Here is the table with the environment variables sorted in alphabetical order:
Environment Variables
The following environment variables can be used to configure Identus Cloud Agent (in alphabetical order):
| Variable Name | Description | Type | Default |
|---|---|---|---|
| ADMIN_TOKEN | Admin token for the admin API key authentication method. | String | admin |
| AGENT_DB_APP_PASSWORD | Agent database application user password for login. | String | password |
| AGENT_DB_APP_USER | Agent database application user for login. | String | agent-application-user |
| AGENT_DB_AWAIT_CONNECTION_THREADS | Number of threads to wait for database connection. | Int | 4 |
| AGENT_DB_HOST | Hostname of the server where Cloud Agent database is running on. | String | localhost |
| AGENT_DB_NAME | Database name where agent db will store data. | String | agent |
| AGENT_DB_PASSWORD | Agent database password for login. | String | postgres |
| AGENT_DB_PORT | Port of the Cloud Agent database. | Int | 5432 |
| AGENT_DB_USER | Agent database username for login. | String | postgres |
| AGENT_DIDCOMM_PORT | Port on which DIDComm service runs. | Int | 8090 |
| AGENT_HTTP_CLIENT_CONNECTION_POOL_SIZE | Size of the HTTP client connection pool. | Int | 0 |
| AGENT_HTTP_CLIENT_CONNECTION_TIMEOUT | HTTP client connection timeout duration. | String | 5 seconds |
| AGENT_HTTP_CLIENT_IDLE_TIMEOUT | HTTP client idle timeout duration. | String | 5 seconds |
| AGENT_HTTP_PORT | Port on which Cloud Agent runs. | Int | 8085 |
| API_KEY_AUTHENTICATE_AS_DEFAULT_USER | Whether or not to authenticate all API keys as the default user. | Boolean | true |
| API_KEY_AUTO_PROVISIONING | Whether or not to enable auto-provisioning for API keys and register the owner of the api-key automatically. | Boolean | true |
| API_KEY_ENABLED | Whether or not to enable API key authentication. | Boolean | false |
| API_KEY_SALT | Salt used to hash the API key. | String | JLXTS4J2qkMOgfO8 |
| CONNECT_BG_JOB_RECURRENCE_DELAY | Interval at which connect background job will try to process records. | String | 2 seconds |
| CONNECT_BG_JOB_RECORDS_LIMIT | Maximum number of records connect background job will try to process at the same time. | Int | 25 |
| CONNECT_DB_APP_PASSWORD | Connect database application user password for login. | String | password |
| CONNECT_DB_APP_USER | Connect database application user for login. | String | connect-application-user |
| CONNECT_DB_AWAIT_CONNECTION_THREADS | Number of threads to wait for database connection. | Int | 4 |
| CONNECT_DB_HOST | Hostname of the server where Connect database is running on. | String | localhost |
| CONNECT_DB_NAME | Database name where Connect db will store data. | String | connect |
| CONNECT_DB_PASSWORD | Connect database password for login. | String | postgres |
| CONNECT_DB_PORT | Port of the Connect database. | Int | 5432 |
| CONNECT_DB_USER | Connect database username for login. | String | postgres |
| CONNECT_INVITATION_EXPIRY | The connect invitation expiry duration e.g 300 seconds. After which the OOB Connect Invitation will expire | String | 300 seconds |
| CREDENTIAL_LEEWAY | Time leeway when verifying credential dates, if time difference is less than a leeway, it will still verify. | String | 0 seconds |
| CREDENTIAL_SD_JWT_EXPIRY | Expiry duration for SD-JWT credentials. | String | 30 days |
| CREDENTIAL_VERIFY_DATES | Whether or not to verify credential dates (expiration). | Boolean | false |
| CREDENTIAL_VERIFY_SIGNATURE | Whether or not to verify a credential signature. | Boolean | true |
| DEFAULT_JWT_VC_OFFER_DOMAIN | Default domain for JWT VC offers. Must be set to the value of the Cloud Agent endpoint | String | default-domain |
| DEFAULT_KAFKA_ENABLED | Whether or not to enable Kafka integration. | Boolean | false |
| DEFAULT_WALLET_AUTH_API_KEY | The authentication API key to be used for default entity that uses default wallet. | String | default |
| DEFAULT_WALLET_ENABLED | Whether or not to initialize the default wallet. | String | true |
| DEFAULT_WALLET_SEED | The BIP32 wallet seed to be used for default wallet represented by a hexadecimal string. | String | Null |
| DEFAULT_WALLET_WEBHOOK_API_KEY | The optional API key (bearer token) to use as the Authorization header for default wallet webhook. | String | Null |
| DEFAULT_WALLET_WEBHOOK_URL | The default wallet webhook endpoint URL where the notifications will be sent. | String | Null |
| DID_STATE_SYNC_TRIGGER_RECURRENCE_DELAY | Triggering DID state sync delay in Hocon duration format | String | 30 seconds |
| DIDCOMM_SERVICE_URL | URL of the DIDComm server that also runs for this agent. | String | http://localhost:8090 |
| ENABLE_ANONCRED | Enable support for AnonCred Credential type via API and DIDComm | Boolean | false |
| GLOBAL_WEBHOOK_API_KEY | The optional API key (bearer token) to use as the Authorization header for global wallet webhook. | String | Null |
| GLOBAL_WEBHOOK_URL | The global webhook endpoint URL where the notifications will be sent. | String | Null |
| ISSUE_BG_JOB_PROCESSING_PARALLELISM | Maximum amount of parallel issue credential job processing. | Int | 5 |
| ISSUE_BG_JOB_RECURRENCE_DELAY | Interval at which issue credentials job will try to process records. | String | 2 seconds |
| ISSUE_BG_JOB_RECORDS_LIMIT | Maximum number of records issue credentials job will try to process at the same time. | Int | 25 |
| ISSUANCE_INVITATION_EXPIRY | The presentation invitation expiry duration e.g 300 seconds. After which the OOB Credential Offer will expire | String | 300 seconds |
| KEYCLOAK_CLIENT_ID | The Keycloak client ID. | String | prism-agent |
| KEYCLOAK_CLIENT_SECRET | The Keycloak client secret. | String | prism-agent-demo-secret |
| KEYCLOAK_ENABLED | Whether or not to enable Keycloak authentication and authorisation. | Boolean | false |
| KEYCLOAK_REALM | The Keycloak realm name. | String | atala-demo |
| KEYCLOAK_URL | The Keycloak server URL. | String | http://localhost:9980 |
| KEYCLOAK_UMA_AUTO_UPGRADE_RPT | Whether or not to enable automatic upgrade of RPT tokens. If disabled, accessToken must be RPT and include the permission claims. | Boolean | true |
| KEYKLOAK_ROLES_CLAIM_PATH | The json path to the roles claim in the JWT payload . Used for role-based authorization (e.g. admin or tenant). | String | resource_access.<KEYCLOAK_CLIENT_ID>.roles |
| LOG_LEVEL | Cloud Agent log level. The default log level is INFO. Possible values: TRACE, DEBUG, INFO, WARN, ERROR, OFF. | String | INFO |
| POLLUX_DB_APP_PASSWORD | Pollux database application user password for login. | String | password |
| POLLUX_DB_APP_USER | Pollux database application user for login. | String | pollux-application-user |
| POLLUX_DB_AWAIT_CONNECTION_THREADS | Number of threads to wait for database connection. | Int | 4 |
| POLLUX_DB_HOST | Hostname of the server where Pollux database is running on. | String | localhost |
| POLLUX_DB_NAME | Database name where Pollux db will store data. | String | pollux |
| POLLUX_DB_PASSWORD | Pollux database password for login. | String | postgres |
| POLLUX_DB_PORT | Port of the Pollux database. | Int | 5432 |
| POLLUX_DB_USER | Pollux database username for login. | String | postgres |
| POLLUX_STATUS_LIST_REGISTRY_PUBLIC_URL | Url of status list registry to verify the revocation of JWT credentials | String | http://localhost:8085 |
| PRESENTATION_BG_JOB_PROCESSING_PARALLELISM | Maximum amount of parallel present proof job processing. | Int | 5 |
| PRESENTATION_BG_JOB_RECURRENCE_DELAY | Interval at which present proof job will try to process records. | String | 2 seconds |
| PRESENTATION_BG_JOB_RECORDS_LIMIT | Maximum number of records present proof job will try to process at the same time. | Int | 25 |
| PRESENTATION_INVITATION_EXPIRY | The presentation invitation expiry duration e.g 300 seconds. After which the OOB Request Presentation will expire | String | 300 seconds |
| PRESENTATION_LEEWAY | Time leeway when verifying challenge dates. | String | 0 seconds |
| PRESENTATION_VERIFY_DATES | Whether or not to verify challenge dates during presentation. | Boolean | false |
| PRESENTATION_VERIFY_HOLDER_BINDING | Description missing (please provide). | Boolean | false |
| PRESENTATION_VERIFY_SIGNATURE | Whether or not to verify a signed challenge used during credential presentation. | Boolean | true |
| PRISM_NODE_HOST | Hostname of the server where Prism Node is running on. | String | localhost |
| PRISM_NODE_PORT | Port of the Prism Node. | Int | 50053 |
| PRISM_NODE_USE_PLAIN_TEXT | Whether or not to use plain text for Prism Node communication gRPC protocol. | Boolean | true |
| REST_SERVICE_URL | URL of the REST service. | String | https://host.docker.internal:8080/cloud-agent |
| SECRET_STORAGE_BACKEND | Secret storage for keys and credentials. If vault is used, the vault server must be running, otherwise a database can be used for development purposes only. | Enum(vault, postgres) | vault |
| STATUS_LIST_SYNC_TRIGGER_RECURRENCE_DELAY | Triggering status list revocation sync for revoked credentials delay in Hocon duration format | String | 30 seconds |
| VAULT_ADDR | URL of the vault service for Cloud Agent to use for secret management. | String | http://localhost:8200 |
| VAULT_APPROLE_ROLE_ID | The role_id for HashiCorp Vault authentication with AppRole | String | Null |
| VAULT_APPROLE_SECRET_ID | The secret_id for HashiCorp Vault authentication with AppRole | String | Null |
| VAULT_TOKEN | Vault service auth token. | String | Null |
| VAULT_USE_SEMANTIC_PATH | Enable full path convention for vault secret path | Boolean | true |
| WEBHOOK_PARALLELISM | Maximum number of events that will be retrieved in a single iteration, from the event queue by the webhook publisher. | Int | Null |
Hocon duration format
Hocon duration format is a string that represents a duration of time. It is used in the configuration file to specify the duration of time in seconds, minutes, hours, etc.
Null default value
Null default value means that the variable is not set by default and must be set by the user based on the environment
configuration.