Environment Variables
The following enviroment variables can be used to configure Cloud Agent:
| Variable Name | Description | Type | Default |
|---|---|---|---|
| POLLUX_DB_HOST | Hostname of the server where Pollux database is running on. | String | localhost |
| POLLUX_DB_PORT | Port of the Pollux database. | Int | 5432 |
| POLLUX_DB_NAME | Database name where Pollux db will store data. | String | pollux |
| POLLUX_DB_USER | Pollux database username for login. | String | postgres |
| POLLUX_DB_PASSWORD | Pollux database password for login. | String | postgres |
| POLLUX_STATUS_LIST_REGISTRY_PUBLIC_URL | Url of status list registroy to verify the revocation of JWT credentials | String | http://localhost:8085 |
| ISSUE_BG_JOB_RECORDS_LIMIT | Maximum number of records issue credentials job will try to process at the same time. | Int | 25 |
| ISSUE_BG_JOB_RECURRENCE_DELAY | Interval at which issue credentials job will try to process records. | String | 2 seconds |
| ISSUE_BG_JOB_PROCESSING_PARALLELISM | Maximum amount of parallel issue credential job processings. | Int | 5 |
| PRESENTATION_BG_JOB_RECORDS_LIMIT | Maximum number of records present proof job will try to process at the same time. | Int | 25 |
| PRESENTATION_BG_JOB_RECURRENCE_DELAY | Interval at which present proof job will try to process records. | String | 2 seconds |
| PRESENTATION_BG_JOB_PROCESSING_PARALLELISM | Maximum amount of parallel present proof job processings. | Int | 5 |
| CONNECT_DB_HOST | Hostname of the server where connection flow database is running on. | String | localhost |
| CONNECT_DB_PORT | Port of the connection flow database. | String | 5432 |
| CONNECT_DB_NAME | Database name where connection flow db will store data. | String | connect |
| CONNECT_DB_USER | Connection flow database username for login. | String | postgres |
| CONNECT_DB_PASSWORD | Connection flow database password for login. | String | postgres |
| CONNECT_BG_JOB_RECORDS_LIMIT | Maximum number of records connect job will try to process at the same time. | Int | 25 |
| CONNECT_BG_JOB_RECURRENCE_DELAY | Interval at which connect job will try to process records. | String | 2 seconds |
| CONNECT_BG_JOB_PROCESSING_PARALLELISM | Maximum amount of parallel connect job processings. | Int | 5 |
| CONNECT_INVITATION_EXPIRY | Time leeway when accepting the connection invitation, the inviter should only accept responses if they are received within the specified time limit before expiry. | String | 300 seconds |
| AGENT_HTTP_PORT | Port on which Cloud Agent runs. | Int | 8085 |
| DIDCOMM_SERVICE_URL | URL of the DIDcomm server that also runs for this agent. | String | http://localhost:8090 |
| AGENT_DB_HOST | Hostname of the server where Cloud Agent database is running on. | String | localhost |
| AGENT_DB_PORT | Port of the Cloud Agent database. | Int | 5432 |
| AGENT_DB_NAME | Database name where agent db will store data. | String | agent |
| AGENT_DB_USER | Agent database username for login. | String | postgres |
| AGENT_DB_PASSWORD | Agent database password for login. | String | postgres |
| CREDENTIAL_VERIFY_SIGNATURE | Whether or not to verify a credential signature. | Boolean | true |
| CREDENTIAL_VERIFY_DATES | Whether or not to verify credential dates (expiration). | Boolean | false |
| CREDENTIAL_LEEWAY | Time leeway when verifying credential dates, if time difference is less than a leeway, it will still verify. | String | 0 seconds |
| PRESENTATION_VERIFY_SIGNATURE | Whether or not to verify a signed challenge used during credential presentation. | Boolean | true |
| PRESENTATION_VERIFY_DATES | Whether or not to verify challenge dates during presentation. | Boolean | false |
| PRESENTATION_VERIFY_HOLDER_BINDING | Description missing (please provide). | Boolean | false |
| PRESENTATION_LEEWAY | Time leeway when verifying challenge dates. | String | 0 seconds |
| SECRET_STORAGE_BACKEND | Secret storage for keys and credentials. If vault is used, the vault server must be running, otherwise a database can be used for development purposes only. | Enum(vault, postgres) | vault |
| VAULT_ADDR | URL of the vault service for Cloud Agent to use for secret management. | String | http://localhost:8200 |
| VAULT_TOKEN | Vault service auth token. | String | root |
| VAULT_APPROLE_ROLE_ID | The role_id for HashiCorp Vault authentication with AppRole | String | Null |
| VAULT_APPROLE_SECRET_ID | The secret_id for HashiCorp Vault authentication with AppRole | String | Null |
| VAULT_USE_SEMANTIC_PATH | Enable full path convention for vault secret path | Boolean | true |
| ADMIN_TOKEN | Admin token for the admin API key authentication method. | String | admin |
| API_KEY_SALT | Salt used to hash the API key. | String | JLXTS4J2qkMOgfO8 |
| API_KEY_ENABLED | Whether or not to enable API key authentication. | Boolean | true |
| API_KEY_AUTHENTICATE_AS_DEFAULT_USER | Whether or not to authenticate all API keys as the default user. | Boolean | false |
| API_KEY_AUTO_PROVISIONING | Whether or not to enable auto-provisioning for API keys and register the owner of the api-key automatically. | Boolean | true |
| WEBHOOK_PARALLELISM | Maximum number of events that will be retrieved in a single iteration, from the event queue by the webhook publisher. | Int | Null |
| GLOBAL_WEBHOOK_URL | The global webhook endpoint URL where the notifications will be sent. | String | Null |
| GLOBAL_WEBHOOK_API_KEY | The optional API key (bearer token) to use as the Authorization header for global wallet webhook. | String | Null |
| DEFAULT_WALLET_ENABLED | Whether or not to initialize the default wallet. | String | true |
| DEFAULT_WALLET_SEED | The BIP32 wallet seed to be used for default wallet represented by a hexadecimal string. | String | Null |
| DEFAULT_WALLET_WEBHOOK_URL | The default wallet webhook endpoint URL where the notifications will be sent. | String | Null |
| DEFAULT_WALLET_WEBHOOK_API_KEY | The optional API key (bearer token) to use as the Authorization header for default wallet webhook. | String | Null |
| DEFAULT_WALLET_AUTH_API_KEY | The authentication API key to be used for default entity that uses default wallet. | String | default |
| KEYCLOAK_ENABLED | Whether or not to enable Keycloak authentication and authorisation. | Boolean | false |
| KEYCLOAK_URL | The Keycloak server URL. | String | http://localhost:9980 |
| KEYCLOAK_REALM | The Keycloak realm name. | String | atala-demo |
| KEYCLOAK_CLIENT_ID | The Keycloak client ID. | String | prism-agent |
| KEYCLOAK_CLIENT_SECRET | The Keycloak client secret. | String | prism-agent-demo-secret |
| KEYCLOAK_UMA_AUTO_UPGRADE_RPT | Whether or not to enable automatic upgrade of RPT tokens. If disabled, accessToken must be RPT and include the permission claims. | Boolean | true |
| KEYKLOAK_ROLES_CLAIM_PATH | The json path to the roles claim in the JWT payload . Used for role-based authorization (e.g. admin or tenant). | String | resource_access.<KEYCLOAK_CLIENT_ID>.roles |
| PRESENTATION_INVITATION_EXPIRY | The presentation invitation expiry duration e.g 300 seconds. After which the OOB Request Presentation will expire | String | 300 seconds |
| ISSUANCE_INVITATION_EXPIRY | The presentation invitation expiry duration e.g 300 seconds. After which the OOB Credential Offer will expire | String | 300 seconds |