DOCS

Configuration

Environment variables, SDK options, policy setup, and identity provider configuration for SURADAR.

This reference covers the configuration options available for SURADAR SDKs, environment variables, policies, and identity provider integrations.

Environment Variables

Set these in your agent’s runtime environment:

VariableRequiredDescription
SURADAR_ENDPOINTNoAPI base URL. Defaults to https://api.suradar.dev. Override for self-hosted or staging environments.
SURADAR_API_KEYYesYour organization’s API key from the dashboard.
SURADAR_ORG_IDYesYour organization identifier.
export SURADAR_ENDPOINT="https://api.suradar.dev"
export SURADAR_API_KEY="sk_live_abc123..."
export SURADAR_ORG_ID="org_xyz789..."

SDK Options

The SDK accepts the following options at initialization:

import { SuradarClient } from "@suradar/sdk";

const suradar = new SuradarClient({
  apiKey: process.env.SURADAR_API_KEY,
  orgId: process.env.SURADAR_ORG_ID,
  endpoint: process.env.SURADAR_ENDPOINT,  // optional
  timeout: 5000,       // request timeout in ms (default: 10000)
  retries: 3,          // automatic retry count (default: 2)
  logLevel: "warn",    // "debug" | "info" | "warn" | "error"
});

Policy Configuration

Policies define what your agents can and cannot do. Configure them via the admin dashboard or the API.

Dashboard

  1. Navigate to Settings > Policies in the SURADAR dashboard
  2. Click Create Policy
  3. Define the policy scope: specific agents, agent groups, or organization-wide
  4. Set rules: allowed actions, rate limits, time-of-day restrictions, escalation thresholds
  5. Save and activate — policies take effect immediately

API

curl -X POST https://api.suradar.dev/v1/policies \
  -H "Authorization: Bearer $SURADAR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "production-rate-limit",
    "scope": "org",
    "rules": [
      {
        "type": "rate_limit",
        "max_requests_per_minute": 1000
      },
      {
        "type": "action_allowlist",
        "actions": ["read", "write", "execute"]
      }
    ]
  }'

Identity Provider Setup

SURADAR federates agent identity with your existing IdP. Supported providers:

Okta

  1. In Okta, create a new OIDC application (machine-to-machine)
  2. In the SURADAR dashboard, go to Settings > Identity Providers > Add Provider
  3. Select Okta and enter your Okta domain, client ID, and client secret
  4. Map Okta groups to SURADAR agent roles

Microsoft Entra ID

  1. Register an application in the Azure portal under App registrations
  2. Add SURADAR’s redirect URI from the dashboard
  3. In SURADAR, select Entra ID and provide the tenant ID, client ID, and client secret

Auth0

  1. Create a machine-to-machine application in Auth0
  2. Authorize the application for the SURADAR API
  3. In SURADAR, select Auth0 and enter your domain, client ID, and client secret

SPIFFE

SURADAR natively supports SPIFFE IDs for workload identity. Configure your SPIRE server to issue SVIDs for your agents, then register the trust domain in the SURADAR dashboard under Settings > Identity Providers > SPIFFE.

Next Steps

← Previous How It Works Next → API Reference