Service Configurations Summary#

The following combines ESS’ configuration options and their default value (if any) in a single table.

For details of the configuration options, see the individual services pages.

Service

Configuration

Default

Auditing

KAFKA_BOOTSTRAP_SERVERS

localhost:9092

Auditing

INRUPT_KAFKA_AUDITV1EVENTSENCRYPTED_CIPHER_PASSWORD

Auditing

QUARKUS_HTTP_PORT

8080

Auditing

QUARKUS_LOG_LEVEL

INFO

Auditing

INRUPT_AUDIT_SYSLOG_HOST

localhost

Auditing

INRUPT_AUDIT_SYSLOG_PORT

514

Auditing

INRUPT_AUDIT_SYSLOG_PROTOCOL

TCP

Auditing

INRUPT_AUDIT_SENTINEL_WORKSPACE_ID

Auditing

INRUPT_AUDIT_SENTINEL_SHARED_KEY

Auditing

INRUPT_AUDIT_SENTINEL_API_VERSION

Auditing

INRUPT_AUDIT_SENTINEL_LOG_TYPE

Audit

Auditing

QUARKUS_REST_CLIENT_SENTINEL_API_URL

Authorization

INRUPT_AUTHORIZATION_BASE_URL

Authorization

INRUPT_AUTHORIZATION_CLIENT_ID_ALLOW_LIST

https://permissions.{ESS_DOMAIN}/app/id,https://podbrowser.inrupt.com/api/app

Authorization

INRUPT_AUTHORIZATION_MAX_POD_COUNT

10

Authorization

INRUPT_JWT_ISSUER_ALLOW_LIST

Authorization

INRUPT_JWT_ISSUER_DENY_LIST

Authorization

QUARKUS_LOG_LEVEL

INFO

Authorization

QUARKUS_HTTP_SSL_CERTIFICATE_FILE

Authorization

QUARKUS_HTTP_SSL_CERTIFICATE_KEY_FILE

Authorization

QUARKUS_GRPC_SERVER_PORT

Authorization

QUARKUS_GRPC_SERVER_SSL_CERTIFICATE

Authorization

QUARKUS_GRPC_SERVER_SSL_KEY

Authorization

QUARKUS_GRPC_SERVER_SSL_TRUST_STORE

Authorization

QUARKUS_GRPC_SERVER_SSL_TRUST_STORE_PASSWORD

Authorization

KAFKA_BOOTSTRAP_SERVERS

localhost:9092

Authorization

MP_MESSAGING_OUTGOING_SOLIDACCESSCONTROLRESOURCE_VALUE_SERIALIZER

org.apache.kafka.common.serialization.StringSerializer

Authorization

INRUPT_KAFKA_SOLIDACCESSCONTROLRESOURCE_CIPHER_PASSWORD

Authorization

INRUPT_KAFKA_AUDITV1EVENTSENCRYPTED_CIPHER_PASSWORD

Notification Gateway

INRUPT_NOTIFICATION_WS_ENDPOINT

Notification Gateway

INRUPT_JWT_ISSUER_ALLOW_LIST

Notification Gateway

INRUPT_JWT_ISSUER_DENY_LIST

Notification Gateway

KAFKA_BOOTSTRAP_SERVERS

localhost:9092

Notification Gateway

MP_MESSAGING_OUTGOING_AUDITV1OUT_BOOTSTRAP_SERVERS

localhost:9092

Notification Gateway

INRUPT_KAFKA_AUDITV1EVENTSENCRYPTED_CIPHER_PASSWORD

OpenID Provider

INRUPT_OPENID_ISSUER

OpenID Provider

INRUPT_OPENID_WEBID_HOST

OpenID Provider

INRUPT_OPENID_WEBID_PATH

OpenID Provider

INRUPT_OPENID_WEBID_FRAGMENT

OpenID Provider

QUARKUS_OIDC_AUTH_SERVER_URL

OpenID Provider

QUARKUS_OIDC_CLIENT_ID

OpenID Provider

QUARKUS_OIDC_CREDENTIALS_SECRET

OpenID Provider

SMALLRYE_JWT_SIGN_KEY_LOCATION

OpenID Provider

COM_INRUPT_OPENID_CDI_DEFAULTCLIENTRESOLVERSERVICE_FETCHREMOTECLIENT_TIMEOUT_VALUE

10

OpenID Provider

COM_INRUPT_OPENID_CDI_DEFAULTCLIENTRESOLVERSERVICE_FETCHREMOTECLIENT_TIMEOUT_UNIT

SECONDS

OpenID Provider

QUARKUS_LOG_LEVEL

INFO

OpenID Provider

INRUPT_OPENID_ACCESS_TOKEN_SUB

false

OpenID Provider

INRUPT_OPENID_APPROVAL_TEMPLATE_LOCATION

OpenID Provider

INRUPT_OPENID_CATALOG_DISABLED

OpenID Provider

INRUPT_OPENID_CLIENT_DOMAIN_ALLOWLIST

OpenID Provider

INRUPT_OPENID_CLIENT_DOMAIN_DENYLIST

OpenID Provider

INRUPT_OPENID_CUSTOM_CLAIMS

OpenID Provider

INRUPT_OPENID_JWT_ALTERNATIVE_PUBLIC_KEY_LOCATIONS

OpenID Provider

INRUPT_OPENID_LOGOUT_URL

OpenID Provider

INRUPT_OPENID_SCHEDULED_TASKS

300s (every 300 seconds)

OpenID Provider

INRUPT_OPENID_SCOPES

OpenID Provider

INRUPT_OPENID_USER_CLAIM_NAME

OpenID Provider

INRUPT_OPENID_WEBHOOK_POST_CONSENT_URL

OpenID Provider

INRUPT_OPENID_WEBHOOK_POST_CONSENT_AUTH

OpenID Provider

INRUPT_OPENID_WEBID_SUBJECT_PREFIX

OpenID Provider

INRUPT_OPENID_WEBID_TRIM_BASE64_PADDING

false

OpenID Provider

QUARKUS_OIDC_AUTHENTICATION_SCOPES

OpenID Provider

QUARKUS_DATASOURCE_JDBC_URL

OpenID Provider

QUARKUS_DATASOURCE_USERNAME

OpenID Provider

QUARKUS_DATASOURCE_PASSWORD

OpenID Provider

QUARKUS_OIDC_LOGOUT_PATH

OpenID Provider

QUARKUS_OIDC_LOGOUT_POST_LOGOUT_PATH

OpenID Provider

SMALLRYE_JWT_NEW_TOKEN_LIFESPAN

300

OpenID Provider

KAFKA_BOOTSTRAP_SERVERS

localhost:9092

OpenID Provider

MP_MESSAGING_OUTGOING_AUDITV1OUT_BOOTSTRAP_SERVERS

localhost:9092

OpenID Provider

INRUPT_KAFKA_AUDITV1EVENTSENCRYPTED_CIPHER_PASSWORD

Pod

INRUPT_STORAGE_MAX_PODS_PER_OWNER

10

Pod

INRUPT_STORAGE_HTTP_BASE_URL

Pod

INRUPT_STORAGE_HTTP_CACHE_CONTROL_MAX_AGE

0

Pod

KAFKA_BOOTSTRAP_SERVERS

localhost:9092

Pod

MP_MESSAGING_OUTGOING_SOLIDRESOURCE_BOOTSTRAP_SERVERS

localhost:9092

Pod

MP_MESSAGING_OUTGOING_SOLIDRESOURCE_VALUE_SERIALIZER

org.apache.kafka.common.serialization.StringSerializer

Pod

INRUPT_KAFKA_SOLIDRESOURCE_CIPHER_PASSWORD

Pod

MP_MESSAGING_OUTGOING_AUDITV1OUT_BOOTSTRAP_SERVERS

localhost:9092

Pod

INRUPT_KAFKA_AUDITV1EVENTSENCRYPTED_CIPHER_PASSWORD

Pod

INRUPT_JWT_ISSUER_ALLOW_LIST

Pod

INRUPT_JWT_ISSUER_DENY_LIST

Pod

QUARKUS_LOG_LEVEL

INFO

Pod

INRUPT_AUTHZ_AS_URI

Pod

INRUPT_AUTHZ_UMA_ANONYMOUS_ENABLED

false

Pod

INRUPT_AUTHZ_UMA_OIDC_ENABLED

false

Pod

SMALLRYE_JWT_ENCRYPT_KEY_LOCATION

Pod

SMALLRYE_JWT_ENCRYPT_KEY_ID

Pod

INRUPT_STORAGE_S3_BUCKET_NAME

inrupt.ess.storage

Pod

QUARKUS_S3_ENDPOINT_OVERRIDE

Pod

QUARKUS_S3_AWS_REGION

Pod

QUARKUS_S3_AWS_CREDENTIALS_STATIC_PROVIDER_ACCESS_KEY_ID

Pod

QUARKUS_S3_AWS_CREDENTIALS_STATIC_PROVIDER_SECRET_ACCESS_KEY

Pod

QUARKUS_OPENTELEMETRY_TRACER_EXPORTER_OTLP_ENABLED

false

Pod

QUARKUS_OPENTELEMETRY_TRACER_EXPORTER_OTLP_ENDPOINT

Query

INRUPT_AUTHZ_AS_URI

Query

INRUPT_FRAGMENTS_PAGE_SIZE

10

Query

QUARKUS_LOG_LEVEL

INFO

Query

INRUPT_AUTHZ_AS_URI

Query

KAFKA_BOOTSTRAP_SERVERS

localhost:9092

Query

INRUPT_KAFKA_AUDITV1EVENTSENCRYPTED_CIPHER_PASSWORD

Start

INRUPT_PROVISION_HTTP_BASE_URL

Start

INRUPT_WEBID_HTTP_BASE_URL

Start

QUARKUS_LOG_LEVEL

INFO

Start

QUARKUS_OIDC_AUTH_SERVER_URL

Start

QUARKUS_OIDC_CLIENT_ID

Start

INRUPT_KAFKA_AUDITV1EVENTSENCRYPTED_CIPHER_PASSWORD

UMA

INRUPT_UMA_ISSUER

UMA

INRUPT_UMA_VC_VERIFIER

UMA

SMALLRYE_JWT_SIGN_KEY_LOCATION

UMA

QUARKUS_GRPC_CLIENTS_AUTHZ_HOST

UMA

QUARKUS_GRPC_CLIENTS_AUTHZ_PORT

UMA

QUARKUS_LOG_LEVEL

INFO

UMA

INRUPT_UMA_DPOP_ALGORITHMS

ES256, RS256

UMA

SMALLRYE_JWT_NEW_TOKEN_LIFESPAN

300

UMA

INRUPT_VC_ISSUER

UMA

INRUPT_JWT_ISSUER_ALLOW_LIST

UMA

INRUPT_JWT_ISSUER_DENY_LIST

UMA

KAFKA_BOOTSTRAP_SERVERS

localhost:9092

UMA

INRUPT_KAFKA_AUDITV1EVENTSENCRYPTED_CIPHER_PASSWORD

VC

INRUPT_VC_ISSUER

https://vc.<ESS DOMAIN>

VC

QUARKUS_MONGODB_CONNECTION_STRING

VC

QUARKUS_DATASOURCE_JDBC_URL

VC

QUARKUS_DATASOURCE_USERNAME

VC

QUARKUS_DATASOURCE_PASSWORD

VC

QUARKUS_LOG_LEVEL

INFO

VC

INRUPT_JSONLD_CACHE_HOURS

6

VC

INRUPT_JSONLD_CACHE_SIZE

100

VC

INRUPT_JSONLD_CONTEXT_ALLOW_LIST

VC

INRUPT_JSONLD_CONTEXT_DENY_LIST

VC

INRUPT_JSONLD_HTTP_MAX_REDIRECTS

10

VC

INRUPT_JSONLD_HTTP_TIMEOUT

10

VC

INRUPT_VC_ISSUER_NAME

VC

INRUPT_VC_ISSUER_DESCRIPTION

VC

INRUPT_VC_ISSUER_TOS

VC

INRUPT_VC_MONGODB_DATABASE

vc

VC

INRUPT_JWT_ISSUER_ALLOW_LIST

VC

INRUPT_JWT_ISSUER_DENY_LIST

VC

INRUPT_VC_MAX_DURATION

VC

INRUPT_VC_STATUS_LIST_ID_LENGTH

4

VC

INRUPT_VC_QUERY_AGENT_PATHS

/credentialSubject/providedConsent/isProvidedTo,/credentialSubject/providedConsent/isProvidedToPerson,/credentialSubject/providedConsent/isProvidedToController

VC

INRUPT_VC_QUERY_PROPERTY_LIMIT

16

VC

KAFKA_BOOTSTRAP_SERVERS

localhost:9092

VC

INRUPT_KAFKA_AUDITV1EVENTSENCRYPTED_CIPHER_PASSWORD

WebID

INRUPT_PROVISION_HTTP_BASE_URL

WebID

INRUPT_START_CLIENT_ID

https://start.{ESS_DOMAIN}/app/id

WebID

INRUPT_WEBID_CLIENT_ID

https://id.{ESS_DOMAIN}/app/id

WebID

INRUPT_WEBID_ALLOWED_CLIENT_IDS

INRUPT_START_CLIENT_ID, INRUPT_WEBID_CLIENT_ID

WebID

INRUPT_WEBID_ISSUER

https://openid.{ESS DOMAIN}

WebID

INRUPT_JWT_ISSUER_ALLOW_LIST

WebID

QUARKUS_DATASOURCE_JDBC_URL

WebID

QUARKUS_DATASOURCE_USERNAME

WebID

QUARKUS_DATASOURCE_PASSWORD

WebID

QUARKUS_LOG_LEVEL

INFO

WebID

INRUPT_WEBID_CLIENT_NAME

Inrupt WebID Manager

WebID

INRUPT_WEBID_CLIENT_LOGO_URI

https://{ESS DOMAIN}/logo.png

WebID

INRUPT_WEBID_CLIENT_TOS_URI

WebID

INRUPT_WEBID_CLIENT_CONTACTS

WebID

INRUPT_JWT_ISSUER_DENY_LIST

WebID

KAFKA_BOOTSTRAP_SERVERS

localhost:9092

WebID

INRUPT_KAFKA_AUDITV1EVENTSENCRYPTED_CIPHER_PASSWORD

WebSocket

INRUPT_WEBSOCKET_BASE_URI

WebSocket

SMALLRYE_JWT_SIGN_KEY_LOCATION

WebSocket

QUARKUS_GRPC_CLIENTS_AUTHZ_HOST

WebSocket

KAFKA_BOOTSTRAP_SERVERS

localhost:9092

WebSocket

MP_MESSAGING_INCOMING_SOLIDRESOURCE_SSL_TRUSTSTORE_LOCATION

WebSocket

MP_MESSAGING_INCOMING_SOLIDRESOURCE_SSL_TRUSTSTORE_PASSWORD

WebSocket

MP_MESSAGING_INCOMING_SOLIDRESOURCE_VALUE_DESERIALIZER

org.apache.kafka.common.serialization.StringDeserializer

WebSocket

INRUPT_KAFKA_SOLIDRESOURCE_CIPHER_PASSWORD

WebSocket

INRUPT_KAFKA_AUDITV1EVENTSENCRYPTED_CIPHER_PASSWORD

WebSocket

MP_MESSAGING_OUTGOING_AUDITV1OUT_BOOTSTRAP_SERVERS

localhost:9092

WebSocket

QUARKUS_LOG_LEVEL

INFO

WebSocket

INRUPT_JWT_ISSUER_ALLOW_LIST

WebSocket

INRUPT_JWT_ISSUER_DENY_LIST