Agent Runtime Options
The Coordimap agent reads a YAML configuration file at startup, expands environment variables, connects to configured data sources, and sends discovered infrastructure metadata to Coordimap. Use this page when you need to run, debug, or operationalize the agent runtime.
Default Configuration File
By default, the agent looks for a config.yaml file near the executable.
For explicit deployments, pass the file path with --config:
./agent --config ./config.yamlFor Docker deployments, mount the file and pass the path inside the container:
docker run --rm \
-v "$(pwd)/config.yaml:/config.yaml:ro" \
-e COORDIMAP_API_KEY="YOUR_API_KEY" \
coordimap/coordimap-agent:v1.2.7 \
--config /config.yamlDebug Mode
Use --debug while validating a new configuration or investigating startup issues.
./agent --debug --config ./config.yamlDo not leave overly verbose logs enabled in production unless you need them for a temporary investigation.
Environment Variable Substitution
The public example configuration uses environment variable placeholders such as ${COORDIMAP_API_KEY}, ${AWS_ACCESS_KEY_ID}, and ${POSTGRES_PASSWORD}.
Example:
coordimap:
api_key: ${COORDIMAP_API_KEY}
data_sources:
- type: postgres
data_source_id: postgres-primary
config:
- name: db_pass
value: ${POSTGRES_PASSWORD}Set those variables in the runtime environment before starting the agent.
Production Credential Handling
Use the least-sensitive option available for each environment.
Recommended approaches:
- IAM roles for AWS runtimes such as EC2 or EKS
- metadata-service authentication for GCP runtimes when
in_cloudis supported - Kubernetes Secrets for in-cluster deployments
- environment variables injected by a secret manager
- read-only database users for PostgreSQL, MySQL, MariaDB, and MongoDB
Avoid committing API keys, access keys, database passwords, or service account JSON files to source control.
Startup Checklist
Before restarting the agent, confirm that:
coordimap.api_keyis set or resolvable from the environment.- Each data source has the correct
type. - Each data source has the expected Coordimap connector identifier.
- Each data source has a stable upstream
scope_id. - Credential files and mounted paths exist in the agent runtime.
- The agent runtime can reach the target APIs or databases.
crawl_intervalvalues are reasonable for the environment.
Common Runtime Failures
| Symptom | Likely Cause | Fix |
|---|---|---|
| Agent starts but no resources appear | Wrong data_source_id or API key | Verify the connector ID and COORDIMAP_API_KEY. |
| Configuration validation fails | Missing scope_id or invalid mapping | Add the upstream identity and check Shared Configuration Options. |
| Cloud crawl fails | Missing credentials or wrong runtime auth mode | Check IAM role, service account, credentials_file, in_cloud, or access key settings. |
| Database crawl fails | Network, credentials, SSL, or grants issue | Verify host reachability, read-only grants, password, and ssl_mode. |
| Flow data does not attach | Mismatched scope_id or external_mappings | Reuse the same upstream scope values across related data sources. |
Source References
FAQ
How do I choose the agent configuration file?
Pass the path with --config. This is more explicit than relying on default file lookup and is recommended for Docker, Kubernetes, and production deployments.
How do I troubleshoot a new Coordimap agent setup?
Start with one data source, run the agent with --debug, confirm credentials and network access, then verify that the data source uses the correct scope_id.
Can I keep secrets in config.yaml?
Avoid storing secrets directly in config.yaml. Use environment variables, Kubernetes Secrets, IAM roles, service accounts, or a secret manager.
Shared Configuration Options
Learn how Coordimap shared configuration works, including data_source_id, scope_id, and crawl_interval for stable asset identity across cloud and database crawlers.
Metric Trigger Rules
Configure the Coordimap agent to evaluate metric rules and send metric-trigger elements to the backend for Kubernetes and GCP.