Configuration file

Oct 22, 2023

ID 234817

The configuration file with the KESL container settings uses the yaml format. To read the settings from the file, mount the /root/kesl-service/config/ path on the device where the KESL container is installed, and specify the name of the configuration file if it differs from the default one. Thus, you can specify individual configuration file for each set of KESL containers.

Example: starting a KESL container

docker run ... \

-e KRAS4D_CFGNAME='unique_file_name' \

-v <HOST_PATH>:/root/kesl-service/config \


The table below shows the configuration file settings and the corresponding environment variables.

Correspondence between the settings and the environment variables

Configuration file setting

Environment variable

Common section

port: <port for listening>

# KRAS4D_PORT=8085

sqlpath: <full path to the database file that contains scan results>


certdir: <path to the directory with registry certificates>


keypath: <path to the directory with license keys>


tmppath: <full path to the temporary directory>


logpath: <full path to the event log>


loglevel: [noset|debug|info|warning|error|critical]


Control section

xapikey: <request authorization key>


forceupdate: <forced database update at container start [True|False]>


activation: <activation code or key file name from /root/kesl-service/config/>


detectaction: [delete|skip]


scanoptions: <scan settings [ScanArchived=yes ScanSfxArchived=yes ...]>


skipimageifexist: <do not scan the image if it already exists on the server to which the scanned image is to be copied>


generaltimeout: <maximum time to wait for application commands to run>


updtasktimeout: <maximum time to wait for application database update tasks to run>


Repositories section

<server>:<port>: address and port of the image registry that requires authorization when requesting for verification.


Credentials subsection

user: user name for authorization in the image registry


pass: password for authorization in the image registry


Example of a configuration file


port: 8085

sqlpath: './data/scans.sqlite'

tmppath: './tmp/'

keypath: './keys/'

certdir: './certificates/'

logpath: '/var/log/kaspersky/kesl-service/'

loglevel: 'debug'


xapikey: 0000

activation: XXXX-XXXX-XXXX-XXXX or XXXX.key

scanoptions: 'ScanArchives=yes'

updateoptions: ''

forceupdate: True

skipimageifexists: False

generaltimeout: 600

updtasktimeout: 1000


certificate: repository_any_comcert.pem


user: user

pass: password

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.