Configurations
Registry provides following configuration properties
Last updated
Registry provides following configuration properties
Last updated
Copyright (c) 2023 EkStep Foundation under MIT License
Properties | Description |
---|---|
To enable the encryption/decryption feature in registry set the environment variable in .env file ENCRYPTION_ENABLED=true
To enable Id generation feature
1. Add environment variable in .env file IDGEN_ENABLED=true
2. Follow documentation for unique identifier fields in Schema Configuration to configure the schema
Properties | Description |
---|---|
Properties | Description |
---|---|
Properties | Description |
---|---|
Properties | Description |
---|---|
Properties | Description |
---|---|
Properties | Description |
---|---|
Properties | Description |
---|---|
Properties | Description |
---|---|
Properties | Description |
---|---|
notification_enabled
boolean value which determines whether notification is to be sent or not
notification_url
url which will be used to send notification url
notification_async_enabled
to send out notifications in asynchronous manner
notification_topic
if notification_async_enabled is enabled, then kafka topic to which notification event will be sent
registry_perRequest_indexCreation_enabled
boolean value which determines if index needs to be created at database level
external_entities
comma separated strings of external entities
workflow.enable
boolean value to enable or disable the workflow i.e attestation policy
async_enabled
create entities asynchronously
kafka_create_entity_topic
if async_enabled, then this property defines the topic name to which new async requests are pushed
kafka_post_create_entity_topic
if async is enabled, then this property defines the topic name to which the response of create-entity is pushed
search_offset
this is the default offset that will be used while searching,
search_limit
this is the default limit that will be used or the max value that can be used to as a limit in the search
search_expandInternal
boolean value, if set true, all the search results will be expanded to include internal objects.
database_provider
this property states which database is to be used. Providers available are NEO4J, SQLG, CASSANDRA, ORIENTDB, TINKERGRAPH (in-memory)
connectionInfo_uri
url to connect to database. eg Postgres - jdbc:postgresql://localhost:5432/yourdb
connectionInfo_username
username to be used to connect to database
connectionInfo_password
password to be used to connect to database
connectionInfo_maxPoolSize
Database connection pool size
verify_url
this url will be used to verify the issued VC. point it to {certification_signer}/verify
certificate_health_check_url
certificate api service's health check url
template_folder_path
path from which default template will be loaded if no external template is provided. File name should be the name_of_schema.appropriate_extention
The location should be in resources folder
audit_enabled
This audit configuration will enable audit logging in the system
audit_frame_store
FILE : Store the audit log in files. DATABASE : Store the audit log in the primary database configured and in elastic search if it's enabled
audit_suffix
suffix which is used for schema name to store audit information for a particular entity type
audit_suffixSeparator
separator between entity name and audit_suffix
validation_enabled
boolean property to check for request body to be validated in specific format
validation_type
type in which request body needs to be validated. eg JSON
service_connection_timeout
Set the connection timeout in milliseconds for the underlying request configuration
service_connection_request_timeout
Set the timeout in milliseconds used when requesting a connection from the connection manager using the underlying request Configuration
service_read_timeout
Set the socket read timeout in milliseconds for the underlying request configuration
http_max_connections
maximum http connections
taskExecutor_index_threadPoolName
Specify the prefix to use for the names of newly created threads.
taskExecutor_index_corePoolSize
Set the ThreadPoolExecutor's core pool size.
taskExecutor_index_maxPoolSize
Set the ThreadPoolExecutor's maximum pool size.
taskExecutor_index_queueCapacity
Set the capacity for the ThreadPoolExecutor's BlockingQueue.
auditTaskExecutor_threadPoolName
Specify the prefix to use for the names of newly created threads.
auditTaskExecutor_corePoolSize
Set the ThreadPoolExecutor's core pool size.
auditTaskExecutor_maxPoolSize
Set the ThreadPoolExecutor's maximum pool size.
auditTaskExecutor_queueCapacity
Set the capacity for the ThreadPoolExecutor's BlockingQueue.
elastic_search_connection_url
url for elastic search connection if elastic search is enabled. Elastic search is enabled using search_providerName
search_providerName
The search mechanism to use. Values could be either NativeSearchService or ElasticSearchService. If NativeSearchService, then every search API uses the same database as the writes. May not offer high speed reads. This is the default search service, if this config is not provided. If ElasticSearchService, then Elastic search is used. Ex: (dev.sunbirdrc.registry.service.ElasticSearchService, dev.sunbirdrc.registry.service.NativeSearchService)
sunbird_sso_realm
identity provider realm name to be used for authentication and authorization
sunbird_sso_url
identity provider connection url
sunbird_sso_admin_client_id
client id to be used as admin
sunbird_sso_admin_client_secret
secret key of keycloak admin client set by using sunbird_sso_admin_client_id
sunbird_keycloak_user_set_password
boolean value to default password for user/owner of entity in identity provider
sunbird_keycloak_user_password
if sunbird_keycloak_user_set_password is set to true, provide this value to set this as default user password
identity_user_actions
actions which will be trigger by identity provider example email actions: VERIFY_EMAIL, UPDATE_PROFILE, UPDATE_PASSWORD,TERMS_AND_CONDITIONS etc. email details should be configured in identity provider realm settings
identity_provider
name of the implementation of identity provider. below are the implemented identity providers in registry -
dev.sunbirdrc.auth.auth0.Auth0ProviderImpl
dev.sunbirdrc.auth.genericiam.AuthProviderImpl
dev.sunbirdrc.auth.keycloak.KeycloakProviderImpl
oauth2_resource_uri
identity provider resource url. i.e. http://keycloak:8080/auth/realms/sunbird-rc
oauth2_resource_email_path
email path in identity provider resource (jwt token). i.e. email
oauth2_resource_consent_path
consent path in identity provider resource. i.e. consent
oauth2_resource_roles_path
roles path in identity provider resource. i.e. realm_access.roles
oauth2_resource_entity_path
entity path in identity provider resource. i.e. entity
oauth2_resource_user_id_path
user id path in identity provider resource. i.e. sub
claims_enabled
default false
. boolean value which determines whether attestation is to be done
claims_url
url in order to connect to claims service
signature_enabled
boolean value which determines whether signature is to be created for a document
sign_url
url in order to connect to certificate signer to sign the document
sign_health_check_url
certificate signer health check url
certificate_enabled
default false
. boolean value which determines whether certificate is to be generated
pdf_url
url to fetch certificate from certificate api service
certificate_health_check_url
certificate api health check url
template_base_url
api endpoint to get default templates stored in sunbird-rc
filestorage_enabled
default false
. boolean value which determines whether documents are to be stored
filestorage_connection_url
minio connection url to store files
filestorage_access_key
access key of minio
filestorage_secret_key
secret key of minio
filestorage_bucket_key
bucket name where to store the files in minio
registry_base_apis_enable
if enabled the exisitng /add /update apis will be enabled. This is to enable backward compatibility
logging.level.root
The log level that will be used for logging. Default logging is INFO. Values supported: INFO DEBUG WARN ERROR
enable_external_templates
boolean value which when set to true, one can retrieve the certificate pdf using external templates
authentication_enabled
boolean value to enable authentication in the system
kafka_bootstrap_address
url for kafka connection
webhook_enabled
boolean value to enable webhook if async_enabled is true
webhook_url
if async_enabled and webhook_enabled is set to true, the caller can retrieve information of the created entity once it is generated via this webhook url
redis_host
redis connection url
redis_port
port on which redis is running
manager_type
if using a single instance of registry, set this value to DefinitionsManager else set to DistributedDefinitionsManager
service_retry_maxAttempts
The number of times an attempt must be made to reach to the service
service_retry_backoff_delay
The fixed time interval, in milliseconds, between each such attempt.
event_enabled
boolean value that indicates whether events should be emitted or not. if enabled, registry will start emitting events
event_topic
kafka topic name to which events will be emitted
event_providerName
name of provider to be used for emitting events. For eg: if Kafka is used, the value should be dev.sunbirdrc.registry.service.impl.KafkaEventService
. If file is to be used to store events the value should be `dev.sunbirdrc.registry.service.impl.FileEventService.java
`
encryption_enabled
default false
. boolean value which determines whether to enable encryption to store private fields.
Note: External encryption service is required to encrypt/decrypt
encryption_health_check_url
encryption service health check endpoint
encryption_uri
encryption service encrypt api endpoint
encryption_batch_uri
encryption service batch encrypt api endpoint
decryption_uri
encryption service decrypt api endpoint
decryption_batch_uri
encryption service batch decrypt api endpoint
encryption_method
Normal
/Imp
or keys from map value provided in encryption service property type.to.method.map
encryption_tenant_id
tenant id to use for encryption
idgen_enabled
boolean
to enable/disable idgen feature
idgen_tenant_id
tenant id to use for id generation
idgen_health_check_url
idgen service health check api endpoint
idgen_generate_url
idgen service id generate api endpoint
idgen_id_format_url
idgen service id format api endpoint
swagger_enabled
default true
. boolean value to enable/disable swagger apis
swagger_title
to set custom title for swagger to be generated
swagger_description
to set custom description for swagger to be generated
swagger_version
to set a custom version for swagger
sunbirdrc_url
used by claim service to communicate with sunbirdrc. url which corresponds to registry deployed host and port
CUSTOM_TEMPLATE_DELIMITERS
Delimeters to be used to parse credential/certificate template. By default {{,}}
QR_TYPE
Types of QR codes that sunbird supports 1. W3C-VC 2. URL-W3C-VC (if VC needs to be sent as a URL) 3. URL (If only a URL needs to be part of the QR. The URL will only contain the entity name and osid.
CERTIFICATE_DOMAIN_URL
Base URL to be used when QR_TYPE
is URL*
CACHE_CONTEXT_URLS
Predefine a set of context urls to be cached to avoid runtime network access.
CONFIG_BASE_PATH
path to config.json file where all the signing keys are stored
CUSTOM_TEMPLATE_DELIMITERS
Delimeters to be used to parse credential/certificate template. By default {{,}}
KAFKA_BOOTSTRAP_SERVERS
Kafka bootstrap servers (ex: host:port)
SMS_AUTH_KEY
api url to send sms to provided mobile numbers
SMS_AUTH_KEY
authorization key for sms api url
ENABLE_SMS
flag to enable sending sms using sms api
TRACK_NOTIFICATIONS
boolean value to track all sent notifications and fetch them if needed
CLICK_HOUSE_URL
clickhouse database url along with port on which clickhouse is hosted
CLICKHOUSE_DATABASE
database name where the events will be stored
KAFKA_BOOTSTRAP_SERVERS
url along with port number on which kafka is running
KAFKA_METRICS_TOPIC
topic name to which registry produces events
DATABASE_PROVIDER_NAME
type of database being used. eg clickhouse
REDIS_URL
url where redis is hosted
CRON_ENABLE
boolean value which will run the cron job and save the aggregates to redis
SCHEDULE_INTERVAL
days interval after which you want to run cron job to compute aggregates
SCHEDULE_TIME
time at which you want to run cron job to compute aggregates
REGISTRY_BASE_URL
url on which registry is hosted
DATABASE_HOST
host address of database
DATABASE_PORT
port on which database is running
DATABASE_USER
username of database
DATABASE_PASSWORD
password for that user of the database
DATABASE_NAME
database name
KEYCLOAK_PUBLIC_KEY
public key from keycloak
KEYCLOAK_URL
url for keycloak
KEYCLOAK_REALM
keycloak realm name
ROLES
roles which are allowed to issue in bulk
DIGILOCKER_HMAC_AUTHKEY
A random generated string. This will be used to verify the HMAC from request and HMAC from the request body. This is the API Key of Digilocker
DIGILOCKER_AUTH_KEYNAME
Needed to fetch HMAC From Request. Its default value is x-digilocker-hmac
DIGILOCKER_DOC_ID_PREFIX
Document prefix which needs to be sent it in response in order to map it to correct document in digilocker. This is different for different issuers
KEYCLOAK_TOKEN_URL
Keycloak connection url
KEYCLOAK_CLIENT_SECRET
secret key of keycloak admin client set by using sunbird_sso_admin_client_id
KEYCLOAK_CLIENT_ID
client id to be used as admin
REGISTRY_URL
Registry url
server.port
port on which encryption should run
server.servlet.context-path
context path for encryption to run on
spring.datasource.url
url to connect to database. eg Postgres - jdbc:postgresql://localhost:5432/yourdb
spring.flyway.url
url to connect to database. eg Postgres - jdbc:postgresql://localhost:5432/yourdb
spring.flyway.baseline-on-migrate
boolean, to handle migration scripts versioning
egov.mdms.provider
implemented class to provide master data. It has two classes implemented.
org.egov.enc.masterdata.provider.DBMasterDataProvider
org.egov.enc.masterdata.provider.WebServiceMasterDataProvider
spring.datasource.url
url to connect to database. eg Postgres - jdbc:postgresql://localhost:5432/yourdb
spring.flyway.baseline-on-migrate
boolean, to migration scripts versioning
autocreate.new.seq
boolean, set true to auto create sequences provided in schema configurations property uniqueIdentifierFields
idformat.from.mdms
booean, set true to fetch id format from mdms
egov.mdms.provider
implemented class to provide master data. It has two classes implemented.
org.egov.id.masterdata.provider.DBMasterDataProvider
org.egov.id.masterdata.provider.WebServiceMasterDataProvider