-
Notifications
You must be signed in to change notification settings - Fork 28
/
config.yaml
154 lines (118 loc) · 4.47 KB
/
config.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
# API server listen address
# Defauls to: ":8080" which will listen on all avalable interfaces.
# Overwrite with environment variable: DEVICEAUTH_LISTEN
# listen: :8080
# HTTP Server middleware environment
# Available values:
# dev - development environment
# prod - production environment
# Defaults to: prod
# Overwrite with environment variable: DEVICEAUTH_MIDDLEWARE
# middleware: dev
# Mongodb connection string
# Defaults to: mongo-device-auth
# Overwrite with environment variable: DEVICEAUTH_MONGO
# mongo: mongo-device-auth
# Enable SSL for mongo connections
# Defaults to: false
# Overwrite with environment variable: DEVICEAUTH_MONGO_SSL
# mongo_ssl: false
# SkipVerify controls whether a mongo client verifies the
# server's certificate chain and host name.
# If InsecureSkipVerify is true, accepts any certificate
# presented by the server and any host name in that certificate.
# Defaults to: false
# Overwrite with environment variable: DEVICEAUTH_MONGO_SSL_SKIPVERIFY
# mongo_ssl_skipverify: false
# Mongodb username
# Overwrites username set in connection string.
# Defaults to: none
# Overwrite with environment variable: DEVICEAUTH_MONGO_USERNAME
# mongo_username: user
# Mongodb password
# Overwrites password set in connection string.
# Defaults to: none
# Overwrite with environment variable: DEVICEAUTH_MONGO_PASSWORD
# mongo_password: secret
# Workflows service address
# Defaults to: http://mender-workflows-server:8080
# Overwrite with environment variable: DEVICEAUTH_ORCHESTRATOR_ADDR
# orchestrator_addr: http://mender-workflows-server:8080
# Enable the integration with the reporting service
# Defaults to: false
# Overwrite with environment variable: DEVICEAUTH_ENABLE_REPORTING
# enable_reporting: false
# Tenant administration service address (optional)
# Defaults to: none
# Overwrite with environment variable: DEVICEAUTH_TENANTADM_ADDR
# tenantadm_addr: http://tenantadm
# Default tenant token, for devices that don't supply one (optional)
# Defaults to: none
# Overwrite with environment variable: DEVICEAUTH_DEFAULT_TENANT_TOKEN
# default_tenant_token: <VALID_TENANT_TOKEN>
# Private key path - used for JWT signing
# Defaults to: /etc/deviceauth/rsa/private.pem
# Overwrite with environment variable: DEVICEAUTH_SERVER_PRIV_KEY_PATH
# server_priv_key_path: /etc/deviceauth/rsa/private.pem
# Fallback private key path - used for JWT verification
# Defaults to: none
# Overwrite with environment variable: DEVICEAUTH_SERVER_FALLBACK_PRIV_KEY_PATH
# server_fallback_priv_key_path: /etc/deviceauth/rsa/private-fallback.pem
# JWT issuer ('iss' claim)
# Defaults to: Mender
# jwt_issuer: Mender
# JWT expiration in seconds ('exp' claim)
# Defaults to: "604800" (one week)
# jwt_exp_timeout: 604800
# Redis connection string
#
# connectionString URL format:
# Standalone mode:
# (redis|rediss|unix)://[<user>:<password>@](<host>|<socket path>)[:<port>[/<db_number>]][?option=value]
# Cluster mode:
# (redis|rediss|unix)[+srv]://[<user>:<password>@]<host1>[,<host2>[,...]][:<port>][?option=value]
#
# The following query parameters are also available:
# client_name string
# conn_max_idle_time duration
# conn_max_lifetime duration
# dial_timeout duration
# max_idle_conns int
# max_retries int
# max_retry_backoff duration
# min_idle_conns int
# min_retry_backoff duration
# pool_fifo bool
# pool_size int
# pool_timeout duration
# protocol int
# read_timeout duration
# tls bool
# write_timeout duration
#
# Defaults to: "", which disables the Redis cache
# Overwrite with environment variable: DEVICEAUTH_REDIS_CONNECTION_STRING
# redis_connection_string: ""
# Redis key prefix
# Defaults to: "deviceauth:v1"
# Overwrite with environment variable: DEVICEAUTH_REDIS_KEY_PREFIX
# redis_key_prefix: ""
# Redis cache expiration(sec)
# Defaults to: 1800 (30mins)
# Overwrite with environment variable: DEVICEAUTH_REDIS_CACHE_EXPIRE_SEC
# redis_cache_expire_sec: "1800"
# Redis address
#
# Deprecated. Use redis_connection_string instead.
#
# Defaults to: "", which disables the Redis cache
# Overwrite with environment variable: DEVICEAUTH_REDIS_ADDR
# redis_addr: ""
# Redis tenant/device limits expiration(sec)
# Defaults to: 1800 (30mins)
# Overwrite with environment variable: DEVICEAUTH_REDIS_LIMITS_EXPIRE_SEC
# redis_limits_expire_sec: "1800"
# Enable addon feature restrictions.
# Defaults to: false
# Overwrite with environment variable: DEVICEAUTH_HAVE_ADDONS
# have_addons: false