Bouncer not reading API_KEY from environment correctly

According to the docs, I would expect the firewall bouncer to read values from the environment and expand the configuration with it. However, when I try this using the API_KEY variable, I receive a 403 from the LAPI.

My Config looks like this:

api_key: ${API_KEY}
api_url: ***********
deny_action: DROP
ipset_type: nethash
iptables_chains:
- crowdsec
log_mode: stdout
mode: iptables
update_frequency: 10s

When I put an env call into the start script of the bouncer, I can see the API_KEY variable is set to what I expect. If I put the value into the config directly, the bouncer works as expected.

Any advice on how to debug this would be appreciated.

The documentation you link too is the CrowdSec binary and that does support environment variables, however, bouncers do not we use ${API_KEY} as a placeholder within the post installation scripts to replace with the key it generates.

Ah, I see, thanks for clarifying

So, is it impossible to set the API key using an environment variable?

Depends on the remediation, but most of them do support variables now. The ones that dont are the lua based ones.

So, it should work for the firewall bouncer? It wasn’t working for me.