Configuration values and environment variables

Values are stored in the following locations:

Windows registry

You'll need to select the client type from within these folders to see configuration values for each client.
- Machine configuration: HKEY_LOCAL_MACHINE\SOFTWARE\Venafi\
- User configuration: HKEY_CURRENT_USER\Software\Venafi\
Linux:
- Machine configuration: /etc/venafi/libhsm.conf
- User configuration: Path varies by client
  - PKCS11: ~/.venafipkcs11config
  - GPG: ~/.venafiscdconfig
macOS
- Machine configuration: /etc/venafi/libhsm.conf
- User configuration: Path varies by client:
  - PKCS11: ~/.venafipkcs11config
  - GPG: ~/.venafiscdconfig
  - TKTokenDriver: macOS Keychain Access

Configuration values

Auth Server Url: The URL to the authentication server.
Hsm Server Url: The URL to the virtual HSM server.
Network Timeout: The number of milliseconds to wait for traffic before timing out on network operations. The default is 30000ms (30s).
First Error Timeout: If a connection attempt fails due to timeout (Network Timeout), the next attempt will timeout after the number of milliseconds set on this item. Default Is 15000.
Multiple Error Timeout: If a connection fails for the second time (First Error Timeout), all subsequent connections will Multiple Error Timeout until a successful connection can be established again. Cascading error timeouts will keep commands that are causing multiple network requests from hanging for a long time, waiting to time out if the server is unreachable. Default is 2000 milliseconds.
Grantee: The Trust Protection Platform username associated with the grant.
CA Trust: The filename of the file containing the CA and Intermediate certificates required to trust the virtual HSM and authentication server. In the machine configuration file, it must be an absolute path. For the user’s configuration file, a path relative to the user's home directory is expected.
Chain Validation: Can be set to No, Disabled, or 0 to disable verification of the virtual HSM or authentication server certificate. Must not be used in production environments.
Access Token: The access token for the user’s grant.
Refresh Token: The refresh token for the user’s grant. Optional, if the server does not provide refresh tokens.
Access Expires: The time and date the access token expires, in unixtime.
Pkcs11 Module: The path and filename of the PKCS#11 DLL to load . Used by Pkcs11Spy.
Pkcs11 Trace File: The path and filename of the trace file Pkcs11Spy writes to.
Trace Log Path: The path and filename of the trace file libhsm consumers write to. If the value exists, tracing is enabled, unless specifically disabled by the Trace Log Path Disabled configuration value.; The library appends the process id and .log to the provided name to allow for a unique file per process and to avoid file access conflicts between multiple processes.
Trace Log Path Disabled: If the name exists and the value is set to True, Yes or 1, no trace file will be written.
Trace Log Console: Can be set to stderr or stdout. If the configuration value exists, any trace messages will be send to the screen or the redirected error output.
Trace Log Console Disabled: If the name exists and the value is set to True, Yes or 1, no trace output will be sent to the screen or error output.

Environment variables

HTTPS_PROXY: Specifies the URL of a proxy server to use, if your proxy option is set to automatic (which is the default).
NO_ANSI: Disables interactivity.
NO_COLOR: Disables use of color in printed messages.
NO_PROXY: A list of hosts to not use the proxy with.
LIBHSMINSTANCE: Sets an instance for the configuration to use.
VENAFICSPSILENT: Enables or disables dialogs in the UI for the Windows CSP/KSP. 1 disables the dialogs. 0 (default) enables the dialogs. This can also be set using the cspconfig option command by setting the Silent option to true: cspconfig option -name Silent -value 1