USP Client Configuration File
The USP Client configuration file, located at /opt/udmg/etc/usp-client.hcl, defines how a USP Client instance operates.
USP Client establishes outbound tunnels from restricted or internal networks to a USP Server, allowing the server to securely reach protected targets that are otherwise not directly accessible.
This file uses HCL (HashiCorp Configuration Language) to express structured settings such as client identity and authentication material, server endpoints, tunnel/forwarding definitions, connection retries and keepalives, and logging options.
What is HCL?
The USP Client configuration file is written in HCL (HashiCorp Configuration Language), a human-friendly syntax for structured configuration.
Key points about HCL:
- Blocks group related settings inside curly braces (
{}). For example, theapiblock contains all API-related options. - Arguments are key-value pairs defined within blocks. Each argument has a name (the key) and a value.
- Argument names are unique within their block and describe the purpose of the setting.
Dot Notation
Throughout this documentation we use dot notation to reference nested arguments.
This notation is used only in the documentation for clarity. In the actual HCL file, arguments are defined within their respective blocks, not as dot-separated keys.
api {
port = # Referenced as: api.port
secure {
enable = # Referenced as: api.secure.enable
}
}
Arguments by Block
This section lists all configurable arguments available in usp-client.hcl. Arguments are grouped by configuration block (including the root level). For every argument, the table shows its name, description, type, and default value—helping you quickly understand what it controls and how to set it.
All HCL arguments described on this page use dot notation to reference their full path from the root of the configuration file.
Root Level
Defines the top-level attributes of the USP Client.
| HCL Argument Name | Description | Value Type | Default Value |
|---|---|---|---|
name | Name of the USP Client instance. | string | |
key | USP Client private key's path for authentication with the Tunnel. | string |
tunnel
The tunnel block specifies the tunnel the USP Client uses to connect to its USP Server.
| HCL Argument Name | Description | Value Type | Default Value |
|---|---|---|---|
tunnel.host | Hostname of the USP Server's Tunnel that the USP Client connects to. | string | |
tunnel.port | Port of the USP Server's Tunnel that the USP Client connects to. | string | |
tunnel.host_key | Path of the USP Server Tunnels's public key for authentication. Must be in "authorized_keys" format. | string |
log
The log block configures USP Client logging output, verbosity level, and log rotation settings.
| HCL Argument Name | Description | Value Type | Default Value |
|---|---|---|---|
log.level | Controls the verbosity of logs. Options (every option contains the messages from the ones below it):
tip Use | string | "INFO" |
log.path | The path to the log file. If no value is set, logs are written to standard output. | string | "" (standard output) |
log.max_size | Rotates logs when the log file grows beyond a threshold measured (in MB). | number | 0 (disabled) |
log.max_backups | Defines how many rotated log files must be kept. Once the number is exceeded, the older log file gets deleted when a new log rotation takes effect. | number | 0 (disabled) |
log.max_age | Rotates logs that are older than a specified number of days. Each Component checks the age of each log file every time a log message is written, and when the configured threshold is reached, it archives the current log as the original log file plus the time at which the log was rotated (name-timestamp.extension). For example: if | number | 0 (disabled) |