Configurations

Registry provides following configuration properties

Registry Configurations

Properties
Description

notification_enabled

boolean value which determines whether notification is to be sent or not

notification_url

url which will be used to send notification url

notification_async_enabled

to send out notifications in asynchronous manner

notification_topic

if notification_async_enabled is enabled, then kafka topic to which notification event will be sent

registry_perRequest_indexCreation_enabled

boolean value which determines if index needs to be created at database level

external_entities

comma separated strings of external entities

workflow.enable

boolean value to enable or disable the workflow i.e attestation policy

async_enabled

create entities asynchronously

kafka_create_entity_topic

if async_enabled, then this property defines the topic name to which new async requests are pushed

kafka_post_create_entity_topic

if async is enabled, then this property defines the topic name to which the response of create-entity is pushed

search_offset

this is the default offset that will be used while searching,

search_limit

this is the default limit that will be used or the max value that can be used to as a limit in the search

search_expandInternal

boolean value, if set true, all the search results will be expanded to include internal objects.

database_provider

this property states which database is to be used. Providers available are NEO4J, SQLG, CASSANDRA, ORIENTDB, TINKERGRAPH (in-memory)

connectionInfo_uri

url to connect to database. eg Postgres - jdbc:postgresql://localhost:5432/yourdb

connectionInfo_username

username to be used to connect to database

connectionInfo_password

password to be used to connect to database

connectionInfo_maxPoolSize

Database connection pool size

verify_url

this url will be used to verify the issued VC. point it to {certification_signer}/verify

certificate_health_check_url

certificate api service's health check url

template_folder_path

path from which default template will be loaded if no external template is provided. File name should be the name_of_schema.appropriate_extention The location should be in resources folder

audit_enabled

This audit configuration will enable audit logging in the system

audit_frame_store

FILE : Store the audit log in files. DATABASE : Store the audit log in the primary database configured and in elastic search if it's enabled

audit_suffix

suffix which is used for schema name to store audit information for a particular entity type

audit_suffixSeparator

separator between entity name and audit_suffix

validation_enabled

boolean property to check for request body to be validated in specific format

validation_type

type in which request body needs to be validated. eg JSON

service_connection_timeout

Set the connection timeout in milliseconds for the underlying request configuration

service_connection_request_timeout

Set the timeout in milliseconds used when requesting a connection from the connection manager using the underlying request Configuration

service_read_timeout

Set the socket read timeout in milliseconds for the underlying request configuration

http_max_connections

maximum http connections

taskExecutor_index_threadPoolName

Specify the prefix to use for the names of newly created threads.

taskExecutor_index_corePoolSize

Set the ThreadPoolExecutor's core pool size.

taskExecutor_index_maxPoolSize

Set the ThreadPoolExecutor's maximum pool size.

taskExecutor_index_queueCapacity

Set the capacity for the ThreadPoolExecutor's BlockingQueue.

auditTaskExecutor_threadPoolName

Specify the prefix to use for the names of newly created threads.

auditTaskExecutor_corePoolSize

Set the ThreadPoolExecutor's core pool size.

auditTaskExecutor_maxPoolSize

Set the ThreadPoolExecutor's maximum pool size.

auditTaskExecutor_queueCapacity

Set the capacity for the ThreadPoolExecutor's BlockingQueue.

elastic_search_connection_url

url for elastic search connection if elastic search is enabled. Elastic search is enabled using search_providerName

search_providerName

The search mechanism to use. Values could be either NativeSearchService or ElasticSearchService. If NativeSearchService, then every search API uses the same database as the writes. May not offer high speed reads. This is the default search service, if this config is not provided. If ElasticSearchService, then Elastic search is used. Ex: (dev.sunbirdrc.registry.service.ElasticSearchService, dev.sunbirdrc.registry.service.NativeSearchService)

sunbird_sso_realm

identity provider realm name to be used for authentication and authorization

sunbird_sso_url

identity provider connection url

sunbird_sso_admin_client_id

client id to be used as admin

sunbird_sso_admin_client_secret

secret key of keycloak admin client set by using sunbird_sso_admin_client_id

sunbird_keycloak_user_set_password

boolean value to default password for user/owner of entity in identity provider

sunbird_keycloak_user_password

if sunbird_keycloak_user_set_password is set to true, provide this value to set this as default user password

identity_user_actions

actions which will be trigger by identity provider example email actions: VERIFY_EMAIL, UPDATE_PROFILE, UPDATE_PASSWORD,TERMS_AND_CONDITIONS etc. email details should be configured in identity provider realm settings

identity_provider

name of the implementation of identity provider. below are the implemented identity providers in registry -

dev.sunbirdrc.auth.auth0.Auth0ProviderImpl dev.sunbirdrc.auth.genericiam.AuthProviderImpl

dev.sunbirdrc.auth.keycloak.KeycloakProviderImpl

oauth2_resource_uri

oauth2_resource_email_path

email path in identity provider resource (jwt token). i.e. email

oauth2_resource_consent_path

consent path in identity provider resource. i.e. consent

oauth2_resource_roles_path

roles path in identity provider resource. i.e. realm_access.roles

oauth2_resource_entity_path

entity path in identity provider resource. i.e. entity

oauth2_resource_user_id_path

user id path in identity provider resource. i.e. sub

claims_enabled

default false. boolean value which determines whether attestation is to be done

claims_url

url in order to connect to claims service

did_enabled

to enable or disable did service, It is required when using signature service v2

did_health_check_url

did service health check endpoint

did_generate_url

did service generate did endpoint

did_resolve_url

did service resolve did endpoint

signature_enabled

boolean value which determines whether signature is to be created for a document

signature_provider

Implementation of signature service to sign and verify credentials. implemented classes: dev.sunbirdrc.registry.service.impl.SignatureV1ServiceImpl dev.sunbirdrc.registry.service.impl.SignatureV2ServiceImpl

signature_v2_credential_did_method

DID method to generate the credential's id with

signature_v2_issuer_did_method

DID method to generate issuer did with

signature_v2_schema_author

name of the author to create credential schema

signature_v2_schema_author_did_method

DID method to generate did for the author of credential schema

signature_v2_health_check_url

health check url for SingatureV2ServiceImpl

signature_v2_issue_url

signature v2 issue credential url

signature_v2_get_url

signature v2 get credential by id url

signature_v2_delete_url

signature v2 delete credential by id url

signature_v2_verify_url

signature v2 verify credential by id url

signature_v2_verify_any_url

verify any credential url

signature_v2_revocation_list_url

signature v2 get revocation list url

signature_v2_schema_health_check_url

signature v2 credential schema healthcheck url

signature_v2_schema_create_url

signature v2 credential schema create url

signature_v2_schema_update_url

signature v2 credential schema update url

signature_v2_schema_get_by_id_and_version_url

signature v2 credential schema get by id and version url

signature_v2_schema_search_by_tags_url

signature v2 credential schema search by tags url

sign_url

url in order to connect to certificate signer to sign the document

sign_health_check_url

certificate signer health check url

certificate_enabled

default false. boolean value which determines whether certificate is to be generated

pdf_url

url to fetch certificate from certificate api service

certificate_health_check_url

certificate api health check url

template_base_url

api endpoint to get default templates stored in sunbird-rc

filestorage_enabled

default false. boolean value which determines whether documents are to be stored

filestorage_connection_url

minio connection url to store files

filestorage_access_key

access key of minio

filestorage_secret_key

secret key of minio

filestorage_bucket_key

bucket name where to store the files in minio

registry_base_apis_enable

if enabled the exisitng /add /update apis will be enabled. This is to enable backward compatibility

logging.level.root

The log level that will be used for logging. Default logging is INFO. Values supported: INFO DEBUG WARN ERROR

enable_external_templates

boolean value which when set to true, one can retrieve the certificate pdf using external templates

authentication_enabled

boolean value to enable authentication in the system

kafka_bootstrap_address

url for kafka connection

webhook_enabled

boolean value to enable webhook if async_enabled is true

webhook_url

if async_enabled and webhook_enabled is set to true, the caller can retrieve information of the created entity once it is generated via this webhook url

redis_host

redis connection url

redis_port

port on which redis is running

manager_type

if using a single instance of registry, set this value to DefinitionsManager else set to DistributedDefinitionsManager

service_retry_maxAttempts

The number of times an attempt must be made to reach to the service

service_retry_backoff_delay

The fixed time interval, in milliseconds, between each such attempt.

event_enabled

boolean value that indicates whether events should be emitted or not. if enabled, registry will start emitting events

event_topic

kafka topic name to which events will be emitted

event_providerName

name of provider to be used for emitting events. For eg: if Kafka is used, the value should be dev.sunbirdrc.registry.service.impl.KafkaEventService. If file is to be used to store events the value should be `dev.sunbirdrc.registry.service.impl.FileEventService.java`

encryption_enabled

default false. boolean value which determines whether to enable encryption to store private fields. Note: External encryption service is required to encrypt/decrypt

encryption_health_check_url

encryption service health check endpoint

encryption_uri

encryption service encrypt api endpoint

encryption_batch_uri

encryption service batch encrypt api endpoint

decryption_uri

encryption service decrypt api endpoint

decryption_batch_uri

encryption service batch decrypt api endpoint

encryption_method

Normal/Imp or keys from map value provided in encryption service property type.to.method.map

encryption_tenant_id

tenant id to use for encryption

idgen_enabled

boolean to enable/disable idgen feature

idgen_tenant_id

tenant id to use for id generation

idgen_health_check_url

idgen service health check api endpoint

idgen_generate_url

idgen service id generate api endpoint

idgen_id_format_url

idgen service id format api endpoint

swagger_enabled

default true. boolean value to enable/disable swagger apis

swagger_title

to set custom title for swagger to be generated

swagger_description

to set custom description for swagger to be generated

swagger_version

to set a custom version for swagger

Claims Service

Properties
Description

sunbirdrc_url

used by claim service to communicate with sunbirdrc. url which corresponds to registry deployed host and port

Certificate Api service

Properties
Description

CUSTOM_TEMPLATE_DELIMITERS

Delimeters to be used to parse credential/certificate template. By default {{,}}

QR_TYPE

Types of QR codes that sunbird supports 1. W3C-VC 2. URL-W3C-VC (if VC needs to be sent as a URL) 3. URL (If only a URL needs to be part of the QR. The URL will only contain the entity name and osid.

CERTIFICATE_DOMAIN_URL

Base URL to be used when QR_TYPE is URL*

Certificate signer service

Properties
Description

CACHE_CONTEXT_URLS

Predefine a set of context urls to be cached to avoid runtime network access.

CONFIG_BASE_PATH

path to config.json file where all the signing keys are stored

CUSTOM_TEMPLATE_DELIMITERS

Delimeters to be used to parse credential/certificate template. By default {{,}}

Notification Service

Properties
Description

KAFKA_BOOTSTRAP_SERVERS

Kafka bootstrap servers (ex: host:port)

SMS_AUTH_KEY

api url to send sms to provided mobile numbers

SMS_AUTH_KEY

authorization key for sms api url

ENABLE_SMS

flag to enable sending sms using sms api

TRACK_NOTIFICATIONS

boolean value to track all sent notifications and fetch them if needed

Metrics Service

Properties
Description

CLICK_HOUSE_URL

clickhouse database url along with port on which clickhouse is hosted

CLICKHOUSE_DATABASE

database name where the events will be stored

KAFKA_BOOTSTRAP_SERVERS

url along with port number on which kafka is running

KAFKA_METRICS_TOPIC

topic name to which registry produces events

DATABASE_PROVIDER_NAME

type of database being used. eg clickhouse

REDIS_URL

url where redis is hosted

CRON_ENABLE

boolean value which will run the cron job and save the aggregates to redis

SCHEDULE_INTERVAL

days interval after which you want to run cron job to compute aggregates

SCHEDULE_TIME

time at which you want to run cron job to compute aggregates

Bulk Issuance

Properties
Description

REGISTRY_BASE_URL

url on which registry is hosted

DATABASE_HOST

host address of database

DATABASE_PORT

port on which database is running

DATABASE_USER

username of database

DATABASE_PASSWORD

password for that user of the database

DATABASE_NAME

database name

KEYCLOAK_PUBLIC_KEY

public key from keycloak

KEYCLOAK_URL

url for keycloak

KEYCLOAK_REALM

keycloak realm name

Digilocker Certificate API

Properties
Description

DIGILOCKER_HMAC_AUTHKEY

A random generated string. This will be used to verify the HMAC from request and HMAC from the request body. This is the API Key of Digilocker

DIGILOCKER_AUTH_KEYNAME

Needed to fetch HMAC From Request. Its default value is x-digilocker-hmac

DIGILOCKER_DOC_ID_PREFIX

Document prefix which needs to be sent it in response in order to map it to correct document in digilocker. This is different for different issuers

KEYCLOAK_TOKEN_URL

Keycloak connection url

KEYCLOAK_CLIENT_SECRET

secret key of keycloak admin client set by using sunbird_sso_admin_client_id

KEYCLOAK_CLIENT_ID

client id to be used as admin

REGISTRY_URL

Registry url

Encryption Service

To enable the encryption/decryption feature in registry set the environment variable in .env file ENCRYPTION_ENABLED=true

Properties
Description

server.port

port on which encryption should run

server.servlet.context-path

context path for encryption to run on

spring.datasource.url

url to connect to database. eg Postgres - jdbc:postgresql://localhost:5432/yourdb

spring.flyway.url

url to connect to database. eg Postgres - jdbc:postgresql://localhost:5432/yourdb

spring.flyway.baseline-on-migrate

boolean, to handle migration scripts versioning

egov.mdms.provider

implemented class to provide master data. It has two classes implemented. org.egov.enc.masterdata.provider.DBMasterDataProvider org.egov.enc.masterdata.provider.WebServiceMasterDataProvider

ID Gen Service

To enable Id generation feature 1. Add environment variable in .env file IDGEN_ENABLED=true 2. Follow documentation for unique identifier fields in Schema Configuration to configure the schema

Properties
Description

spring.datasource.url

url to connect to database. eg Postgres - jdbc:postgresql://localhost:5432/yourdb

spring.flyway.baseline-on-migrate

boolean, to migration scripts versioning

autocreate.new.seq

boolean, set true to auto create sequences provided in schema configurations property uniqueIdentifierFields

idformat.from.mdms

booean, set true to fetch id format from mdms

egov.mdms.provider

implemented class to provide master data. It has two classes implemented. org.egov.id.masterdata.provider.DBMasterDataProvider org.egov.id.masterdata.provider.WebServiceMasterDataProvider

Last updated