Skip to main content

Configuration Overview

KoreShield uses a YAML-based configuration file (config.yaml) to control security policies, provider settings, logging, and integrations. This guide provides an overview of the main configuration areas.

Configuration File Location

By default, KoreShield looks for config.yaml in the current working directory. You can specify a custom location using the --config flag: 
koreshield --config /path/to/config.yaml

Main Configuration Areas

Settings

Server, logging, monitoring, and provider configuration

Policies

Security policies, sensitivity levels, and threat actions

Rate Limiting

Distributed rate limiting with Redis integration

Production Checklist

Essential steps before deploying to production

Quick Start Configuration

Here’s a minimal production-ready configuration: 
server:
  host: "0.0.0.0"
  port: 8000

logging:
  level: INFO
  json_logs: true
  container_mode: true

security:
  sensitivity: medium
  default_action: block
  features:
    sanitization: true
    detection: true
    policy_enforcement: true

providers:
  openai:
    enabled: true
    base_url: "https://api.openai.com/v1"

redis:
  enabled: true
  url: "redis://localhost:6379/0"

Environment Variables

Sensitive credentials should be stored as environment variables, not in the configuration file:
KORESHIELD_API_KEY
string
required
API key for authenticating requests to KoreShield
OPENAI_API_KEY
string
OpenAI API key for provider authentication
ANTHROPIC_API_KEY
string
Anthropic API key for Claude models
DEEPSEEK_API_KEY
string
DeepSeek API key for DeepSeek models
GOOGLE_API_KEY
string
Google API key for Gemini models
AZURE_OPENAI_API_KEY
string
Azure OpenAI API key for Azure-hosted models
Never commit API keys or sensitive credentials to version control. Always use environment variables or a secrets manager.

Configuration Best Practices

Use separate config.yaml files for each environment (development, staging, production). Store them in a secure location and use environment-specific deployment scripts to apply the correct configuration.
# Development
koreshield --config config.dev.yaml

# Production
koreshield --config config.prod.yaml
Key production changes:
  • Enable json_logs: true for structured logging
  • Set container_mode: true if running in containers
  • Use sensitivity: medium or high
  • Set default_action: block for strict security
  • Enable Redis for distributed rate limiting
  • Configure monitoring and alerting
KoreShield validates configuration on startup and will report errors if:
  • Required fields are missing
  • Invalid values are provided
  • Provider URLs are malformed
Check the startup logs for validation messages:
koreshield --config config.yaml 2>&1 | grep -i "config\|error"
Currently, KoreShield requires a restart to apply configuration changes. Plan maintenance windows for configuration updates in production environments.
See the Production Checklist for a complete guide to production deployment.

Next Steps

1

Configure Settings

Review Settings to configure server, logging, and providers
2

Set Up Policies

Define security policies in Policies
3

Enable Rate Limiting

Configure Redis-based rate limiting in Rate Limiting
4

Production Deployment

Follow the Production Checklist before going live

Build docs developers (and LLMs) love

Get started for freeTalk to us