections.
DB-PROXY	certificates	rsa_key_size	RSA Key Size (Bits)
DB-PROXY	certificates	ecdsa_key_size	ECDSA Key Size (Bits)
DB-PROXY	certificates	cache_size	Cache size of dynamically generated tls certificates.
DB-PROXY	host_trust_anchors	host_certificate_trust_anchors	Specify host certificate trust anchor PEM certificates.
DB-PROXY	auditevents	skip_event_ids	Comma-separated list of audit-event codes or code ranges, e.g. 1,10,20-30. Specified audit events are not saved to PrivX database, but only logged to syslog.
EXTENDER-SERVICE	db	conn_max_idletime	Maximum amount of time a connection may be idle. Set 0 to keep the idle connections open from lazily closed.
EXTENDER-SERVICE	db	conn_max_lifetime	Maximum amount of time a connection may be reused. Set 0 to reuse the connection forever.
EXTENDER-SERVICE	db	max_idle_conns	Maximum number of idle database connections. Set 0 to lazily remove all idle connections.
EXTENDER-SERVICE	db	max_open_conns	Maximum number of open connections to the database. Set 0 to use unlimited number of open connections.
EXTENDER-SERVICE	service	listener_address_mode	Listener address resolution mode.
EXTENDER-SERVICE	service	listener_addresses	List of IP addresses or IP subnet CIDRs used for resolving extender listener addresses.
EXTENDER-SERVICE	service	listener_port_min	Port range start for extender listeners.
EXTENDER-SERVICE	service	listener_port_max	Port range end for extender listeners.
EXTENDER-SERVICE	service	ws_keepalive_interval_sec	WebSocket keepalive interval, in seconds.
EXTENDER-SERVICE	auditevents	skip_event_ids	Comma-separated list of audit-event codes or code ranges, e.g. 1,10,20-30. Specified audit events are not saved to PrivX database, but only logged to syslog.
HOST-STORE	db	conn_max_idletime	Maximum amount of time a connection may be idle. Set 0 to keep the idle connections open from lazily closed.
HOST-STORE	db	conn_max_lifetime	Maximum amount of time a connection may be reused. Set 0 to reuse the connection forever.
HOST-STORE	db	max_idle_conns	Maximum number of idle database connections. Set 0 to lazily remove all idle connections.
HOST-STORE	db	max_open_conns	Maximum number of open connections to the database. Set 0 to use unlimited number of open connections.
HOST-STORE	health-check-options	service_health_checks_enabled	Configure whether PrivX performs network connectivity health checks for services.
HOST-STORE	health-check-options	service_health_check_wait	Interval between health check runs, in seconds.
HOST-STORE	health-check-options	service_health_check_max_requests_per_second	Maximum service health check requests per second per worker.
HOST-STORE	health-check-options	service_health_check_max_workers	Maximum concurrent service health requests.
HOST-STORE	host-house-keeping	host_housekeeping_run_interval	Interval between housekeeping runs, in hours. Housekeeping expunges deleted hosts from the database once hosts have been deleted for longer than the configured expunction delay. Set to 0 to disable housekeeping.
HOST-STORE	host-house-keeping	hosts_deleted_age	The delay (in hours) between when a host has been deleted to when it will be permanently removed.
HOST-STORE	initial-host-service-options-ssh	shell
HOST-STORE	initial-host-service-options-ssh	file_transfer
HOST-STORE	initial-host-service-options-ssh	exec
HOST-STORE	initial-host-service-options-ssh	tunnels
HOST-STORE	initial-host-service-options-ssh	x11
HOST-STORE	initial-host-service-options-ssh	other
HOST-STORE	initial-host-service-options-rdp	file_transfer
HOST-STORE	initial-host-service-options-rdp	audio
HOST-STORE	initial-host-service-options-rdp	clipboard
HOST-STORE	initial-host-service-options-vnc	file_transfer
HOST-STORE	initial-host-service-options-vnc	clipboard
HOST-STORE	initial-host-service-options-web	file_transfer
HOST-STORE	initial-host-service-options-web	audio
HOST-STORE	initial-host-service-options-web	clipboard
HOST-STORE	auditevents	skip_event_ids	Comma-separated list of audit-event codes or code ranges, e.g. 1,10,20-30. Specified audit events are not saved to PrivX database, but only logged to syslog.
LICENSE-MANAGER	db	conn_max_idletime	Maximum amount of time a connection may be idle. Set 0 to keep the idle connections open from lazily closed.
LICENSE-MANAGER	db	conn_max_lifetime	Maximum amount of time a connection may be reused. Set 0 to reuse the connection forever.
LICENSE-MANAGER	db	max_idle_conns	Maximum number of idle database connections. Set 0 to lazily remove all idle connections.
LICENSE-MANAGER	db	max_open_conns	Maximum number of open connections to the database. Set 0 to use unlimited number of open connections.
LICENSE-MANAGER	auditevents	skip_event_ids	Comma-separated list of audit-event codes or code ranges, e.g. 1,10,20-30. Specified audit events are not saved to PrivX database, but only logged to syslog.
MONITOR-SERVICE	db	conn_max_idletime	Maximum amount of time a connection may be idle. Set 0 to keep the idle connections open from lazily closed.
MONITOR-SERVICE	db	conn_max_lifetime	Maximum amount of time a connection may be reused. Set 0 to reuse the connection forever.
MONITOR-SERVICE	db	max_idle_conns	Maximum number of idle database connections. Set 0 to lazily remove all idle connections.
MONITOR-SERVICE	db	max_open_conns	Maximum number of open connections to the database. Set 0 to use unlimited number of open connections.
MONITOR-SERVICE	housekeeping	housekeeping_interval	Interval between housekeeping runs, in hours. Set to 0 to disable housekeeping.
MONITOR-SERVICE	housekeeping	data_retention_period	Number of days that audit events must be kept in the database. Set to -1 to disable audit event removal.
MONITOR-SERVICE	housekeeping	status_check_interval	Interval between status checks, in seconds. Set to 0 to disable checks.
MONITOR-SERVICE	housekeeping	system_health_check_interval	Interval between system health check, in hours. Set to 0 to disable checks.
MONITOR-SERVICE	housekeeping	cache_db_expiry_interval	Interval for removing expired keys from the database cache, in seconds. Set to 0 to disable database cache removal.
MONITOR-SERVICE	housekeeping	external_component_low_storage_warning_threshold	External component low disk space warning threshold, in GB. Set to 0 to disable external component low disk space warning.
MONITOR-SERVICE	housekeeping	status_expunction_delay	The delay (in hours) before an inactive component's status permanently removed when housekeeping runs.
MONITOR-SERVICE	auditevents	skip_event_ids	Comma-separated list of audit-event codes or code ranges, e.g. 1,10,20-30. Specified audit events are not saved to PrivX database, but only logged to syslog.
NETWORK-ACCESS-MANAGER	db	conn_max_idletime	Maximum amount of time a connection may be idle. Set 0 to keep the idle connections open from lazily closed.
NETWORK-ACCESS-MANAGER	db	conn_max_lifetime	Maximum amount of time a connection may be reused. Set 0 to reuse the connection forever.
NETWORK-ACCESS-MANAGER	db	max_idle_conns	Maximum number of idle database connections. Set 0 to lazily remove all idle connections.
NETWORK-ACCESS-MANAGER	db	max_open_conns	Maximum number of open connections to the database. Set 0 to use unlimited number of open connections.
NETWORK-ACCESS-MANAGER	service	housekeeping_interval_sec	Interval between housekeeping runs, in minutes, for removing dead sessions from PrivX router.
NETWORK-ACCESS-MANAGER	service	router_session_removal_max_retries	Maximum number retries for PrivX router session removal.
NETWORK-ACCESS-MANAGER	service	reauthorization_interval_sec	Reauthorization interval, in seconds.
NETWORK-ACCESS-MANAGER	service	connection_message_timeout_sec	Timeout interval (seconds) for connection message reply. Default: 5 seconds.
NETWORK-ACCESS-MANAGER	service	metadata_update_interval_sec	Interval for metadata updates to connection manager (seconds)
NETWORK-ACCESS-MANAGER	service	timeout_when_no_connmgr_min	Timeout for network target sessions when no connection to connection manager (minutes)
NETWORK-ACCESS-MANAGER	service	extender_connect_timeout_sec	Connect timeout for extender target connections (seconds)
NETWORK-ACCESS-MANAGER	router	routers
NETWORK-ACCESS-MANAGER	auditevents	skip_event_ids	Comma-separated list of audit-event codes or code ranges, e.g. 1,10,20-30. Specified audit events are not saved to PrivX database, but only logged to syslog.
RDP-MITM	db	conn_max_idletime	Maximum amount of time a connection may be idle. Set 0 to keep the idle connections open from lazily closed.
RDP-MITM	db	conn_max_lifetime	Maximum amount of time a connection may be reused. Set 0 to reuse the connection forever.
RDP-MITM	db	max_idle_conns	Maximum number of idle database connections. Set 0 to lazily remove all idle connections.
RDP-MITM	db	max_open_conns	Maximum number of open connections to the database. Set 0 to use unlimited number of open connections.
RDP-MITM	rdp_mitm	rdp_public_addresses	RDP Bastion public addresses.
RDP-MITM	rdp_mitm	reauthorization_interval_sec	Reauthorization interval, in seconds.
RDP-MITM	rdp_mitm	extender_enabled	Enable to allow remote PrivX Extender client connections for tunneling RDP traffic inside VPC networks.
RDP-MITM	rdp_mitm	allow_role_ip_restrictions	Enable to enforce role context IP limitation checks.
RDP-MITM	rdp_mitm	ffmpeg_parameters	Video encoding parameters to be passed to FFmpeg library.
RDP-MITM	rdp_mitm	video_generator_workers	Number of workers that encode video simultaneously.
RDP-MITM	rdp_mitm	video_generator_temp_directory	Directory where temporary video files are generated before stored as part of trail.
RDP-MITM	rdp_mitm	connection_message_timeout_sec	Timeout interval (seconds) for connection message reply. Default: 5 seconds.
RDP-MITM	certificates	renewal_period_months	Certificate renewal period in months.
RDP-MITM	certificates	renewal_period_days	Certificate renewal period in days.
RDP-MITM	certificates	update_automatically	Configure whether certificates should be updated automatically.
RDP-MITM	auditevents	skip_event_ids	Comma-separated list of audit-event codes or code ranges, e.g. 1,10,20-30. Specified audit events are not saved to PrivX database, but only logged to syslog.
RDP-PROXY	db	conn_max_idletime	Maximum amount of time a connection may be idle. Set 0 to keep the idle connections open from lazily closed.
RDP-PROXY	db	conn_max_lifetime	Maximum amount of time a connection may be reused. Set 0 to reuse the connection forever.
RDP-PROXY	db	max_idle_conns	Maximum number of idle database connections. Set 0 to lazily remove all idle connections.
RDP-PROXY	db	max_open_conns	Maximum number of open connections to the database. Set 0 to use unlimited number of open connections.
RDP-PROXY	rdp_proxy	reauthorization_interval_sec	Reauthorization interval, in seconds.
RDP-PROXY	rdp_proxy	extender_enabled	Enable to allow remote PrivX Extender client connections for tunneling RDP traffic inside VPC networks.
RDP-PROXY	rdp_proxy	web_proxy_enabled	Enable to allow remote web proxy (Squid) to authorize web connections via PrivX web proxy server.
RDP-PROXY	rdp_proxy	smartcard_authentication_enabled	Configure whether RDP smart card authentication is enabled.
RDP-PROXY	rdp_proxy	smartcard_status_workaround_disabled	Disable RDP smart card login failure workaround.
RDP-PROXY	rdp_proxy	allow_connect_to_local_addresses	Allow target connections to local interface addresses.
RDP-PROXY	rdp_proxy	allow_connect_to_loopback	Allow target connections to loopback addresses.
RDP-PROXY	rdp_proxy	enable_wallpaper	Enable desktop wallpaper for target hosts. Disabling this makes screen updates faster.
RDP-PROXY	rdp_proxy	enable_font_smoothing	Enable font smoothing. Enabling this usually improves the text quality.
RDP-PROXY	rdp_proxy	share_dir	RDP shared directory.
RDP-PROXY	rdp_proxy	target_blacklist	A comma separated list of IP addresses or subnets (CIDR) of prohibited RDP targets.
RDP-PROXY	rdp_proxy	connectivity_test_timeout	Connection timeout while check a target is reachable, in seconds.
RDP-PROXY	rdp_proxy	ws_keepalive_interval_sec	WebSocket keepalive interval, in seconds.
RDP-PROXY	rdp_proxy	connection_message_timeout_sec	Timeout interval (seconds) for connection message reply. Default: 5 seconds.
RDP-PROXY	certificates	renewal_period_months	Certificate renewal period in months.
RDP-PROXY	certificates	renewal_period_days	Certificate renewal period in days.
RDP-PROXY	certificates	update_automatically	Configure whether certificates should be updated automatically.
RDP-PROXY	auditevents	skip_event_ids	Comma-separated list of audit-event codes or code ranges, e.g. 1,10,20-30. Specified audit events are not saved to PrivX database, but only logged to syslog.
ROLE-STORE	db	conn_max_idletime	Maximum amount of time a connection may be idle. Set 0 to keep the idle connections open from lazily closed.
ROLE-STORE	db	conn_max_lifetime	Maximum amount of time a connection may be reused. Set 0 to reuse the connection forever.
ROLE-STORE	db	max_idle_conns	Maximum number of idle database connections. Set 0 to lazily remove all idle connections.
ROLE-STORE	db	max_open_conns	Maximum number of open connections to the database. Set 0 to use unlimited number of open connections.
ROLE-STORE	authorizedkeys	expired_purge_interval_hours	Expired authorized keys purge interval in hours. Set to 0 to disable automatic deletion of expired authorized keys.
ROLE-STORE	authorizedkeys	max_validity_days	Authorized key maximum validity period length in days. Valid values are 1-7300 days.
ROLE-STORE	authorizedkeys	min_rsa_key_size	Minimum key size in bits for ssh-rsa keys.
ROLE-STORE	authorizedkeys	supported_key_types	Specify the supported authorized key types for logging in to PrivX with user specific authorized keys.
ROLE-STORE	aws	enabled	Specify whether AWS support is enabled.
ROLE-STORE	aws	default_region	Default AWS region to use for API access.
ROLE-STORE	aws	enable_assume_role	Enable assume-role temporary session credentials. These credentials can be used to give PrivX users temporary access to AWS API via AWS CLI or scripting.
ROLE-STORE	aws	assume_role_default_ttl	Expiration time in seconds for assume-role temporary credentials. AWS service limits are minimum 900 (15 min), maximum 43200 (12 hours). Values above 3600 seconds require modifying the AWS target role config or token grants will fail.
ROLE-STORE	aws	enable_federated_tokens	Enable federation token access. These credentials can be used to give SSH PrivX users temporary access to AWS API via AWS roles. If both assume-role and federated role tokens are enabled, assume-role will be used.
ROLE-STORE	aws	federated_tokens_default_ttl	Expiration time in seconds for federated tokens. AWS service limits are minimum 900 (15 min), maximum 129600 (36 hours).
ROLE-STORE	aws	max_aws_roles	Maximum number of AWS role to fetch. This restriction is applied after role path or role name filtering is done.
ROLE-STORE	caching	enable	Specify whether caching of user role memberships, rule evaluation results, user settings and AWS role descriptions is enabled. Additionally, it is used to define the size of cache used for storing deleted roles. Disabling the setting is not recommended.
ROLE-STORE	caching	type	Cache type. Local caching uses an in-memory LRU cache. Cache type "Local" is recommended for security reasons.
ROLE-STORE	caching	rule_evaluation_cache_enabled	Specify whether role rule evaluation results should be cached. Enabling this setting is recommended.
ROLE-STORE	caching	max_entries	Maximum entries in the local LRU cache. If cache exceeds this size, the least recently used entries are purged. The minimum size of cache should be greater than the number of active PrivX users + total PrivX role rule count.
ROLE-STORE	caching	sync_interval_seconds	Local cache periodic synchronization interval in seconds. Should be a relatively small value (default is 60 seconds). Set to 0 to disable synchronization. This setting should be enabled in HA environments.
ROLE-STORE	caching	ttl	Cache TTL in seconds. Should be set to a relatively small value (few minutes). However setting this too low (e.g less than 3 seconds) might cause synchronization issues when running multiple instances of the same service.
ROLE-STORE	caching	user_cache_refresh_ttl	Cache TTL for user caching in seconds. If user data in the user cache has been refreshed more recently than the User Cache TTL setting, then it won't be reloaded from the user directory. Value of 0 disables the cache. Note that disabling the cache forces fetching user data from the user directory every time user roles are resolved. Disabling the setting is NOT recommended.
ROLE-STORE	caching	deleted_roles_cache_size	Size of the cache that stores deleted roles in memory. Minimum value is 1000 and maximum value is 10000000 (10M). Default value is 1000000 (1M)
ROLE-STORE	directory	blacklisted_host_tag_prefixes	When the "Import host instance tags from the directory" setting is enabled for a host directory, all host tags will be imported to PrivX except tags starting with these prefixes.
ROLE-STORE	housekeeping	scim_role_housekeeping_interval	Interval between housekeeping runs, in minutes, for clearing up unused roles created by SCIM directories. Set to 0 to disable housekeeping.
ROLE-STORE	housekeeping	users_active_interval	Interval where user is considered as active from last login. If the user is not logged in in this interval, the user will be considered as inactive. Therefore, house-keeping will be applied to this user (it includes deleting usersettings, user explicit role mappings, authorized keys, OIDC user data). Note that this behavior is not applied for Local users and API-Clients.
ROLE-STORE	ldap	enable_nested_groups	Enable nested groups for role mappings. Enables LDAP_MATCHING_RULE_IN_CHAIN (1.2.840.113556.1.4.1941) filter for role queries against user directories. This option affects only role mappings. AD directory settings are not affected by this setting.
ROLE-STORE	ldap	default_cache_ttl	Default LDAP cache TTL in seconds. Used if no TTL is specified for an LDAP directory. If you have many users or very slow LDAP servers, set the TTL to a higher value.
ROLE-STORE	ldap	paging_size	LDAP query pagination size. The default maximum for Active Directory is 1000. Use as high of a value as possible for maximum performance.
ROLE-STORE	ldap	attributes	Specifies which attributes to fetch from LDAP for caching. Leaving this empty will fetch all attributes for LDAP objects. Filtering out unused attributes will make the memory consumption smaller and improve query times. Note that only the specified attributes can be used for LDAP query filters and role source rules. The recommended attributes filter is: objectClass cn dn distinguishedName whenCreated whenChanged name userPrincipalName givenName company departmentNumber mail email mobile sAMAccountName uid memberOf entryDN displayName userAccountControl groupType servicePrincipalName objectCategory objectGUID objectSID
ROLE-STORE	ldap	default_user_filter	Default pre-filter to use when searching users. Not required, but allows using shorter LDAP search strings. Use this to filter out non-user objects. Directory level user filters override this default setting. Leaving user filter empty increases memory consumption. The recommended attributed filter is: ((objectClass=user)(objectClass=person)(objectClass=inetOrgPerson))
ROLE-STORE	ldap	global_ad_user_filter	Automatically append this filter to Active Directory requests when fetching users or mapping roles. The recommended AD user filter to filter out disabled users, is: (!userAccountControl:1.2.840.113556.1.4.803:=2)
ROLE-STORE	scanning	first_host_scanning_delay	Host scanning delay after starting the service, in seconds.
ROLE-STORE	scanning	first_role_scanning_delay	AWS role scanning delay after starting the service, in seconds.
ROLE-STORE	scanning	host_scanning_frequency	Default interval between host scanning runs, in seconds.
ROLE-STORE	scanning	role_member_count_update_frequency	Frequency for resolving granted membership counts for roles, in seconds.
ROLE-STORE	scim	max_results	Max Results page size for SCIM get requests.
ROLE-STORE	principal_keys	add_on_role_creation	When True, Principal keys get created at the time of role creation. Defaults to False
ROLE-STORE	auditevents	skip_event_ids	Comma-separated list of audit-event codes or code ranges, e.g. 1,10,20-30. Specified audit events are not saved to PrivX database, but only logged to syslog.
SSH-MITM	db	conn_max_idletime	Maximum amount of time a connection may be idle. Set 0 to keep the idle connections open from lazily closed.
SSH-MITM	db	conn_max_lifetime	Maximum amount of time a connection may be reused. Set 0 to reuse the connection forever.
SSH-MITM	db	max_idle_conns	Maximum number of idle database connections. Set 0 to lazily remove all idle connections.
SSH-MITM	db	max_open_conns	Maximum number of open connections to the database. Set 0 to use unlimited number of open connections.
SSH-MITM	ssh_mitm	ssh_public_addresses	SSH Bastion public addresses.
SSH-MITM	ssh_mitm	reauthorization_interval_sec	Reauthorization interval, in seconds.
SSH-MITM	ssh_mitm	extender_enabled	Enable to allow remote PrivX Extender client connections for tunneling SSH traffic inside VPC networks.
SSH-MITM	ssh_mitm	allow_role_ip_restrictions	Enable to enforce role context IP limitation checks.
SSH-MITM	ssh_mitm	allow_connect_to_local_addresses	Allow target connections to local interface addresses.
SSH-MITM	ssh_mitm	allow_connect_to_loopback	Allow target connections to loopback addresses.
SSH-MITM	ssh_mitm	hostkey_algorithms	Supported hostkey algorithms.
SSH-MITM	ssh_mitm	target_blacklist	A comma separated list of IP addresses or subnets (CIDR) of prohibited SSH targets.
SSH-MITM	ssh_mitm	metadata_update_interval_sec	Interval for metadata updates to connection manager, in seconds.
SSH-MITM	ssh_mitm	ws_keepalive_interval_sec	WebSocket keepalive interval, in seconds.
SSH-MITM	ssh_mitm	exec_connection_idle_timeout_sec	SSH exec connection idle timeout, in seconds.
SSH-MITM	ssh_mitm	connection_message_timeout_sec	Timeout interval (seconds) for connection message reply. Default: 5 seconds.
SSH-MITM	auditevents	skip_event_ids	Comma-separated list of audit-event codes or code ranges, e.g. 1,10,20-30. Specified audit events are not saved to PrivX database, but only logged to syslog.
SSH-PROXY	db	conn_max_idletime	Maximum amount of time a connection may be idle. Set 0 to keep the idle connections open from lazily closed.
SSH-PROXY	db	conn_max_lifetime	Maximum amount of time a connection may be reused. Set 0 to reuse the connection forever.
SSH-PROXY	db	max_idle_conns	Maximum number of idle database connections. Set 0 to lazily remove all idle connections.
SSH-PROXY	db	max_open_conns	Maximum number of open connections to the database. Set 0 to use unlimited number of open connections.
SSH-PROXY	ssh_proxy	reauthorization_interval_sec	Reauthorization interval, in seconds.
SSH-PROXY	ssh_proxy	extender_enabled	Enable to allow remote PrivX Extender client connections for tunneling SSH traffic inside VPC networks.
SSH-PROXY	ssh_proxy	forwarder_enabled	Enable to allow forwarding of SSH connections from the PrivX agent.
SSH-PROXY	ssh_proxy	allow_connect_to_local_addresses	Allow target connections to local interface addresses.
SSH-PROXY	ssh_proxy	allow_connect_to_loopback	Allow target connections to loopback addresses.
SSH-PROXY	ssh_proxy	target_blacklist	A comma separated list of IP addresses or subnets (CIDR) of prohibited SSH targets.
SSH-PROXY	ssh_proxy	metadata_update_interval_sec	Interval for metadata updates to connection manager, in seconds.
SSH-PROXY	ssh_proxy	ssh_keepalive_interval_sec	Target ssh connection keepalive interval, in seconds.
SSH-PROXY	ssh_proxy	ws_keepalive_interval_sec	WebSocket keepalive interval, in seconds.
SSH-PROXY	ssh_proxy	connection_message_timeout_sec	Timeout interval (seconds) for connection message reply. Default: 5 seconds.
SSH-PROXY	auditevents	skip_event_ids	Comma-separated list of audit-event codes or code ranges, e.g. 1,10,20-30. Specified audit events are not saved to PrivX database, but only logged to syslog.
TRAIL-INDEX	db	conn_max_idletime	Maximum amount of time a connection may be idle. Set 0 to keep the idle connections open from lazily closed.
TRAIL-INDEX	db	conn_max_lifetime	Maximum amount of time a connection may be reused. Set 0 to reuse the connection forever.
TRAIL-INDEX	db	max_idle_conns	Maximum number of idle database connections. Set 0 to lazily remove all idle connections.
TRAIL-INDEX	db	max_open_conns	Maximum number of open connections to the database. Set 0 to use unlimited number of open connections.
TRAIL-INDEX	housekeeping	housekeeping_interval	Interval between housekeeping runs, in minutes, for clearing up expired audit trail files. Set to 0 to disable housekeeping.
TRAIL-INDEX	workers	no_of_workers	Maximum audit trail indexing concurrency.
TRAIL-INDEX	auditevents	skip_event_ids	Comma-separated list of audit-event codes or code ranges, e.g. 1,10,20-30. Specified audit events are not saved to PrivX database, but only logged to syslog.
USER-STORE	db	conn_max_idletime	Maximum amount of time a connection may be idle. Set 0 to keep the idle connections open from lazily closed.
USER-STORE	db	conn_max_lifetime	Maximum amount of time a connection may be reused. Set 0 to reuse the connection forever.
USER-STORE	db	max_idle_conns	Maximum number of idle database connections. Set 0 to lazily remove all idle connections.
USER-STORE	db	max_open_conns	Maximum number of open connections to the database. Set 0 to use unlimited number of open connections.
USER-STORE	auditevents	skip_event_ids	Comma-separated list of audit-event codes or code ranges, e.g. 1,10,20-30. Specified audit events are not saved to PrivX database, but only logged to syslog.
VAULT	db	conn_max_idletime	Maximum amount of time a connection may be idle. Set 0 to keep the idle connections open from lazily closed.
VAULT	db	conn_max_lifetime	Maximum amount of time a connection may be reused. Set 0 to reuse the connection forever.
VAULT	db	max_idle_conns	Maximum number of idle database connections. Set 0 to lazily remove all idle connections.
VAULT	db	max_open_conns	Maximum number of open connections to the database. Set 0 to use unlimited number of open connections.
VAULT	secrets	schemas	Specify secret schemas in JSON format as an array of schema objects, as shown in the example.
VAULT	auditevents	skip_event_ids	Comma-separated list of audit-event codes or code ranges, e.g. 1,10,20-30. Specified audit events are not saved to PrivX database, but only logged to syslog.
WORKFLOW-ENGINE	db	conn_max_idletime	Maximum amount of time a connection may be idle. Set 0 to keep the idle connections open from lazily closed.
WORKFLOW-ENGINE	db	conn_max_lifetime	Maximum amount of time a connection may be reused. Set 0 to reuse the connection forever.
WORKFLOW-ENGINE	db	max_idle_conns	Maximum number of idle database connections. Set 0 to lazily remove all idle connections.
WORKFLOW-ENGINE	db	max_open_conns	Maximum number of open connections to the database. Set 0 to use unlimited number of open connections.
WORKFLOW-ENGINE	auditevents	skip_event_ids	Comma-separated list of audit-event codes or code ranges, e.g. 1,10,20-30. Specified audit events are not saved to PrivX database, but only logged to syslog.
SECRETS-MANAGER	winrm	winrm_host_certificate_trust_anchors	Specify WinRM host certificate trust anchor PEM certificates.