Configurations
Registry provides following configuration properties
Registry Configurations
Properties | Description |
---|---|
notification_enabled | boolean value which determines whether notification is to be sent or not |
notification_url | url which will be used to send notification url |
notification_async_enabled | to send out notifications in asynchronous manner |
notification_topic | if notification_async_enabled is enabled, then kafka topic to which notification event will be sent |
registry_perRequest_indexCreation_enabled | boolean value which determines if index needs to be created at database level |
external_entities | comma separated strings of external entities |
workflow.enable | boolean value to enable or disable the workflow i.e attestation policy |
async_enabled | create entities asynchronously |
kafka_create_entity_topic | if async_enabled, then this property defines the topic name to which new async requests are pushed |
kafka_post_create_entity_topic | if async is enabled, then this property defines the topic name to which the response of create-entity is pushed |
search_offset | this is the default offset that will be used while searching, |
search_limit | this is the default limit that will be used or the max value that can be used to as a limit in the search |
search_expandInternal | boolean value, if set true, all the search results will be expanded to include internal objects. |
database_provider | this property states which database is to be used. Providers available are NEO4J, SQLG, CASSANDRA, ORIENTDB, TINKERGRAPH (in-memory) |
connectionInfo_uri | url to connect to database. eg Postgres - jdbc:postgresql://localhost:5432/yourdb |
connectionInfo_username | username to be used to connect to database |
connectionInfo_password | password to be used to connect to database |
connectionInfo_maxPoolSize | Database connection pool size |
verify_url | this url will be used to verify the issued VC. point it to {certification_signer}/verify |
certificate_health_check_url | certificate api service's health check url |
template_folder_path | path from which default template will be loaded if no external template is provided. File name should be the |
audit_enabled | This audit configuration will enable audit logging in the system |
audit_frame_store | FILE : Store the audit log in files. DATABASE : Store the audit log in the primary database configured and in elastic search if it's enabled |
audit_suffix | suffix which is used for schema name to store audit information for a particular entity type |
audit_suffixSeparator | separator between entity name and audit_suffix |
validation_enabled | boolean property to check for request body to be validated in specific format |
validation_type | type in which request body needs to be validated. eg JSON |
service_connection_timeout | Set the connection timeout in milliseconds for the underlying request configuration |
service_connection_request_timeout | Set the timeout in milliseconds used when requesting a connection from the connection manager using the underlying request Configuration |
service_read_timeout | Set the socket read timeout in milliseconds for the underlying request configuration |
http_max_connections | maximum http connections |
taskExecutor_index_threadPoolName | Specify the prefix to use for the names of newly created threads. |
taskExecutor_index_corePoolSize | Set the ThreadPoolExecutor's core pool size. |
taskExecutor_index_maxPoolSize | Set the ThreadPoolExecutor's maximum pool size. |
taskExecutor_index_queueCapacity | Set the capacity for the ThreadPoolExecutor's BlockingQueue. |
auditTaskExecutor_threadPoolName | Specify the prefix to use for the names of newly created threads. |
auditTaskExecutor_corePoolSize | Set the ThreadPoolExecutor's core pool size. |
auditTaskExecutor_maxPoolSize | Set the ThreadPoolExecutor's maximum pool size. |
auditTaskExecutor_queueCapacity | Set the capacity for the ThreadPoolExecutor's BlockingQueue. |
elastic_search_connection_url | url for elastic search connection if elastic search is enabled. Elastic search is enabled using search_providerName |
search_providerName | The search mechanism to use. Values could be either NativeSearchService or ElasticSearchService. If NativeSearchService, then every search API uses the same database as the writes. May not offer high speed reads. This is the default search service, if this config is not provided. If ElasticSearchService, then Elastic search is used. Ex: (dev.sunbirdrc.registry.service.ElasticSearchService, dev.sunbirdrc.registry.service.NativeSearchService) |
sunbird_sso_realm | identity provider realm name to be used for authentication and authorization |
sunbird_sso_url | identity provider connection url |
sunbird_sso_admin_client_id | client id to be used as admin |
sunbird_sso_admin_client_secret | secret key of keycloak admin client set by using sunbird_sso_admin_client_id |
sunbird_keycloak_user_set_password | boolean value to default password for user/owner of entity in identity provider |
sunbird_keycloak_user_password | if sunbird_keycloak_user_set_password is set to true, provide this value to set this as default user password |
identity_user_actions | actions which will be trigger by identity provider example email actions: VERIFY_EMAIL, UPDATE_PROFILE, UPDATE_PASSWORD,TERMS_AND_CONDITIONS etc. email details should be configured in identity provider realm settings |
identity_provider | name of the implementation of identity provider. below are the implemented identity providers in registry -
|
oauth2_resource_uri | identity provider resource url. i.e. http://keycloak:8080/auth/realms/sunbird-rc |
oauth2_resource_email_path | email path in identity provider resource (jwt token). i.e. email |
oauth2_resource_consent_path | consent path in identity provider resource. i.e. consent |
oauth2_resource_roles_path | roles path in identity provider resource. i.e. realm_access.roles |
oauth2_resource_entity_path | entity path in identity provider resource. i.e. entity |
oauth2_resource_user_id_path | user id path in identity provider resource. i.e. sub |
claims_enabled | default |
claims_url | url in order to connect to claims service |
signature_enabled | boolean value which determines whether signature is to be created for a document |
sign_url | url in order to connect to certificate signer to sign the document |
sign_health_check_url | certificate signer health check url |
certificate_enabled | default |
pdf_url | url to fetch certificate from certificate api service |
certificate_health_check_url | certificate api health check url |
template_base_url | api endpoint to get default templates stored in sunbird-rc |
filestorage_enabled | default |
filestorage_connection_url | minio connection url to store files |
filestorage_access_key | access key of minio |
filestorage_secret_key | secret key of minio |
filestorage_bucket_key | bucket name where to store the files in minio |
registry_base_apis_enable | if enabled the exisitng /add /update apis will be enabled. This is to enable backward compatibility |
logging.level.root | The log level that will be used for logging. Default logging is INFO. Values supported: INFO DEBUG WARN ERROR |
enable_external_templates | boolean value which when set to true, one can retrieve the certificate pdf using external templates |
authentication_enabled | boolean value to enable authentication in the system |
kafka_bootstrap_address | url for kafka connection |
webhook_enabled | boolean value to enable webhook if async_enabled is true |
webhook_url | if async_enabled and webhook_enabled is set to true, the caller can retrieve information of the created entity once it is generated via this webhook url |
redis_host | redis connection url |
redis_port | port on which redis is running |
manager_type | if using a single instance of registry, set this value to DefinitionsManager else set to DistributedDefinitionsManager |
service_retry_maxAttempts | The number of times an attempt must be made to reach to the service |
service_retry_backoff_delay | The fixed time interval, in milliseconds, between each such attempt. |
event_enabled | boolean value that indicates whether events should be emitted or not. if enabled, registry will start emitting events |
event_topic | kafka topic name to which events will be emitted |
event_providerName | name of provider to be used for emitting events. For eg: if Kafka is used, the value should be |
encryption_enabled | default |
encryption_health_check_url | encryption service health check endpoint |
encryption_uri | encryption service encrypt api endpoint |
encryption_batch_uri | encryption service batch encrypt api endpoint |
decryption_uri | encryption service decrypt api endpoint |
decryption_batch_uri | encryption service batch decrypt api endpoint |
encryption_method |
|
encryption_tenant_id | tenant id to use for encryption |
idgen_enabled |
|
idgen_tenant_id | tenant id to use for id generation |
idgen_health_check_url | idgen service health check api endpoint |
idgen_generate_url | idgen service id generate api endpoint |
idgen_id_format_url | idgen service id format api endpoint |
swagger_enabled | default |
swagger_title | to set custom title for swagger to be generated |
swagger_description | to set custom description for swagger to be generated |
swagger_version | to set a custom version for swagger |
Claims Service
Properties | Description |
---|---|
sunbirdrc_url | used by claim service to communicate with sunbirdrc. url which corresponds to registry deployed host and port |
Certificate Api service
Properties | Description |
---|---|
CUSTOM_TEMPLATE_DELIMITERS | Delimeters to be used to parse credential/certificate template. By default |
QR_TYPE | Types of QR codes that sunbird supports 1. W3C-VC 2. URL-W3C-VC (if VC needs to be sent as a URL) 3. URL (If only a URL needs to be part of the QR. The URL will only contain the entity name and osid. |
CERTIFICATE_DOMAIN_URL | Base URL to be used when |
Certificate signer service
Properties | Description |
---|---|
CACHE_CONTEXT_URLS | Predefine a set of context urls to be cached to avoid runtime network access. |
CONFIG_BASE_PATH | path to config.json file where all the signing keys are stored |
CUSTOM_TEMPLATE_DELIMITERS | Delimeters to be used to parse credential/certificate template. By default |
Notification Service
Properties | Description |
---|---|
KAFKA_BOOTSTRAP_SERVERS | Kafka bootstrap servers (ex: host:port) |
SMS_AUTH_KEY | api url to send sms to provided mobile numbers |
SMS_AUTH_KEY | authorization key for sms api url |
ENABLE_SMS | flag to enable sending sms using sms api |
TRACK_NOTIFICATIONS | boolean value to track all sent notifications and fetch them if needed |
Metrics Service
Properties | Description |
---|---|
CLICK_HOUSE_URL | clickhouse database url along with port on which clickhouse is hosted |
CLICKHOUSE_DATABASE | database name where the events will be stored |
KAFKA_BOOTSTRAP_SERVERS | url along with port number on which kafka is running |
KAFKA_METRICS_TOPIC | topic name to which registry produces events |
DATABASE_PROVIDER_NAME | type of database being used. eg clickhouse |
REDIS_URL | url where redis is hosted |
CRON_ENABLE | boolean value which will run the cron job and save the aggregates to redis |
SCHEDULE_INTERVAL | days interval after which you want to run cron job to compute aggregates |
SCHEDULE_TIME | time at which you want to run cron job to compute aggregates |
Bulk Issuance
Properties | Description |
---|---|
REGISTRY_BASE_URL | url on which registry is hosted |
DATABASE_HOST | host address of database |
DATABASE_PORT | port on which database is running |
DATABASE_USER | username of database |
DATABASE_PASSWORD | password for that user of the database |
DATABASE_NAME | database name |
KEYCLOAK_PUBLIC_KEY | public key from keycloak |
KEYCLOAK_URL | url for keycloak |
KEYCLOAK_REALM | keycloak realm name |
Digilocker Certificate API
Properties | Description |
---|---|
DIGILOCKER_HMAC_AUTHKEY | A random generated string. This will be used to verify the HMAC from request and HMAC from the request body. This is the API Key of Digilocker |
DIGILOCKER_AUTH_KEYNAME | Needed to fetch HMAC From Request. Its default value is |
DIGILOCKER_DOC_ID_PREFIX | Document prefix which needs to be sent it in response in order to map it to correct document in digilocker. This is different for different issuers |
KEYCLOAK_TOKEN_URL | Keycloak connection url |
KEYCLOAK_CLIENT_SECRET | secret key of keycloak admin client set by using sunbird_sso_admin_client_id |
KEYCLOAK_CLIENT_ID | client id to be used as admin |
REGISTRY_URL | Registry url |
Encryption Service
To enable the encryption/decryption feature in registry set the environment variable in .env file ENCRYPTION_ENABLED=true
Properties | Description |
---|---|
server.port | port on which encryption should run |
server.servlet.context-path | context path for encryption to run on |
spring.datasource.url | url to connect to database. eg Postgres - jdbc:postgresql://localhost:5432/yourdb |
spring.flyway.url | url to connect to database. eg Postgres - jdbc:postgresql://localhost:5432/yourdb |
spring.flyway.baseline-on-migrate | boolean, to handle migration scripts versioning |
egov.mdms.provider | implemented class to provide master data. It has two classes implemented.
|
ID Gen Service
To enable Id generation feature
1. Add environment variable in .env file IDGEN_ENABLED=true
2. Follow documentation for unique identifier fields in Schema Configuration to configure the schema
Properties | Description |
---|---|
spring.datasource.url | url to connect to database. eg Postgres - jdbc:postgresql://localhost:5432/yourdb |
spring.flyway.baseline-on-migrate | boolean, to migration scripts versioning |
autocreate.new.seq | boolean, set true to auto create sequences provided in schema configurations property |
idformat.from.mdms | booean, set true to fetch id format from mdms |
egov.mdms.provider | implemented class to provide master data. It has two classes implemented.
|
Last updated