CLI JSON template

The CLI JSON template, found in the config.prod.properties.json file, is integral to the silent installation process outlined in the Installation Flow of the RPA CLI installation. This file, generated in the installation flow, contains critical settings for installation, configuration, and file security.

Refer to the detailed descriptions for each parameter to understand its purpose and usage. The information provided serves as a helpful guide, and it is recommended to follow the outlined instructions without making unnecessary changes.

While we do not advise making changes to these parameters, you have the flexibility to do so at your own discretion. Please be aware that modifying these settings may result in a lack of support. Proceed with caution.

The default CLI command parameter descriptions apply to typical and common use cases. In most scenarios, you don't have to make any changes to achieve functionality. Advanced users and special cases may need custom configurations not covered in this topic. Ensure you review your specific requirements before making any changes to parameters outside of the defaults.
When a parameter name is enclosed by dollar signs ($), the system automatically populates it with the information from the parameter that it refers to. Specifically, any text or value between the dollar signs are interpreted as a reference to another parameter, and its content is used to fill in the referenced parameter. In the following example, $RABBITMQ_USER$ is replaced with the user details from the parameter: RABBITMQ_USER.

Setup

JSON Parameter with default value	Description
"PRODUCT": "RPA"	Specify the product to be installed, set as RPA for this installation. This is case sensitive.
"INSTALL_DIRECTORY": "C:\\nintex"	Choose a destination folder for the installation files. Use the default folder C:\\nintex or select a different location. Remember to use double backslashes to represent a single backslash in the JSON file.
"EXPAND_OVERWRITE": true	During RPA installation, expanding the bundle involves extracting files into a designated directory. Choosing not to expand during initial installation, `EXPAND_OVERWRITE` = false, uses files directly from the installation directory, skipping the extraction step. For RPA reinstallation, setting `EXPAND_OVERWRITE` to false uses previously expanded files from the initial installation. This lets you update configurations using System Manager without re-expanding the bundle, streamlining the process and potentially saving time and resources.
"SERVER_FQDN": "srv1.domain.com"	Specify the domain name of the server for the installation, following the format: server.domain.com.
"CONFIG_DIR": "config"	Name of the configurations folder within the main INSTALL_DIRECTORY folder. Altering this value can have significant impacts on the system. It is imperative not to change this parameter to ensure the stability and integrity of the system.
"KRYON_ENVIRONMENT": "prod"	Parameter for production environment. Altering this value can have significant impacts on the system. It is imperative not to change this parameter to ensure the stability and integrity of the system.
"IS_RPA": true	This value is set to true for RPA installations. No changes required.
"CMD_PATH": "C:/Windows/System32"	Default location for the Windows System32 folder. While it can be modified, it should always point to the correct folder containing CMD (Command Prompt).
"BACKUP_DIR": "BackUp"	Name of the backup folder within the main INSTALL_DIRECTORY folder. No changes required.
"SECRETS_ENV_PREFIX": "NINTEX_SECRETS_"	Sensitive information stored as environment variables with the prefix NINTEX_SECRETS_. While it is customizable, changing it will impact the name prefix of the environment variables created.
"PERMISSIONS_ENABLED": "true"	Enables/disables catalog permissions on wizards. Set as true to enable permissions on wizards. If this is set to false, it can be changed in the Admin Tool, or you can run installation again with the System Manager after changing this value.
"RPA_SERVER_VERSION": "23.11"	Version of the RPA server installation file. This is a system parameter and must not be changed.
"SEARCH_ENGINE_LOCALE": 1037	Language used by the Studio and Robot when searching for wizards. Change only if you want to use a different language: 1037 - English (default) 1033 - Hebrew and English 1251 - Russian and English
"DEPLOYMENT_TYPE": "UnAttended"	Specify the automation type: unattended or attended. (Not case-sensitive) Unattended (default option): With this automation type, the unattended robot is installed on a virtual machine and is connected to the RPA server. It can execute a predefined sequence of actions on a preset schedule or in response to triggers, operating independently without requiring human intervention. Attended: With this automation type, the attended robot is installed on the employee's desktop and connected to the RPA server. It remains idle until activated by an employee or a specific action. This mode resembles virtual assistants and relies on human intervention.
"OPEN_PORTS_IN_FIREWALL": true	Verify if the Windows Defender Firewall has all required ports open. Set as true for automatic configuration. If this is set to false, you need to manually open the required ports in Windows Defender Firewall to ensure proper application communication. To open ports in Windows Defender Firewall, go to Windows Settings > Update & Security > Windows Security > Firewall & network protection > Advanced settings and select Open all ports in Windows Firewall. (The exact location may vary depending on your Windows version.)

"RABBIT": {

JSON Parameter with default value	Description
"RABBITMQ_PORT": 5672	Port that RabbitMQ listens on for communication with RPA. You can use the default value or specify a different port.
"RABBITMQ_MGMT_PORT": 15672	Port for accessing the RabbitMQ management interface. You can keep the default value or choose a different port.
"RABBIT_USE_SSL": false	Specifies whether SSL (Secure Sockets Layer) is used for communication with RabbitMQ. This feature is currently disabled.
"RABBIT_SEED_HOSTNAME": ""	The hostname for the seed node within the RabbitMQ cluster setup. This is only relevant for High Availability (HA) setups and we do not currently support it. Do not change this parameter.
"RABBIT_CLUSTER_FORMATION": ""	Manages the formation process of the RabbitMQ cluster. This is only relevant for High Availability (HA) setups and we do not currently support it. Do not change this parameter.
"RABBIT_PEER_DISCOVERY": "classic"	Configures the peer discovery mechanism for the RabbitMQ cluster. Different cluster formations may necessitate specific settings for this parameter. This is only relevant for High Availability (HA) setups and we do not currently support it. Do not change this parameter.
"RABBIT_CA_CERTIFICATE": ""	A bundled PEM file used for validating the certificate of the server and certificates of other servers in a cluster. Provide the appropriate certificate if you want to encrypt the RabbitMQ connection, following the format: path/to/CA_certificate.
"RABBIT_SERVER_CERTIFICATE": ""	Contains the public key information needed for secure communication with the RabbitMQ server. Provide the appropriate certificate if you want to encrypt the RabbitMQ connection, following the format: /path/to/server_certificate.pem.
"RABBIT_SERVER_KEY": ""	Contains the confidential key needed for secure communication with the RabbitMQ server. Provide the appropriate server key if you want to encrypt the RabbitMQ connection, following the format: /path/to/server_key.pem.

"LOGS": {

JSON Parameter with default value	Description
"SEQ_PRE_INSTALLED": false	Set the value to true if Seq is pre-installed; otherwise, the default value is false for local installation.
"SEQ_PROTOCOL": "http"	If `SEQ_PRE_INSTALLED`is set to true, enter the Seq protocol: (This is case-sensitive) http: (default) This option provides basic data transfer without encryption and is suitable when security is not a primary concern, or if additional network-level security measures are in place. https: This option is the secure version of HTTP. It uses encryption (usually SSL/TLS) to protect the data being transmitted between RPA and the Seq server. Choose https for enhanced security when dealing with sensitive or confidential data.
"SEQ_HOST": "localhost"	If `SEQ_PRE_INSTALLED` is set to true, enter the Seq server's fully qualified domain name (FQDN) as follows: server.example.com, or keep the default value.
"SEQ_PORT": 5341	If `SEQ_PRE_INSTALLED` is true and your Seq server uses a non-default port, enter it here.
"SEQ_ADDRESS": "$SEQ_PROTOCOL$://$SEQ_HOST$:$SEQ_PORT$"	Represents the complete address for accessing the Seq server, combining the previously filled out fields for Seq protocol, host, and port. This is system generated and should not be changed.
"SEQ_API_KEY": ""	(Optional) Enter an API key if your Seq instance configuration requires one. The need for an API key may vary based on your Seq server settings.
"SEQ_SERVICE_NAME": "Nintex-Seq"	Represents the service name used for Seq. No modifications are required.

"CACHE": {

JSON Parameter with default value	Description
"CACHE_MASTER_HOST": "127.0.0.1"	This pertains to Redis, a data structure server. This is a system parameter and must not be changed.
"CACHE_REPLICA_HOST": "127.0.0.1"	This pertains to Redis, a data structure server. This is a system parameter and must not be changed.
"CACHE_CLUSTER_NODES": "127.0.0.1:6379"	This pertains to Redis, a data structure server. This is a system parameter and must not be changed.
"REDIS_PORT": 6379	This pertains to Redis, a data structure server. This is a system parameter and must not be changed.
"SERVER_DATA_CACHE_TIME_OUT_MINUTES": 1440	This pertains to Redis, a data structure server. This is a system parameter and must not be changed.
"ALLOW_SERVER_DATA_CACHE_UPDATING": "true"	This pertains to Redis, a data structure server. This is a system parameter and must not be changed.
"SERVER_DATA_CACHE_UPDATE_NEXT_DUE": 30000	This pertains to Redis, a data structure server. This is a system parameter and must not be changed.

"AEROBASE": {

JSON Parameter with default value	Description
"REALM_ID": "nintex"	Represents the ID of the domain in Aerobase that the system uses. While it can be changed, use lowercase letters for any modifications.
"KEYCLOAK_SSL": false	Set to true for installations with SSL/TLS for the entire system. If this parameter is set to true, provide the certificate file sources in the SSL section of the config file. Use the default value, false, for installations without SSL/TLS.
"KEYCLOAK_UNSAFE_SSL": false	Set this parameter to true if you don't need certificate validation and want to trust the certificate. Keep it as false if you want to validate the certificate.
"AEROBASE_DB_TYPE": "mssql"	Aerobase only supports the MSSQL database type, and no other database is currently supported. This parameter is case-sensitive and should not be changed.
"AEROBASE_DB_HOST": "$MSSQL_SERVER$"	Automatically populates the database server's FQDN, representing the unique network address of your MSSQL database server, from the Secured JSON file's parameter of the DB server FQDN. It can be changed if Aerobase uses another MSSQL server. Other following database connection parameters should be adjusted accordingly based on the server settings.
"AEROBASE_DB_NAME": "nintex_authentication"	The specific database name associated with Aerobase's authentication services. While it can be changed, use lowercase letters for any modifications.
"AEROBASE_INTERNAL_PORT": 5698	The listening port for the Keycloak business service within Aerobase. No need to change this, but ensure all ports are accessible, as NGINX acts as a proxy to this port.
"AEROBASE_DB_PORT": 1433	Database port for MSSQL server. If your server uses a port other than the default, enter the appropriate port number.
"AEROBASE_DB_SSPI": "$MSSQL_SSPIMODE$"	Relevant for MSSQL and used for Windows authentication. Update this with the service logon account of WatchDog in the Secured JSON file under `"SERVICE_LOGON_USER"`.
"AEROBASE_DB_INSTANCE": "$MSSQL_INSTANCE$"	You can connect to MSSQL using either the port or the instance name, depending on your preference. By default, it uses the instance if one is listed; otherwise, it defaults to the port. If neither is available, port 1433 is used.
"AEROBASE_DB_INITIALIZE": true	Set this parameter to true if you want to create a database manually. This is particularly relevant for local SQL installations. If you are using an external SQL server, set this parameter to false.
"AEROBASE_DB_TLS": "$MSSQL_ENCRYPT$"	The encryption of the database connection is determined by the setting of this parameter. If `"MSSQL_ENCRYPT"` is set to false, the connection is not encrypted.
"AEROBASE_TLS_CERT": "$SSL_CRT_FILE$"	If `"KEYCLOAK_SSL"` is set to true, use this file to configure SSL on NGINX. This parameter usually refers to the SSL certificate file required for NGINX configuration.
"AEROBASE_TLS_KEY": "$SSL_KEY_FILE$"	If `"KEYCLOAK_SSL"` is set to true, use this file to configure SSL on NGINX. This parameter typically refers to the SSL key file required for NGINX configuration.
"AEROBASE_FEDERATION_NAME": "nintex-ldap"	Represents the name of the connection to the organization in the Active Directory within Keycloak. While it can be changed, use lowercase letters for any modifications.
"AEROBASE_FEDERATION_IS_ENABLED": false	Enables/disables the Active Directory feature within Aerobase. Set this to true to enable the Active Directory feature within Aerobase.
"AEROBASE_FEDERATION_CONNECTION_URL": "ldap://domanincontroller.ldapdomain.com"	Represents the URL of the domain controller, where you must enter the necessary details. If `AEROBASE_FEDERATION_IS_ENABLED` is set to true, update this to the URL of your domain controller in the format ldap://yourdomaincontroller.yourldapdomain.com.
"AEROBASE_FEDERATION_DOMAIN": "ldapdomain.com"	If `AEROBASE_FEDERATION_IS_ENABLED` is set to true, ensure to update this to your specific LDAP domain name, for example, yourldapdomain.com.
"AEROBASE_FEDERATION_USER_DN": "OU=client,DC=nintex,DC=internal"	This area specifies where you want to retrieve users from. If `AEROBASE_FEDERATION_IS_ENABLED` is set to true, enter the appropriate organizational unit (OU) from Active Directory, for example, OU=your_organizational_unit,DC=your_domain,DC=internal.
"AEROBASE_FEDERATION_GROUP_DN": ""	If you plan to connect users from specific user groups, provide an area and distinguished name following the format "OU=client,DC=nintex,DC=internal". When `AEROBASE_FEDERATION_IS_ENABLED` is set to true, and you want to use Active Directory for additional authentication permissions, enter the relevant group(s) from the Active Directory objects list using their CN (Common Name) values. It is comma-delimited for multiple selections. Leave this field empty if you are not using Active Directory groups for authentication.
"AEROBASE_FEDERATION_ENABLE_TLS": false	Set this to true to enable LDAPS (secure connection) within the Aerobase Federation configuration.
"AEROBASE_FEDERATION_TLS_CA_CERT": "federation.cert"	If `"AEROBASE_FEDERATION_ENABLE_TLS"` is set to true, which implies LDAPS (secure connection), this file is required. This can be changed, provide the necessary file destination.
"AEROBASE_FEDERATION_TLS_CA_CERT_SOURCE": "c:/certs/federation.cert"	If `"AEROBASE_FEDERATION_ENABLE_TLS"` is set to true, which implies LDAPS (secure connection), this file is required. Provide the necessary file source. The file name can be changed, but not its extension.
"AEROBASE_FEDERATION_CUSTOM_USER_FILTER": ""	Specify a custom filter for retrieving users from the Active Directory. Use this option if you want to apply additional filters. For example: To filter users based on a specific organizational unit (OU): Copy `(objectClass=user)(memberOf=CN=Users,DC=example,DC=com)` To filter users based on a particular attribute value: Copy `(objectClass=user)(employeeType=Contractor)` To filter users based on multiple criteria: Copy `(&(objectClass=user)(!(employeeType=Contractor))(memberOf=CN=Managers,DC=example,DC=com))`
"AEROBASE_REALM_FILE": "kryon-realm.json"	Refers to the imported realm file that comes bundled with the package. There is typically no need to modify this parameter unless under special circumstances.
"AEROBASE_CONTACT_POINTS": ""	Used to specify the contact points for the Aerobase configuration. Provide the necessary contact points to enable the appropriate settings. For example: (Make sure to replace the IP addresses with the actual contact points you want to specify for your configuration.) Copy `AEROBASE_CONTACT_POINTS": ["192.168.1.100", "192.168.1.101", "192.168.1.102"]`
"KERBEROS_AUTHENTICATION_IS_ENABLED": false	Enables/disables Kerberos authentication. When set to false, Kerberos authentication is disabled and affects the single sign-on (SSO) capability. You must manually enter your Active Directory credentials if this feature is disabled.
"KERBEROS_KEYTAB_FILE_SOURCE": "c:/aerobase.keytab"	The source file location for the Kerberos keytab file, which is essential for the Kerberos authentication process within Aerobase. Ensure the specified path is accurate and accessible.
"MAX_RETRIES_SECRETS_CLIENTS_CREATION": 60	Manages the maximum number of retries for creating client secrets during API calls for Aerobase's client ID and service provider configurations. There are no minimum or maximum retries as long as there are no errors; performance won't be impacted.
"IDP_APPLICATION_USER_FULLNAME": "Test User"	The name of a user that is created within the realms. It serves as the initial user included with the installation, ready for use immediately after setup. This can be changed and it is not case-sensitive. It represents the first and last name of the user to be configured.
"AEROBASE_LOCAL_POSTGRES_ENABLED": true	Used only if the database type is PostgreSQL. It will not be used if PostgreSQL is not the selected database type. This is a system parameter and must not be changed.

"NGINX": {

JSON Parameter	Description
"NGINX_PORT": 80	Represents the port used when SSL is disabled. When SSL is enabled, the `"NGINX_PORT"` value must be set to 443.

"FEATURE_TOGGLES": {

JSON Parameter	Description
"TOGGLES_SECRETSMANAGEMENT": false	Enabling this feature integrates OS credentials with CyberArk's secret management system, enhancing overall security, provided CyberArk is installed. By default, this is set to false.
"TOGGLES_DISTRIBUTION_SYSTEM_SUPPORT": true	Manages the distribution of Dynamic Advanced Commands to clients and provide configuration options for the DAC Updater Service. By default, this is set to true

"MSSQL": {

JSON Parameter	Description
"MSSQL_PRE_INSTALLED": true	Determines whether MSSQL is preinstalled. If it is preinstalled, you will need to configure the FQDN accordingly.
"MSSQL_SERVER": "127.0.0.1"	Provide the MSSQL server details if `"MSSQL_PRE_INSTALLED"` is set to true. This can be in the format of IP, FQDN, or PQDN.
"MSSQL_DATABASE": "kryon_RPA"	Provide the MSSQL database information if `"MSSQL_PRE_INSTALLED"` is set to true. It is accepted here in any format that SQL server requires and supports, including case, formats, and limitations.
"MSSQL_INSTANCE": ""	Provide the MSSQL instance if `"MSSQL_PRE_INSTALLED"` is set to true. This is not mandatory.
"MSSQL_SSPIMODE": false	Set this parameter to true to enable MSSQL with Windows authentication.
"MSSQL_PORT": 1433	Provide the MSSQL port information if `"MSSQL_PRE_INSTALLED"` is set to true.
"MSSQL_ENCRYPT": false	Set this parameter to true to enable encryption for the MSSQL connection, if required.
"MSSQL_TLS_CA_CERT_SOURCE": "C:\\certs\\mssql-bundle-src.pem"	Specify the source file location for the MSSQL TLS CA certificate for the secure connection. Make sure to have the correct path to where the certificate is located.
"MSSQL_TLS_CA_CERT": "mssql-bundle.pem"	The MSSQL TLS CA certificate name for the secure connection. This can be changed; provide the file name of the certificate.
"MSSQL_TLS_TRUST_SERVER_CERT": true	Set this parameter to true if you prefer to trust the server certificate for MSSQL TLS connection. If this is set to false, and `"MSSQL_ENCRYPT"` is set to true, make sure to fill out the details for these two parameters: `"MSSQL_TLS_CA_CERT_SOURCE"` and `"MSSQL_TLS_CA_CERT"`.

"SSL": {

JSON Parameter	Description
"CERTS_DIR": "Certificates"	Represents the destination for the certificate storage. No modifications required. If this is changed, ensure that it is a valid folder name.
"SSL_USE_PFX": true	Set this parameter to true if you want to use the PFX file for SSL.
"SSL_PFX_FILE_SOURCE": "C:\\Certs\\server_full_chain.pfx"	If `"SSL_USE_PFX"` is set to true, this parameter indicates the location of the PFX file for SSL configuration. The file name can be changed to a different valid path, but do not change its extension.
"SSL_CRT_FILE_SOURCE": "server_cert.crt"	If `"SSL_USE_PFX"` is set to false and you want to provide separate certificate files, this parameter represents the source file location for the SSL certificate. The file name can be changed to a different valid path, but do not change its extension.
"SSL_KEY_FILE_SOURCE": "server_cert.key"	If `"SSL_USE_PFX"` is set to false and you don't want to use a PFX file, provide this parameter as the source file location for the SSL private key. The file name can be changed to a different valid path, but do not change its extension.
"PEM_FILE_SOURCE": "ca_bundle.pem"	If `"SSL_USE_PFX"` is set to false and you don't want to use a PFX file, provide this parameter as the source file location for the PEM file. The file name can be changed to a different valid path, but do not change its extension.
"SSL_PFX_FILE": "server_cert.pfx"	Refers to file names in the system and it can be changed to a different valid path, but do not change its extension.
"SSL_CRT_FILE": "server_cert.crt"	Refers to file names in the system and it can be changed to a different valid path, but do not change its extension.
"SSL_KEY_FILE": "server_cert.key"	This parameter refers to file names in the system and it can be changed to a different valid path, but do not change its extension.
"PEM_FILE": "ca_bundle.pem"	Refers to file names in the system and it can be changed to a different valid path, but do not change its extension.
"NODEJS_CA_CERTS": "ca_bundle.pem"	Refers to file names in the system and it can be changed to a different valid path, but do not change its extension.
"HTTP_TYPE": "http"	Related to the Keycloak SSL configuration. If `"Keycloak_SSL"` is set to true, the parameter must be set to https, case-sensitive. Ensure it is set to the HTTP port defined during your installation, with the default port being 8081.

"SENSOR":{

JSON Parameter	Description
"SENSOR_FLOOD_PROTECTION_ENABLED": true	Controls the flood protection for RPA sensors that can trigger wizards. You may consider adjusting the start hours or end hours accordingly.
"SENSOR_CONCURRENT_USERS": 5000	Manages the maximum number of concurrent users for RPA sensors that can trigger wizards. Only relevant to releases prior to 22.9.1.
"SENSORS_START_HOUR": "07:00"	Sets the start hour for RPA sensors that can trigger wizards. Consider modifying this value to align with your environment requirements. This parameter accepts values in both 12 and 24-hour formats. For example: 19:00 or 7:00 PM.
"SENSORS_END_HOUR": "19:00"	Sets the end hour for RPA sensors that can trigger wizards. Consider modifying this value to align with your environment requirements. This parameter accepts values in both 12 and 24-hour formats. For example: 19:00 or 7:00 PM.
"SENSOR_DATA_REFRESH_INTERVAL": 170	Manages the data refresh interval for RPA sensors that can trigger wizards. Consider modifying this value to align with your environment requirements, specified in minutes. Must be a positive value: 1, 2, 3, 4, 5, and so on.

"HA": {

JSON Parameter	Description
"LB_SSL": false	Do not change. Not relevant for this release.
"LB_PORT": ""	Do not change. Not relevant for this release.

Next step:

After making the necessary changes, return to the Silent Installation to continue the RPA installation.