Configuration Reference
NDCLI uses a YAML configuration file and supports environment variable overrides. This reference covers all configuration options.
Configuration File Location
Section titled “Configuration File Location”~/Library/Application Support/ndcli/config.yaml~/.config/ndcli/config.yaml%APPDATA%\ndcli\config.yamlUse --conf to specify a custom config file path:
ndcli --conf /path/to/config.yaml device listConfiguration File Structure
Section titled “Configuration File Structure”oauth2: provider: netdefense domain: auth.netdefense.io client_id: your-client-id audience: authcli scopes: openid profile email offline_access
controlplane: host: https://control.netdefense.io ssl_verify: true
organization: name: my-organization
output: format: detailed
auth: storage: keyring account: user@example.com path: ""Configuration Options
Section titled “Configuration Options”OAuth2 Settings
Section titled “OAuth2 Settings”Settings for OAuth2 authentication provider.
| Key | Type | Default | Description |
|---|---|---|---|
oauth2.provider | string | (built-in) | OAuth2 provider type |
oauth2.domain | string | auth-dev.netdefense.io | OAuth2 domain |
oauth2.client_id | string | (built-in) | OAuth2 client ID |
oauth2.audience | string | authcli | OAuth2 audience |
oauth2.scopes | string | openid profile email offline_access | OAuth2 scopes |
Control Plane Settings
Section titled “Control Plane Settings”Settings for the NetDefense API connection.
| Key | Type | Default | Description |
|---|---|---|---|
controlplane.host | string | https://dev-control.netdefense.io | API host URL |
controlplane.ssl_verify | bool | true | Verify SSL certificates |
Custom API Host
Section titled “Custom API Host”To use a different API host (e.g., self-hosted or staging):
controlplane: host: https://control.example.com ssl_verify: trueOrganization Settings
Section titled “Organization Settings”Default organization for commands.
| Key | Type | Default | Description |
|---|---|---|---|
organization.name | string | "" | Default organization name |
Set via command:
ndcli config set org my-organizationOverride per-command:
ndcli device list --org other-organizationOutput Settings
Section titled “Output Settings”Output formatting preferences.
| Key | Type | Default | Description |
|---|---|---|---|
output.format | string | detailed | Default output format |
Valid formats:
| Format | Description |
|---|---|
table | Tabular format, good for lists |
simple | Compact bullet-point format |
detailed | Rich Unicode box drawing |
json | Machine-readable JSON |
Set via command:
ndcli config set output jsonOverride per-command:
ndcli device list -f tableAuthentication Storage
Section titled “Authentication Storage”Settings for credential storage.
| Key | Type | Default | Description |
|---|---|---|---|
auth.storage | string | keyring | Storage backend: keyring or file |
auth.account | string | "" | Account email for keyring lookup |
auth.path | string | "" | Custom path for file storage |
Keyring Storage (Default)
Section titled “Keyring Storage (Default)”Credentials are stored in the system keyring:
- macOS: Keychain
- Linux: Secret Service (GNOME Keyring, KWallet)
- Windows: Credential Manager
auth: storage: keyring account: user@example.comFile Storage
Section titled “File Storage”If keyring is unavailable, credentials are stored in a file:
auth: storage: file path: /custom/path/auth.jsonDefault file locations:
- macOS:
~/Library/Application Support/ndcli/auth.json - Linux:
~/.config/ndcli/auth.json - Windows:
%APPDATA%\ndcli\auth.json
Environment Variables
Section titled “Environment Variables”All configuration options can be set via environment variables with the NDCLI_ prefix:
| Environment Variable | Config Key |
|---|---|
NDCLI_OAUTH2_PROVIDER | oauth2.provider |
NDCLI_OAUTH2_DOMAIN | oauth2.domain |
NDCLI_OAUTH2_CLIENT_ID | oauth2.client_id |
NDCLI_OAUTH2_AUDIENCE | oauth2.audience |
NDCLI_OAUTH2_SCOPES | oauth2.scopes |
NDCLI_CONTROLPLANE_HOST | controlplane.host |
NDCLI_CONTROLPLANE_SSL_VERIFY | controlplane.ssl_verify |
NDCLI_ORGANIZATION_NAME | organization.name |
NDCLI_OUTPUT_FORMAT | output.format |
Examples
Section titled “Examples”export NDCLI_ORGANIZATION_NAME=production
export NDCLI_OUTPUT_FORMAT=json
export NDCLI_CONTROLPLANE_HOST=https://api.example.comPrecedence
Section titled “Precedence”Configuration values are resolved in this order (highest to lowest priority):
- Command-line flags (
--org,-f) - Environment variables (
NDCLI_*) - Config file (
config.yaml) - Built-in defaults
Example Configurations
Section titled “Example Configurations”Development Setup
Section titled “Development Setup”controlplane: host: https://dev-control.netdefense.io ssl_verify: true
organization: name: dev-environment
output: format: detailed
auth: storage: keyringCI/CD Pipeline
Section titled “CI/CD Pipeline”controlplane: host: https://control.netdefense.io ssl_verify: true
organization: name: production
output: format: json
auth: storage: file path: /secrets/ndcli-auth.jsonMulti-Organization User
Section titled “Multi-Organization User”controlplane: host: https://control.netdefense.io
organization: name: ""
output: format: tableManaging Configuration
Section titled “Managing Configuration”View Current Configuration
Section titled “View Current Configuration”ndcli config showReset to Defaults
Section titled “Reset to Defaults”ndcli config resetManually Edit
Section titled “Manually Edit”Open the config file directly:
$EDITOR ~/.config/ndcli/config.yamlcode ~/Library/Application\ Support/ndcli/config.yamlnotepad $env:APPDATA\ndcli\config.yaml