Configuration

Credentials

In order to communicate with the Intersight API, isctl requires authentication credentials. You can use either API Key authentication (API Key ID and Secret Key) or OAuth authentication (Client ID and Client Secret).

There are multiple ways for these to be provided to isctl such as environment variables, configuration file or in the command line arguments. These are the configuration items that determine how isctl communicates with the Intersight API:

Authentication Methods (Choose One)

API Key Authentication: - Intersight API Key ID - The API Key ID generated by Intersight when a new API key is created in the UI. - Intersight Secret Key - the private key component (Secret Key) of the API Key created through the Intersight UI. This configuration item can either be the path/filename of the key stored on disk (e.g. ~/intersight.pem) or it can be the key data itself (e.g. -----BEGIN RSA PRIVATE KEY-----\n...).

OAuth Authentication: - Intersight Client ID - The Client ID for your OAuth app. - Intersight Client Secret - The Client Secret for your OAuth app. - Intersight Token URL - The URL to obtain the OAuth token. Defaults to https://<Intersight FQDN>/iam/token if not specified. Generally you will not need to set this.

Token Caching (OAuth Only)

When using OAuth authentication, isctl caches the access token to disk to avoid fetching a new token on every invocation. This significantly improves performance when running many sequential commands.

Token Cache Path - Path to the token cache file. Defaults to $XDG_CONFIG_HOME/isctl/token-cache.json or ~/.config/isctl/token-cache.json if XDG_CONFIG_HOME is not set.
Disable Token Cache - Set to true to disable token caching. Useful for CI environments where you don't want tokens persisted to disk.

General Configuration

Intersight FQDN - Fully Qualified Domain Name of the Intersight service. For SaaS this will be intersight.com (and this is the default if not specified) but for Private Virtual Appliance (PVA) or Connected Virtual Appliance (CVA) installations you will need to set this.
Intersight Insecure - if set to true, isctl will not verify the certificate of the Intersight API service. If set to false (the default), the Intersight API service certificate will be verified.
Intersight Proxy - The URL of an HTTP proxy to use for API requests (e.g. http://proxy.example.com:8080).
Readable MoRefs - if set to true, MoRef values in output will use human-readable identity fields (e.g., MoRef:organization.Organization[Name:default]) instead of opaque Moid hex strings. The identity fields used depend on each class's identity constraints. Falls back to Moid for classes with no identity constraints. See Readable MoRefs for details.

Configuration Sources

The following table shows the available configuration sources and the configuration items. The sources are listed in precedence order, from highest precedence to lowest precedence:

Source	API Key ID	Secret Key	Client ID	Client Secret	Token URL	FQDN	Insecure
Command Line Flags	`--intersight-api-key-id`	`--intersight-secret-key`	`--intersight-client-id`	`--intersight-client-secret`	`--intersight-token-url`	`--intersight-fqdn`	`--insecure`
Environment Variables	`INTERSIGHT_API_KEY_ID`	`INTERSIGHT_SECRET_KEY`	`INTERSIGHT_CLIENT_ID`	`INTERSIGHT_CLIENT_SECRET`	`INTERSIGHT_TOKEN_URL`	`INTERSIGHT_FQDN`	<not supported>
Configuration file	`intersight_api_key_id`	`intersight_secret_key`	`intersight_client_id`	`intersight_client_secret`	`intersight_token_url`	`intersight_fqdn`	`intersight_insecure`

Source	Token Cache Path	Disable Token Cache
Command Line Flags	`--intersight-token-cache-path`	`--intersight-disable-token-cache`
Environment Variables	`INTERSIGHT_TOKEN_CACHE_PATH`	`INTERSIGHT_DISABLE_TOKEN_CACHE`
Configuration file	`intersight_token_cache_path`	`intersight_disable_token_cache`

Source	Readable MoRefs
Command Line Flags	`--readable-morefs`
Configuration file	`readable_morefs`

Note: Environment variables are case-insensitive.