--- title: "Agent" slug: "agent-1" updated: 2025-11-04T14:24:22Z published: 2025-11-04T14:24:22Z --- > ## Documentation Index > Fetch the complete documentation index at: https://docs.plainid.io/llms.txt > Use this file to discover all available pages before exploring further. # Agent The **PlainID Agent** is a core service in the Policy Authorization Agent (PAA). It connects the PAA to the **Platform**, retrieving configurations and Policies from the cloud and applying them at runtime. --- ## Configuration The PlainID Agent is configured through Environment Variables. These variables control connectivity, authentication, runtime behavior, and logging. The following **Environment Variables** must be set. These values can be found in the **Tenant Settings** screen of the **Platform**. | Environment Variable | Description | Location in Platform | | --- | --- | --- | | `TENANT_ID` | Tenant ID | **Tenant Settings → Hybrid Agent Keys** | | `CLIENT_SECRET_KEY` | Agent Secret Key | **Tenant Settings → Hybrid Agent Keys** | | `PAA_ID` | PAA ID | **Tenant Settings → Policy Authorization Agents** | | `REDIS_HOST` | Redis host | Provided by your Redis configuration | | `REDIS_PORT` | Redis port | Provided by your Redis configuration | | `REDIS_PASS` | Redis password (default: none) | Provided by your Redis configuration | ### Client Variables | Environment Variable | Description | Location in Platform | | --- | --- | --- | | `TENANT_ID` | Tenant ID | **Tenant Settings → Customer Hosted Settings** | | `CLIENT_SECRET_KEY` | Agent Secret Key | **Tenant Settings → Customer Hosted Settings** | | `PAA_ID` | PAA ID | **Tenant Settings → Policy Authorization Agents** | --- ### Management Variables | Environment Variable | Description | Default | | --- | --- | --- | | `REDIS_HOST` | Runtime Redis host | — | | `REDIS_PORT` | Runtime Redis port | — | | `REDIS_PASS` | Runtime Redis password | `redispass` | | `HOSTNAME` | Service host | `localhost` | | `REDISYNC_VMARGS` | JVM arguments for Redisync | — | | `JOURNAL_INTEGRITY_CONTROL_IS_UPDATER` | Validates the PAA Redis data integrity. See information box below for more details. | `true` | Integrity Check When set to **false**, it only logs detected key synchronization issues; when set to **true** (default), it both logs and automatically corrects them. These logs help customers track issues and simplify investigations. --- ### Agent Communications These parameters configure the connection between the PlainID Agent and the Policy Administration Point (PAP). | Configuration Parameter | Environment Variable | Description | | --- | --- | --- | | `tunnel.serverUrl` | `REMOTE_WARP` | URL of the remote PAP Agent | | `tunnel.numberOfConnections` | `NUMBER_OF_CONNECTIONS` | Number of connections to the cloud (default: `1`) | | `tunnel.proxyHost` | `PROXY_HOST` | Proxy host if a proxy is used (default: `null`) | | `tunnel.proxyPort` | `PROXY_PORT` | Proxy port if a proxy is used (default: `888`) | **Tunnel Endpoints (set `tunnel.serverUrl`):** | Tenant Location | WSS URL | HTTPS URL | | --- | --- | --- | | United States | `wss://remote.us1.plainid.io/wstunnel` | `https://remote.us1.plainid.io/httptunnel` | | Europe | `wss://remote.eu1.plainid.io/wstunnel` | `https://remote.eu1.plainid.io/httptunnel` | | Canada | `wss://remote.ca1.plainid.io/wstunnel` | `https://remote.ca1.plainid.io/httptunnel` | --- ## Health and Logging The PlainID Agent provides operational APIs that allow administrators to monitor service health and adjust runtime logging without restarting the Agent. These APIs are designed to support both Kubernetes and standalone deployments, making it easier to verify availability, track dependencies, and fine-tune logging for troubleshooting. - **Health Checks** – Verify Agent status and dependent services. - **Logging API** – Dynamically update log levels for troubleshooting. Use these APIs to maintain service reliability, streamline debugging, and integrate the Agent into your monitoring workflows. ### Health The Agent includes a built-in health endpoint that reports on service status. This can be used for monitoring and integration with orchestration systems (e.g., Kubernetes, Docker health checks). Typical health checks include: - Connectivity to the Platform - Redis availability - Communication channel status ## Health Check Check the basic availability of the Agent. ### Endpoint ``` http://:/actuator/health ``` ### Example Response ``` { "status": "UP" } ``` --- ### Command Line ``` java -jar plainid-agent.jar ```x --- ## Agent Health Checks Monitor the Agent’s service status and its connected components. ### Endpoints * **Kubernetes (K8s):** `GET http://plainid-paa-agent/actuator/health` * **Standalone:** `GET http://:/actuator/health` | Parameter | Default Value | Description | | ------------------------- | ------------- | ----------------------- | | `` | — | Standalone host address | | `` | `8081` | Agent management port | ### Example Response ```json { "status": "UP", "components": { "connectedToRemoteWarp": { "status": "UP" }, "diskSpace": { "status": "UP", "details": { "total": 133003395072, "free": 103323860992 } }, "livenessState": { "status": "UP" }, "piggiesStatus": { "status": "UP" }, "ping": { "status": "UP" }, "readinessState": { "status": "UP" }, "redis": { "status": "UP", "details": { "version": "6.0.14" } } }, "groups": ["liveness","readiness"] } ``` --- ### Logging The PlainID Agent supports configurable log levels and formatting. Logging can be tuned to control verbosity and assist with troubleshooting. The following log levels are supported: **error**, **warn**, **info**, **trace**, **debug**. | Environment Variable | Description | Default | | --- | --- | --- | | `LOGGING_ROOT_LEVEL` | Root logging level | `error` | | `LOGGING_SPRING_LEVEL` | Spring framework logging level | `info` | | `LOGGING_PLAINID_LEVEL` | PlainID logging level | `debug` | Change logging levels dynamically without restarting the Agent. The **Agent Logger API** allows dynamic log level updates without restarting the Agent. Use it to review or adjust logger verbosity for troubleshooting. Important Avoid leaving verbose log levels active in production. ### Logging Configuration Persistence Control whether log level changes reset on restart or persist through configuration. - **Temporary changes (API):** Reset after Agent restart. - **Permanent changes:** - **Helm:** `.Values.agent.logLevel` - **Standalone:** [Agent Environment Variables](/v1/docs/agent-1#agent-communications) --- ## Authentication All API requests require secure authentication using JWT tokens. These APIs require **JWT authentication with Tenant Admin permissions**. Security: Bearer Auth See [Authentication for Management APIs](https://docs.plainid.io/apidocs/authentication-mgmt-apis). Use your bearer token in the header: ``` Authorization: Bearer ``` --- ## PAA Logger Endpoints Access or update Agent logger configurations through the management API. ### Retrieve Loggers Fetch the available loggers and their configured levels. ``` GET https://api.{region}.plainid.io/pip-mgmt/1.0/monitor/loggers/agent/{PAA_ID} GET https://api.{region}.plainid.io/pip-mgmt/1.0/monitor/loggers/agent/{PAA_ID}/{LOGGER_NAME} ``` **Example Response** ``` { "data": { "levels": ["OFF","TRACE","DEBUG","INFO","WARN","ERROR"], "loggers": { "org.springframework.web": { "configuredLevel": "INFO", "effectiveLevel": "INFO" }, "root": { "configuredLevel": "INFO", "effectiveLevel": "INFO" } } } } ``` | Field | Type | Description | | --- | --- | --- | | `configuredLevel` | string | Level set via configuration or API | | `effectiveLevel` | string | Actual level applied (may be inherited) | --- ### Modify Log Levels Change the logging level of a specific logger at runtime. ``` POST https://api.{region}.plainid.io/pip-mgmt/1.0/monitor/loggers/agent/{PAA_ID}/{LOGGER_NAME} ``` **Example Request** ``` { "configuredLevel": "DEBUG" } ``` **Example Response** ``` { "data": { "configuredLevel": "DEBUG", "effectiveLevel": "DEBUG" } } ```