Here is the table with the environment variables sorted in alphabetical order:
Environment Variables
The following environment variables can be used to configure Identus Cloud Agent (in alphabetical order):
| Variable Name | Description | Type | Default |
|---|---|---|---|
| ADMIN_TOKEN | Admin token for the admin API key authentication method. | String | admin |
| AGENT_DB_APP_PASSWORD | Agent database application user password for login. | String | password |
| AGENT_DB_APP_USER | Agent database application user for login. | String | agent-application-user |
| AGENT_DB_AWAIT_CONNECTION_THREADS | Number of threads to wait for database connection. | Int | 4 |
| AGENT_DB_HOST | Hostname of the server where the Cloud Agent database is running. | String | localhost |
| AGENT_DB_NAME | Database name where the agent database will store data. | String | agent |
| AGENT_DB_PASSWORD | Agent database password for login. | String | postgres |
| AGENT_DB_PORT | Port of the Cloud Agent database. | Int | 5432 |
| AGENT_DB_USER | Agent database username for login. | String | postgres |
| AGENT_DIDCOMM_PORT | Port on which DIDComm service runs. | Int | 8090 |
| AGENT_HTTP_CLIENT_CONNECTION_POOL_SIZE | Size of the HTTP client connection pool. | Int | 0 |
| AGENT_HTTP_CLIENT_CONNECTION_TIMEOUT | HTTP client connection timeout duration. | String | 5 seconds |
| AGENT_HTTP_CLIENT_IDLE_TIMEOUT | HTTP client idle timeout duration. | String | 5 seconds |
| AGENT_HTTP_PORT | Port on which Cloud Agent runs. | Int | 8085 |
| API_KEY_AUTHENTICATE_AS_DEFAULT_USER | Whether or not to authenticate all API keys as the default user. | Boolean | true |
| API_KEY_AUTO_PROVISIONING | Whether or not to enable auto-provisioning for API keys and register the owner of the api-key automatically. | Boolean | false |
| API_KEY_ENABLED | Whether or not to enable API key authentication. | Boolean | false |
| API_KEY_SALT | Salt used to hash the API key. | String | JLXTS4J2qkMOgfO8 |
| CONNECT_BG_JOB_RECURRENCE_DELAY | Interval at which the background job will try to process connection records. | String | 2 seconds |
| CONNECT_BG_JOB_RECORDS_LIMIT | Maximum number of connection records the background job will try to process at the same time. | Int | 25 |
| CONNECT_DB_APP_PASSWORD | Connect database application user password for login. | String | password |
| CONNECT_DB_APP_USER | Connect database application user for login. | String | connect-application-user |
| CONNECT_DB_AWAIT_CONNECTION_THREADS | Number of threads to wait for database connection. | Int | 4 |
| CONNECT_DB_HOST | Hostname of the server where the Connect database is running. | String | localhost |
| CONNECT_DB_NAME | Database name where the Connect database will store data. | String | connect |
| CONNECT_DB_PASSWORD | Connect database password for login. | String | postgres |
| CONNECT_DB_PORT | Port of the Connect database. | Int | 5432 |
| CONNECT_DB_USER | Connect database username for login. | String | postgres |
| CONNECT_INVITATION_EXPIRY | The connect invitation expiry duration e.g 300 seconds. After which the OOB Connect Invitation will expire. | String | 300 seconds |
| CREDENTIAL_LEEWAY | Time leeway when verifying credential dates; if the time difference is less than the leeway, the credential will still be considered valid. | String | 0 seconds |
| CREDENTIAL_SD_JWT_EXPIRY | Expiry duration for SD-JWT credentials. | String | 30 days |
| CREDENTIAL_VERIFY_DATES | Whether or not to verify credential dates (expiration). | Boolean | false |
| CREDENTIAL_VERIFY_SIGNATURE | Whether or not to verify a credential signature. | Boolean | true |
| DEFAULT_JWT_VC_OFFER_DOMAIN | Default domain for JWT VC offers. Must be set to the value of the Cloud Agent endpoint. | String | default-domain |
| DEFAULT_KAFKA_ENABLED | Whether or not to enable Kafka integration. | Boolean | false |
| DEFAULT_WALLET_AUTH_API_KEY | The authentication API key to be used for default entity that uses default wallet. | String | default |
| DEFAULT_WALLET_ENABLED | Whether or not to initialize the default wallet. | Boolean | true |
| DEFAULT_WALLET_SEED | The BIP32 wallet seed to be used for default wallet represented by a hexadecimal string. | String | Null |
| DEFAULT_WALLET_WEBHOOK_API_KEY | The optional API key (bearer token) to use as the Authorization header for the default wallet webhook. | String | Null |
| DEFAULT_WALLET_WEBHOOK_URL | The default wallet webhook endpoint URL to which notifications will be sent. | String | Null |
| DID_STATE_SYNC_TRIGGER_RECURRENCE_DELAY | Triggering DID state sync delay in Hocon duration format. | String | 30 seconds |
| DIDCOMM_SERVICE_URL | URL of the DIDComm server that also runs for this agent. | String | http://localhost:8090 |
| ENABLE_ANONCRED | Enable support for the AnonCred credential type via API and DIDComm. | Boolean | false |
| GLOBAL_WEBHOOK_API_KEY | The optional API key (bearer token) to use as the Authorization header for the global wallet webhook. | String | Null |
| GLOBAL_WEBHOOK_URL | The global webhook endpoint URL to which notifications will be sent. | String | Null |
| ISSUANCE_INVITATION_EXPIRY | The issuance invitation expiry duration e.g 300 seconds. After which the OOB Credential Offer will expire. | String | 300 seconds |
| KEYCLOAK_CLIENT_ID | The Keycloak client ID. | String | prism-agent |
| KEYCLOAK_CLIENT_SECRET | The Keycloak client secret. | String | prism-agent-demo-secret |
| KEYCLOAK_ENABLED | Whether or not to enable Keycloak authentication and authorisation. | Boolean | false |
| KEYCLOAK_REALM | The Keycloak realm name. | String | atala-demo |
| KEYCLOAK_URL | The Keycloak server URL. | String | http://localhost:9980 |
| KEYCLOAK_UMA_AUTO_UPGRADE_RPT | Whether or not to enable automatic upgrade of RPT tokens. If disabled, accessToken must be RPT and include the permission claims. | Boolean | true |
| KEYCLOAK_ROLES_CLAIM_PATH | The json path to the roles claim in the JWT payload. Used for role-based authorization (e.g. admin or tenant). | String | resource_access.<KEYCLOAK_CLIENT_ID>.roles |
| LOG_LEVEL | Cloud Agent log level. The default log level is INFO. Possible values: TRACE, DEBUG, INFO, WARN, ERROR, OFF. Values are case-insensitive. | String | INFO |
| POLLUX_DB_APP_PASSWORD | Pollux database application user password for login. | String | password |
| POLLUX_DB_APP_USER | Pollux database application user for login. | String | pollux-application-user |
| POLLUX_DB_AWAIT_CONNECTION_THREADS | Number of threads to wait for database connection. | Int | 4 |
| POLLUX_DB_HOST | Hostname of the server where the Pollux database is running. | String | localhost |
| POLLUX_DB_NAME | Database name where the Pollux database will store data. | String | pollux |
| POLLUX_DB_PASSWORD | Pollux database password for login. | String | postgres |
| POLLUX_DB_PORT | Port of the Pollux database. | Int | 5432 |
| POLLUX_DB_USER | Pollux database username for login. | String | postgres |
| POLLUX_STATUS_LIST_REGISTRY_PUBLIC_URL | URL of the status list registry used to verify the revocation of JWT credentials. | String | http://localhost:8085 |
| PRESENTATION_INVITATION_EXPIRY | The presentation invitation expiry duration e.g 300 seconds. After which the OOB Request Presentation will expire. | String | 300 seconds |
| PRESENTATION_LEEWAY | Time leeway when verifying challenge dates. | String | 0 seconds |
| PRESENTATION_VERIFY_DATES | Whether or not to verify challenge dates during presentation. | Boolean | false |
| PRESENTATION_VERIFY_HOLDER_BINDING | Whether or not to verify holder binding when verifying presentations (ensures the presenter is the holder). | Boolean | false |
| PRESENTATION_VERIFY_SIGNATURE | Whether or not to verify the signature of a challenge used during credential presentation. | Boolean | true |
| PRISM_NODE_HOST | Hostname of the server where the Prism Node is running. | String | localhost |
| PRISM_NODE_PORT | Port of the Prism Node. | Int | 50053 |
| PRISM_NODE_USE_PLAIN_TEXT | Whether or not to use plain text for Prism Node communication gRPC protocol. | Boolean | true |
| REST_SERVICE_URL | URL of the REST service. | String | https://host.docker.internal:8080/cloud-agent |
| SECRET_STORAGE_BACKEND | Secret storage backend for keys and credentials. If Vault is used, the Vault server must be running; otherwise, a database can be used for development purposes only. | Enum(vault, postgres) | vault |
| STATUS_LIST_SYNC_TRIGGER_RECURRENCE_DELAY | Triggering status list revocation sync for revoked credentials delay in Hocon duration format. | String | 30 seconds |
| VAULT_ADDR | URL of the vault service for Cloud Agent to use for secret management. | String | http://localhost:8200 |
| VAULT_APPROLE_ROLE_ID | The role_id for HashiCorp Vault authentication with AppRole | String | Null |
| VAULT_APPROLE_SECRET_ID | The secret_id for HashiCorp Vault authentication with AppRole | String | Null |
| VAULT_TOKEN | Vault service auth token. | String | Null |
| VAULT_USE_SEMANTIC_PATH | Enable full path convention for vault secret path. | Boolean | true |
| WEBHOOK_PARALLELISM | Maximum number of events that will be retrieved in a single iteration from the event queue by the webhook publisher. | Int | Null |
Hocon duration format
Hocon duration format is a string that represents a duration of time. It is used in the configuration file to specify the duration of time in seconds, minutes, hours, etc.
Null default value
Null default value means that the variable is not set by default and must be set by the user based on the environment
configuration.