2022-02-09 15:01:19 +01:00 
										
									 
								 
							 
							
								
							 
							
								 
							
							
								Log : 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   Level :   info   # ZITADEL_LOG_LEVEL 
  
						 
					
						
							
								
									
										
										
										
											2022-02-09 15:01:19 +01:00 
										
									 
								 
							 
							
								
							 
							
								 
							
							
								   Formatter : 
  
						 
					
						
							
								
									
										
										
										
											2024-02-16 17:04:42 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     Format :   text   # ZITADEL_LOG_FORMATTER_FORMAT 
  
						 
					
						
							
								
									
										
										
										
											2022-02-11 11:02:47 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2022-07-18 10:42:32 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								# Exposes metrics on /debug/metrics 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								Metrics : 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   # Select type otel (OpenTelemetry) or none (disables collection and endpoint) 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   Type :   otel   # ZITADEL_METRICS_TYPE 
  
						 
					
						
							
								
									
										
										
										
											2022-07-18 10:42:32 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2022-11-03 12:22:17 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								Tracing : 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   # Choose one in "otel", "google", "log" and "none" 
  
						 
					
						
							
								
									
										
										
										
											2023-11-24 13:38:52 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   # Depending on the type there are different configuration options 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   # for type 'otel' is used for standard [open telemetry](https://opentelemetry.io) 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   # Fraction: 1.0 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   # Endpoint: 'otel.collector.endpoint' 
  
						 
					
						
							
								
									
										
										
										
											2024-05-13 16:01:50 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   # 
  
						 
					
						
							
								
									
										
										
										
											2023-11-24 13:38:52 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   # type 'log' or '' disables tracing 
  
						 
					
						
							
								
									
										
										
										
											2024-05-13 16:01:50 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   # 
  
						 
					
						
							
								
									
										
										
										
											2023-11-24 13:38:52 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   # for type 'google' 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   # ProjectID: '' 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   # Fraction: 1.0 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   Type :   none   # ZITADEL_TRACING_TYPE 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   Fraction :   1.0   # ZITADEL_TRACING_FRACTION 
  
						 
					
						
							
								
									
										
										
										
											2023-11-24 13:38:52 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   # The endpoint of the otel collector endpoint 
  
						 
					
						
							
								
									
										
										
										
											2024-05-13 16:01:50 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   Endpoint :   ""   #ZITADEL_TRACING_ENDPOINT 
  
						 
					
						
							
								
									
										
										
										
											2022-11-03 12:22:17 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2024-08-16 15:26:53 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								# Profiler enables capturing profiling data (CPU, Memory, ...) for performance analysis 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								Profiler : 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   # Choose one of "google" and "none" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   # Depending on the type there are different configuration options 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   # for type 'google' 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   # ProjectID: google-project-id 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   # 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   # type 'none' or '' disables profiling 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   Type :   none   # ZITADEL_PROFILER_TYPE 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   # projectID for google 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   ProjectID :   ''    # ZITADEL_PROFILER_PROJECTID 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2023-07-06 08:38:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								Telemetry : 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   # As long as Enabled is true, ZITADEL tries to send usage data to the configured Telemetry.Endpoints. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   # Data is projected by ZITADEL even if Enabled is false. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   # This means that switching this to true makes ZITADEL try to send past data. 
  
						 
					
						
							
								
									
										
										
										
											2024-02-16 17:04:42 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   Enabled :   false   # ZITADEL_TELEMETRY_ENABLED 
  
						 
					
						
							
								
									
										
										
										
											2023-07-06 08:38:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   # Push telemetry data to all these endpoints at least once using an HTTP POST request. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   # If one endpoint returns an unsuccessful response code or times out, 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   # ZITADEL retries to push the data point to all configured endpoints until it succeeds. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   # Configure delivery guarantees and intervals in the section Projections.Customizations.Telemetry 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   # The endpoints can be reconfigured at runtime. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   # Ten redirects are followed. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   # If you change this configuration at runtime, remaining data that is not successfully delivered to the old endpoints is sent to the new endpoints. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   Endpoints : 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     - https://httpbin.org/post 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   # These headers are sent with every request to the configured endpoints. 
  
						 
					
						
							
								
									
										
										
										
											2024-02-16 17:04:42 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   # Configure headers by environment variable using a JSON string with header values as arrays, like this: 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   # ZITADEL_TELEMETRY_HEADERS='{"header1": ["value1"], "header2": ["value2", "value3"]}' 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   Headers :   # ZITADEL_TELEMETRY_HEADERS 
  
						 
					
						
							
								
									
										
										
										
											2023-07-06 08:38:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   # single-value: "single-value" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   # multi-value: 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   #   - "multi-value-1" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   #   - "multi-value-2" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   # The maximum number of data points that are queried before they are sent to the configured endpoints. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   Limit :   100   # ZITADEL_TELEMETRY_LIMIT 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2022-06-24 14:38:22 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								# Port ZITADEL will listen on 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								Port :   8080   # ZITADEL_PORT 
  
						 
					
						
							
								
									
										
										
										
											2023-11-09 11:30:15 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								# ExternalPort is the port on which end users access ZITADEL. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								# It can differ from Port e.g. if a reverse proxy forwards the traffic to ZITADEL 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								# Read more about external access: https://zitadel.com/docs/self-hosting/manage/custom-domain 
  
						 
					
						
							
								
									
										
										
										
											2023-08-15 12:53:26 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								ExternalPort :   8080   # ZITADEL_EXTERNALPORT 
  
						 
					
						
							
								
									
										
										
										
											2024-11-22 10:25:25 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								# ExternalDomain is the domain on which end users access ZITADEL. 
  
						 
					
						
							
								
									
										
										
										
											2023-11-09 11:30:15 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								# Read more about external access: https://zitadel.com/docs/self-hosting/manage/custom-domain 
  
						 
					
						
							
								
									
										
										
										
											2023-08-15 12:53:26 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								ExternalDomain :   localhost   # ZITADEL_EXTERNALDOMAIN 
  
						 
					
						
							
								
									
										
										
										
											2023-11-09 11:30:15 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								# ExternalSecure specifies if ZITADEL is exposed externally using HTTPS or HTTP. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								# Read more about external access: https://zitadel.com/docs/self-hosting/manage/custom-domain 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								ExternalSecure :   true   # ZITADEL_EXTERNALSECURE 
  
						 
					
						
							
								
									
										
										
										
											2022-06-24 14:38:22 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								TLS : 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   # If enabled, ZITADEL will serve all traffic over TLS (HTTPS and gRPC) 
  
						 
					
						
							
								
									
										
										
										
											2022-06-24 14:38:22 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   # you must then also provide a private key and certificate to be used for the connection 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   # either directly or by a path to the corresponding file 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   Enabled :   true   # ZITADEL_TLS_ENABLED 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   # Path to the private key of the TLS certificate, will be loaded into the key 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   # and overwrite any existing value 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   # E.g. /path/to/key/file.pem 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   KeyPath :   # ZITADEL_TLS_KEYPATH 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   # Private key of the TLS certificate (KeyPath has a higher priority than Key) 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   # base64 encoded content of a pem file 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   Key :   # ZITADEL_TLS_KEY 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   # Path to the certificate for the TLS connection, will be loaded into the Cert 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   # and overwrite any existing value 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   # E.g. /path/to/cert/file.pem 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   CertPath :   # ZITADEL_TLS_CERTPATH 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   # Certificate for the TLS connection (CertPath will this overwrite if specified) 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   # base64 encoded content of a pem file 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   Cert :   # ZITADEL_TLS_CERT 
  
						 
					
						
							
								
									
										
										
										
											2022-06-24 14:38:22 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								# Header name of HTTP2 (incl. gRPC) calls from which the instance will be matched 
  
						 
					
						
							
								
									
										
											 
										
											
												feat: trusted (instance) domains (#8369)
# Which Problems Are Solved
ZITADEL currently selects the instance context based on a HTTP header
(see https://github.com/zitadel/zitadel/issues/8279#issue-2399959845 and
checks it against the list of instance domains. Let's call it instance
or API domain.
For any context based URL (e.g. OAuth, OIDC, SAML endpoints, links in
emails, ...) the requested domain (instance domain) will be used. Let's
call it the public domain.
In cases of proxied setups, all exposed domains (public domains) require
the domain to be managed as instance domain.
This can either be done using the "ExternalDomain" in the runtime config
or via system API, which requires a validation through CustomerPortal on
zitadel.cloud.
# How the Problems Are Solved
- Two new headers / header list are added:
- `InstanceHostHeaders`: an ordered list (first sent wins), which will
be used to match the instance.
(For backward compatibility: the `HTTP1HostHeader`, `HTTP2HostHeader`
and `forwarded`, `x-forwarded-for`, `x-forwarded-host` are checked
afterwards as well)
- `PublicHostHeaders`: an ordered list (first sent wins), which will be
used as public host / domain. This will be checked against a list of
trusted domains on the instance.
- The middleware intercepts all requests to the API and passes a
`DomainCtx` object with the hosts and protocol into the context
(previously only a computed `origin` was passed)
- HTTP / GRPC server do not longer try to match the headers to instances
themself, but use the passed `http.DomainContext` in their interceptors.
- The `RequestedHost` and `RequestedDomain` from authz.Instance are
removed in favor of the `http.DomainContext`
- When authenticating to or signing out from Console UI, the current
`http.DomainContext(ctx).Origin` (already checked by instance
interceptor for validity) is used to compute and dynamically add a
`redirect_uri` and `post_logout_redirect_uri`.
- Gateway passes all configured host headers (previously only did
`x-zitadel-*`)
- Admin API allows to manage trusted domain
# Additional Changes
None
# Additional Context
- part of #8279 
- open topics: 
  - "single-instance" mode
  - Console UI
											 
										 
										
											2024-07-31 17:00:38 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								# Deprecated: Use the InstanceHostHeaders instead 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								HTTP2HostHeader :   ":authority"   # ZITADEL_HTTP2HOSTHEADER 
  
						 
					
						
							
								
									
										
										
										
											2022-06-24 14:38:22 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								# Header name of HTTP1 calls from which the instance will be matched 
  
						 
					
						
							
								
									
										
											 
										
											
												feat: trusted (instance) domains (#8369)
# Which Problems Are Solved
ZITADEL currently selects the instance context based on a HTTP header
(see https://github.com/zitadel/zitadel/issues/8279#issue-2399959845 and
checks it against the list of instance domains. Let's call it instance
or API domain.
For any context based URL (e.g. OAuth, OIDC, SAML endpoints, links in
emails, ...) the requested domain (instance domain) will be used. Let's
call it the public domain.
In cases of proxied setups, all exposed domains (public domains) require
the domain to be managed as instance domain.
This can either be done using the "ExternalDomain" in the runtime config
or via system API, which requires a validation through CustomerPortal on
zitadel.cloud.
# How the Problems Are Solved
- Two new headers / header list are added:
- `InstanceHostHeaders`: an ordered list (first sent wins), which will
be used to match the instance.
(For backward compatibility: the `HTTP1HostHeader`, `HTTP2HostHeader`
and `forwarded`, `x-forwarded-for`, `x-forwarded-host` are checked
afterwards as well)
- `PublicHostHeaders`: an ordered list (first sent wins), which will be
used as public host / domain. This will be checked against a list of
trusted domains on the instance.
- The middleware intercepts all requests to the API and passes a
`DomainCtx` object with the hosts and protocol into the context
(previously only a computed `origin` was passed)
- HTTP / GRPC server do not longer try to match the headers to instances
themself, but use the passed `http.DomainContext` in their interceptors.
- The `RequestedHost` and `RequestedDomain` from authz.Instance are
removed in favor of the `http.DomainContext`
- When authenticating to or signing out from Console UI, the current
`http.DomainContext(ctx).Origin` (already checked by instance
interceptor for validity) is used to compute and dynamically add a
`redirect_uri` and `post_logout_redirect_uri`.
- Gateway passes all configured host headers (previously only did
`x-zitadel-*`)
- Admin API allows to manage trusted domain
# Additional Changes
None
# Additional Context
- part of #8279 
- open topics: 
  - "single-instance" mode
  - Console UI
											 
										 
										
											2024-07-31 17:00:38 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								# Deprecated: Use the InstanceHostHeaders instead 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								HTTP1HostHeader :   "host"   # ZITADEL_HTTP1HOSTHEADER 
  
						 
					
						
							
								
									
										
											 
										
											
												feat: trusted (instance) domains (#8369)
# Which Problems Are Solved
ZITADEL currently selects the instance context based on a HTTP header
(see https://github.com/zitadel/zitadel/issues/8279#issue-2399959845 and
checks it against the list of instance domains. Let's call it instance
or API domain.
For any context based URL (e.g. OAuth, OIDC, SAML endpoints, links in
emails, ...) the requested domain (instance domain) will be used. Let's
call it the public domain.
In cases of proxied setups, all exposed domains (public domains) require
the domain to be managed as instance domain.
This can either be done using the "ExternalDomain" in the runtime config
or via system API, which requires a validation through CustomerPortal on
zitadel.cloud.
# How the Problems Are Solved
- Two new headers / header list are added:
- `InstanceHostHeaders`: an ordered list (first sent wins), which will
be used to match the instance.
(For backward compatibility: the `HTTP1HostHeader`, `HTTP2HostHeader`
and `forwarded`, `x-forwarded-for`, `x-forwarded-host` are checked
afterwards as well)
- `PublicHostHeaders`: an ordered list (first sent wins), which will be
used as public host / domain. This will be checked against a list of
trusted domains on the instance.
- The middleware intercepts all requests to the API and passes a
`DomainCtx` object with the hosts and protocol into the context
(previously only a computed `origin` was passed)
- HTTP / GRPC server do not longer try to match the headers to instances
themself, but use the passed `http.DomainContext` in their interceptors.
- The `RequestedHost` and `RequestedDomain` from authz.Instance are
removed in favor of the `http.DomainContext`
- When authenticating to or signing out from Console UI, the current
`http.DomainContext(ctx).Origin` (already checked by instance
interceptor for validity) is used to compute and dynamically add a
`redirect_uri` and `post_logout_redirect_uri`.
- Gateway passes all configured host headers (previously only did
`x-zitadel-*`)
- Admin API allows to manage trusted domain
# Additional Changes
None
# Additional Context
- part of #8279 
- open topics: 
  - "single-instance" mode
  - Console UI
											 
										 
										
											2024-07-31 17:00:38 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								# Ordered header name list, which will be used to match the instance 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								InstanceHostHeaders :   # ZITADEL_INSTANCEHOSTHEADERS 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   - "x-zitadel-instance-host" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								# Ordered header name list, which will be used as the public host 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								PublicHostHeaders :   # ZITADEL_PUBLICHOSTHEADERS 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   - "x-zitadel-public-host" 
  
						 
					
						
							
								
									
										
										
										
											2022-02-14 17:22:30 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2024-02-16 17:04:42 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								WebAuthNName :   ZITADEL   # ZITADEL_WEBAUTHNNAME 
  
						 
					
						
							
								
									
										
										
										
											2022-04-25 10:01:17 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2022-02-14 17:22:30 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								Database : 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   # CockroachDB is the default database of ZITADEL 
  
						 
					
						
							
								
									
										
										
										
											2022-07-28 16:25:42 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   cockroach : 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     Host :   localhost   # ZITADEL_DATABASE_COCKROACH_HOST 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     Port :   26257   # ZITADEL_DATABASE_COCKROACH_PORT 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     Database :   zitadel   # ZITADEL_DATABASE_COCKROACH_DATABASE 
  
						 
					
						
							
								
									
										
										
										
											2025-01-16 12:07:18 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     MaxOpenConns :   5   # ZITADEL_DATABASE_COCKROACH_MAXOPENCONNS 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     MaxIdleConns :   2   # ZITADEL_DATABASE_COCKROACH_MAXIDLECONNS 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     MaxConnLifetime :   30m   # ZITADEL_DATABASE_COCKROACH_MAXCONNLIFETIME 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     MaxConnIdleTime :   5m   # ZITADEL_DATABASE_COCKROACH_MAXCONNIDLETIME 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     Options :   ""   # ZITADEL_DATABASE_COCKROACH_OPTIONS 
  
						 
					
						
							
								
									
										
										
										
											2022-07-28 16:25:42 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     User : 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       Username :   zitadel   # ZITADEL_DATABASE_COCKROACH_USER_USERNAME 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       Password :   ""   # ZITADEL_DATABASE_COCKROACH_USER_PASSWORD 
  
						 
					
						
							
								
									
										
										
										
											2022-07-28 16:25:42 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       SSL : 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								         Mode :   disable   # ZITADEL_DATABASE_COCKROACH_USER_SSL_MODE 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         RootCert :   ""   # ZITADEL_DATABASE_COCKROACH_USER_SSL_ROOTCERT 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         Cert :   ""   # ZITADEL_DATABASE_COCKROACH_USER_SSL_CERT 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         Key :   ""   # ZITADEL_DATABASE_COCKROACH_USER_SSL_KEY 
  
						 
					
						
							
								
									
										
										
										
											2022-07-28 16:25:42 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     Admin : 
  
						 
					
						
							
								
									
										
										
										
											2024-06-10 12:49:30 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       # By default, ExistingDatabase is not specified in the connection string 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       # If the connection resolves to a database that is not existing in your system, configure an existing one here 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       # It is used in zitadel init to connect to cockroach and create a dedicated database for ZITADEL. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       ExistingDatabase :   # ZITADEL_DATABASE_COCKROACH_ADMIN_EXISTINGDATABASE 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       Username :   root   # ZITADEL_DATABASE_COCKROACH_ADMIN_USERNAME 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       Password :   ""   # ZITADEL_DATABASE_COCKROACH_ADMIN_PASSWORD 
  
						 
					
						
							
								
									
										
										
										
											2022-07-28 16:25:42 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       SSL : 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								         Mode :   disable   # ZITADEL_DATABASE_COCKROACH_ADMIN_SSL_MODE 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         RootCert :   ""   # ZITADEL_DATABASE_COCKROACH_ADMIN_SSL_ROOTCERT 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         Cert :   ""   # ZITADEL_DATABASE_COCKROACH_ADMIN_SSL_CERT 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         Key :   ""   # ZITADEL_DATABASE_COCKROACH_ADMIN_SSL_KEY 
  
						 
					
						
							
								
									
										
										
										
											2022-08-31 09:52:43 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   # Postgres is used as soon as a value is set 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   # The values describe the possible fields to set values 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   postgres : 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     Host :   # ZITADEL_DATABASE_POSTGRES_HOST 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     Port :   # ZITADEL_DATABASE_POSTGRES_PORT 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     Database :   # ZITADEL_DATABASE_POSTGRES_DATABASE 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     MaxOpenConns :   # ZITADEL_DATABASE_POSTGRES_MAXOPENCONNS 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     MaxIdleConns :   # ZITADEL_DATABASE_POSTGRES_MAXIDLECONNS 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     MaxConnLifetime :   # ZITADEL_DATABASE_POSTGRES_MAXCONNLIFETIME 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     MaxConnIdleTime :   # ZITADEL_DATABASE_POSTGRES_MAXCONNIDLETIME 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     Options :   # ZITADEL_DATABASE_POSTGRES_OPTIONS 
  
						 
					
						
							
								
									
										
										
										
											2022-08-31 09:52:43 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     User : 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       Username :   # ZITADEL_DATABASE_POSTGRES_USER_USERNAME 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       Password :   # ZITADEL_DATABASE_POSTGRES_USER_PASSWORD 
  
						 
					
						
							
								
									
										
										
										
											2022-08-31 09:52:43 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       SSL : 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								         Mode :   # ZITADEL_DATABASE_POSTGRES_USER_SSL_MODE 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         RootCert :   # ZITADEL_DATABASE_POSTGRES_USER_SSL_ROOTCERT 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         Cert :   # ZITADEL_DATABASE_POSTGRES_USER_SSL_CERT 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         Key :   # ZITADEL_DATABASE_POSTGRES_USER_SSL_KEY 
  
						 
					
						
							
								
									
										
										
										
											2022-08-31 09:52:43 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     Admin : 
  
						 
					
						
							
								
									
										
										
										
											2024-06-10 12:49:30 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       # The default ExistingDatabase is postgres 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       # If your db system doesn't have a database named postgres, configure an existing database here 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       # It is used in zitadel init to connect to postgres and create a dedicated database for ZITADEL. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       ExistingDatabase :   # ZITADEL_DATABASE_POSTGRES_ADMIN_EXISTINGDATABASE 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       Username :   # ZITADEL_DATABASE_POSTGRES_ADMIN_USERNAME 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       Password :   # ZITADEL_DATABASE_POSTGRES_ADMIN_PASSWORD 
  
						 
					
						
							
								
									
										
										
										
											2022-08-31 09:52:43 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       SSL : 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								         Mode :   # ZITADEL_DATABASE_POSTGRES_ADMIN_SSL_MODE 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         RootCert :   # ZITADEL_DATABASE_POSTGRES_ADMIN_SSL_ROOTCERT 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         Cert :   # ZITADEL_DATABASE_POSTGRES_ADMIN_SSL_CERT 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         Key :   # ZITADEL_DATABASE_POSTGRES_ADMIN_SSL_KEY 
  
						 
					
						
							
								
									
										
										
										
											2022-02-14 17:22:30 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2024-09-25 22:40:21 +03:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								# Caches are EXPERIMENTAL. The following config may have breaking changes in the future. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								# If no config is provided, caching is disabled by default. 
  
						 
					
						
							
								
									
										
										
										
											2024-11-04 11:44:51 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								Caches : 
  
						 
					
						
							
								
									
										
										
										
											2024-09-25 22:40:21 +03:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   # Connectors are reused by caches. 
  
						 
					
						
							
								
									
										
										
										
											2024-11-04 11:44:51 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   Connectors : 
  
						 
					
						
							
								
									
										
										
										
											2024-09-25 22:40:21 +03:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     # Memory connector works with local server memory. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     # It is the simplest (and probably fastest) cache implementation. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     # Unsuitable for deployments with multiple containers, 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     # as each container's cache may hold a different state of the same object. 
  
						 
					
						
							
								
									
										
										
										
											2024-11-04 11:44:51 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     Memory : 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       Enabled :   false 
  
						 
					
						
							
								
									
										
										
										
											2024-09-25 22:40:21 +03:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       # AutoPrune removes invalidated or expired object from the cache. 
  
						 
					
						
							
								
									
										
										
										
											2024-11-04 11:44:51 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       AutoPrune : 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         Interval :   1m 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         TimeOut :   5s 
  
						 
					
						
							
								
									
										
										
										
											2025-01-06 10:47:46 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     # Postgres connector uses the configured database (postgres or cockraochdb) as cache. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     # It is suitable for deployments with multiple containers. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     # The cache is enabled by default because it is the default cache states for IdP form callbacks 
  
						 
					
						
							
								
									
										
										
										
											2024-11-04 11:44:51 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     Postgres : 
  
						 
					
						
							
								
									
										
										
										
											2025-01-06 10:47:46 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       Enabled :   true 
  
						 
					
						
							
								
									
										
										
										
											2024-11-04 11:44:51 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       AutoPrune : 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         Interval :   15m 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         TimeOut :   30s 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     Redis : 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       Enabled :   false 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       # The network type, either tcp or unix. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       # Default is tcp. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       # Network string 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       # host:port address. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       Addr :   localhost:6379 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       # ClientName will execute the `CLIENT SETNAME ClientName` command for each conn. 
  
						 
					
						
							
								
									
										
										
										
											2024-11-13 23:18:47 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       ClientName :   "" 
  
						 
					
						
							
								
									
										
										
										
											2024-11-04 11:44:51 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       # Use the specified Username to authenticate the current connection 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       # with one of the connections defined in the ACL list when connecting 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       # to a Redis 6.0 instance, or greater, that is using the Redis ACL system. 
  
						 
					
						
							
								
									
										
										
										
											2024-11-13 23:18:47 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       Username :   "" 
  
						 
					
						
							
								
									
										
										
										
											2024-11-04 11:44:51 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       # Optional password. Must match the password specified in the 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       # requirepass server configuration option (if connecting to a Redis 5.0 instance, or lower), 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       # or the User Password when connecting to a Redis 6.0 instance, or greater, 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       # that is using the Redis ACL system. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       Password :   "" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       # Each ZITADEL cache uses an incremental DB namespace. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       # This option offsets the first DB so it doesn't conflict with other databases on the same server. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       # Note that ZITADEL uses FLUSHDB command to truncate a cache. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       # This can have destructive consequences when overlapping DB namespaces are used. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       DBOffset :   10 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       # Maximum number of retries before giving up. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       # Default is 3 retries; -1 (not 0) disables retries. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       MaxRetries :   3 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       # Minimum backoff between each retry. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       # Default is 8 milliseconds; -1 disables backoff. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       MinRetryBackoff :   8ms 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       # Maximum backoff between each retry. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       # Default is 512 milliseconds; -1 disables backoff. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       MaxRetryBackoff :   512ms 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       # Dial timeout for establishing new connections. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       # Default is 5 seconds. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       DialTimeout :   1s 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       # Timeout for socket reads. If reached, commands will fail 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       # with a timeout instead of blocking. Supported values: 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       #   - `0` - default timeout (3 seconds). 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       #   - `-1` - no timeout (block indefinitely). 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       #   - `-2` - disables SetReadDeadline calls completely. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       ReadTimeout :   100ms 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       # Timeout for socket writes. If reached, commands will fail 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       # with a timeout instead of blocking.  Supported values: 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       #   - `0` - default timeout (3 seconds). 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       #   - `-1` - no timeout (block indefinitely). 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       #   - `-2` - disables SetWriteDeadline calls completely. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       WriteTimeout :   100ms 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       # Type of connection pool. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       # true for FIFO pool, false for LIFO pool. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       # Note that FIFO has slightly higher overhead compared to LIFO, 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       # but it helps closing idle connections faster reducing the pool size. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       PoolFIFO :   false 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       # Base number of socket connections. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       # Default is 10 connections per every available CPU as reported by runtime.GOMAXPROCS. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       # If there is not enough connections in the pool, new connections will be allocated in excess of PoolSize, 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       # you can limit it through MaxActiveConns 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       PoolSize :   20 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       # Amount of time client waits for connection if all connections 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       # are busy before returning an error. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       # Default is ReadTimeout + 1 second. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       PoolTimeout :   100ms 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       # Minimum number of idle connections which is useful when establishing 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       # new connection is slow. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       # Default is 0. the idle connections are not closed by default. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       MinIdleConns :   5 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       # Maximum number of idle connections. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       # Default is 0. the idle connections are not closed by default. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       MaxIdleConns :   10 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       # Maximum number of connections allocated by the pool at a given time. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       # When zero, there is no limit on the number of connections in the pool. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       MaxActiveConns :   40 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       # ConnMaxIdleTime is the maximum amount of time a connection may be idle. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       # Should be less than server's timeout. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       # Expired connections may be closed lazily before reuse. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       # If d <= 0, connections are not closed due to a connection's idle time. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       # Default is 30 minutes. -1 disables idle timeout check. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       ConnMaxIdleTime :   30m 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       # ConnMaxLifetime is the maximum amount of time a connection may be reused. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       # Expired connections may be closed lazily before reuse. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       # If <= 0, connections are not closed due to a connection's age. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       # Default is to not close idle connections. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       ConnMaxLifetime :   -1 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       # Enable TLS server authentication using the default system bundle. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       EnableTLS :   false 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       # Disable set-lib on connect. Default is false. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       DisableIndentity :   false 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       # Add suffix to client name. Default is empty. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       IdentitySuffix :   "" 
  
						 
					
						
							
								
									
										
										
										
											2024-11-13 20:11:48 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       # Implementation of [Circuit Breaker Pattern](https://learn.microsoft.com/en-us/previous-versions/msp-n-p/dn589784(v=pandp.10)?redirectedfrom=MSDN) 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       CircuitBreaker : 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         # Interval when the counters are reset to 0. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         # 0 interval never resets the counters until the CB is opened. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         Interval :   0 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         # Amount of consecutive failures permitted 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         MaxConsecutiveFailures :   5 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         # The ratio of failed requests out of total requests 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         MaxFailureRatio :   0.1 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         # Timeout after opening of the CB, until the state is set to half-open. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         Timeout :   60s 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         # The allowed amount of requests that are allowed to pass when the CB is half-open. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         MaxRetryRequests :   1 
  
						 
					
						
							
								
									
										
										
										
											2024-09-25 22:40:21 +03:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   # Instance caches auth middleware instances, gettable by domain or ID. 
  
						 
					
						
							
								
									
										
										
										
											2024-11-04 11:44:51 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   Instance : 
  
						 
					
						
							
								
									
										
										
										
											2024-09-25 22:40:21 +03:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     # Connector must be enabled above. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     # When connector is empty, this cache will be disabled. 
  
						 
					
						
							
								
									
										
										
										
											2024-11-04 11:44:51 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     Connector :   "" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     MaxAge :   1h 
  
						 
					
						
							
								
									
										
										
										
											2025-01-06 10:47:46 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     LastUseAge :   10m 
  
						 
					
						
							
								
									
										
										
										
											2024-11-04 11:44:51 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     # Log enables cache-specific logging. Default to error log to stderr when omitted. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     Log : 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       Level :   error 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       AddSource :   true 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       Formatter : 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         Format :   text 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   # Milestones caches instance milestone state, gettable by instance ID 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   Milestones : 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     Connector :   "" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     MaxAge :   1h 
  
						 
					
						
							
								
									
										
										
										
											2025-01-06 10:47:46 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     LastUseAge :   10m 
  
						 
					
						
							
								
									
										
										
										
											2024-11-04 11:44:51 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     Log : 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       Level :   error 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       AddSource :   true 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       Formatter : 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         Format :   text 
  
						 
					
						
							
								
									
										
										
										
											2024-11-21 08:05:03 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   # Organization cache, gettable by primary domain or ID. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   Organization : 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     Connector :   "" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     MaxAge :   1h 
  
						 
					
						
							
								
									
										
										
										
											2025-01-06 10:47:46 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     LastUseAge :   10m 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     Log : 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       Level :   error 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       AddSource :   true 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       Formatter : 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         Format :   text 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   # IdP callbacks using form POST cache, required for handling them securely and without possible too big request urls. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   IdPFormCallbacks : 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     Connector :   "postgres" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     MaxAge :   1h 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     LastUseAge :   10m 
  
						 
					
						
							
								
									
										
										
										
											2024-11-21 08:05:03 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     Log : 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       Level :   error 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       AddSource :   true 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       Formatter : 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         Format :   text 
  
						 
					
						
							
								
									
										
										
										
											2024-09-25 22:40:21 +03:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
											 
										
											
												feat: Configurable Unique Machine Identification (#3626)
* feat: Configurable Unique Machine Identification
This change fixes Segfault on AWS App Runner with v2 #3625
The change introduces two new dependencies:
* github.com/drone/envsubst for supporting AWS ECS, which has its metadata endpoint described by an environment variable
* github.com/jarcoal/jpath so that only relevant data from a metadata response is used to identify the machine.
The change ads new configuration (see `defaults.yaml`):
* `Machine.Identification` enables configuration of how machines are uniquely identified - I'm not sure about the top level category `Machine`, as I don't have anything else to add to it. Happy to hear suggestions for better naming or structure here.
* `Machine.Identifiation.PrivateId` turns on or off the existing private IP based identification. Default is on.
* `Machine.Identification.Hostname` turns on or off using the OS hostname to identify the machine. Great for most cloud environments, where this tends to be set to something that identifies the machine uniquely. Enabled by default.
* `Machine.Identification.Webhook` configures identification based on the response to an HTTP GET request.  Request headers can be configured, a JSONPath can be set for processing the response (no JSON parsing is done if this is not set), and the URL is allowed to contain environment variables in the format `"${var}"`.
The new flow for getting a unique machine id is:
1. PrivateIP (if enabled)
2. Hostname (if enabled)
3. Webhook (if enabled, to configured URL)
4. Give up and error out.
It's important that init configures machine identity first. Otherwise we could try to get an ID before configuring it. To prevent this from causing difficult to debug issues, where for example the default configuration was used, I've ensured that
the application will generate an error if the module hasn't been configured and you try to get an ID.
Misc changes:
* Spelling and gramatical corrections to `init.go::New()` long description.
* Spelling corrections to `verify_zitadel.go::newZitadel()`.
* Updated `production.md` and `development.md` based on the new build process. I think the run instructions are also out of date, but I'll leave that for someone else.
* `id.SonyFlakeGenerator` is now a function, which sets `id.sonyFlakeGenerator`, this allows us to defer initialization until configuration has been read.
* Update internal/id/config.go
Co-authored-by: Alexei-Barnes <82444470+Alexei-Barnes@users.noreply.github.com>
* Fix authored by @livio-a for tests
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
											 
										 
										
											2022-05-24 15:57:57 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								Machine : 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   # Cloud-hosted VMs need to specify their metadata endpoint so that the machine can be uniquely identified. 
  
						 
					
						
							
								
									
										
											 
										
											
												feat: Configurable Unique Machine Identification (#3626)
* feat: Configurable Unique Machine Identification
This change fixes Segfault on AWS App Runner with v2 #3625
The change introduces two new dependencies:
* github.com/drone/envsubst for supporting AWS ECS, which has its metadata endpoint described by an environment variable
* github.com/jarcoal/jpath so that only relevant data from a metadata response is used to identify the machine.
The change ads new configuration (see `defaults.yaml`):
* `Machine.Identification` enables configuration of how machines are uniquely identified - I'm not sure about the top level category `Machine`, as I don't have anything else to add to it. Happy to hear suggestions for better naming or structure here.
* `Machine.Identifiation.PrivateId` turns on or off the existing private IP based identification. Default is on.
* `Machine.Identification.Hostname` turns on or off using the OS hostname to identify the machine. Great for most cloud environments, where this tends to be set to something that identifies the machine uniquely. Enabled by default.
* `Machine.Identification.Webhook` configures identification based on the response to an HTTP GET request.  Request headers can be configured, a JSONPath can be set for processing the response (no JSON parsing is done if this is not set), and the URL is allowed to contain environment variables in the format `"${var}"`.
The new flow for getting a unique machine id is:
1. PrivateIP (if enabled)
2. Hostname (if enabled)
3. Webhook (if enabled, to configured URL)
4. Give up and error out.
It's important that init configures machine identity first. Otherwise we could try to get an ID before configuring it. To prevent this from causing difficult to debug issues, where for example the default configuration was used, I've ensured that
the application will generate an error if the module hasn't been configured and you try to get an ID.
Misc changes:
* Spelling and gramatical corrections to `init.go::New()` long description.
* Spelling corrections to `verify_zitadel.go::newZitadel()`.
* Updated `production.md` and `development.md` based on the new build process. I think the run instructions are also out of date, but I'll leave that for someone else.
* `id.SonyFlakeGenerator` is now a function, which sets `id.sonyFlakeGenerator`, this allows us to defer initialization until configuration has been read.
* Update internal/id/config.go
Co-authored-by: Alexei-Barnes <82444470+Alexei-Barnes@users.noreply.github.com>
* Fix authored by @livio-a for tests
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
											 
										 
										
											2022-05-24 15:57:57 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   Identification : 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     # Use private IP to identify machines uniquely 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     PrivateIp : 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       Enabled :   true   # ZITADEL_MACHINE_IDENTIFICATION_PRIVATEIP_ENABLED 
  
						 
					
						
							
								
									
										
											 
										
											
												feat: Configurable Unique Machine Identification (#3626)
* feat: Configurable Unique Machine Identification
This change fixes Segfault on AWS App Runner with v2 #3625
The change introduces two new dependencies:
* github.com/drone/envsubst for supporting AWS ECS, which has its metadata endpoint described by an environment variable
* github.com/jarcoal/jpath so that only relevant data from a metadata response is used to identify the machine.
The change ads new configuration (see `defaults.yaml`):
* `Machine.Identification` enables configuration of how machines are uniquely identified - I'm not sure about the top level category `Machine`, as I don't have anything else to add to it. Happy to hear suggestions for better naming or structure here.
* `Machine.Identifiation.PrivateId` turns on or off the existing private IP based identification. Default is on.
* `Machine.Identification.Hostname` turns on or off using the OS hostname to identify the machine. Great for most cloud environments, where this tends to be set to something that identifies the machine uniquely. Enabled by default.
* `Machine.Identification.Webhook` configures identification based on the response to an HTTP GET request.  Request headers can be configured, a JSONPath can be set for processing the response (no JSON parsing is done if this is not set), and the URL is allowed to contain environment variables in the format `"${var}"`.
The new flow for getting a unique machine id is:
1. PrivateIP (if enabled)
2. Hostname (if enabled)
3. Webhook (if enabled, to configured URL)
4. Give up and error out.
It's important that init configures machine identity first. Otherwise we could try to get an ID before configuring it. To prevent this from causing difficult to debug issues, where for example the default configuration was used, I've ensured that
the application will generate an error if the module hasn't been configured and you try to get an ID.
Misc changes:
* Spelling and gramatical corrections to `init.go::New()` long description.
* Spelling corrections to `verify_zitadel.go::newZitadel()`.
* Updated `production.md` and `development.md` based on the new build process. I think the run instructions are also out of date, but I'll leave that for someone else.
* `id.SonyFlakeGenerator` is now a function, which sets `id.sonyFlakeGenerator`, this allows us to defer initialization until configuration has been read.
* Update internal/id/config.go
Co-authored-by: Alexei-Barnes <82444470+Alexei-Barnes@users.noreply.github.com>
* Fix authored by @livio-a for tests
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
											 
										 
										
											2022-05-24 15:57:57 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     # Use hostname to identify machines uniquely 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     # You want the process to be identified uniquely, so this works well in k8s where each pod gets its own 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     # unique hostname, but not as well in some other hosting environments. 
  
						 
					
						
							
								
									
										
											 
										
											
												feat: Configurable Unique Machine Identification (#3626)
* feat: Configurable Unique Machine Identification
This change fixes Segfault on AWS App Runner with v2 #3625
The change introduces two new dependencies:
* github.com/drone/envsubst for supporting AWS ECS, which has its metadata endpoint described by an environment variable
* github.com/jarcoal/jpath so that only relevant data from a metadata response is used to identify the machine.
The change ads new configuration (see `defaults.yaml`):
* `Machine.Identification` enables configuration of how machines are uniquely identified - I'm not sure about the top level category `Machine`, as I don't have anything else to add to it. Happy to hear suggestions for better naming or structure here.
* `Machine.Identifiation.PrivateId` turns on or off the existing private IP based identification. Default is on.
* `Machine.Identification.Hostname` turns on or off using the OS hostname to identify the machine. Great for most cloud environments, where this tends to be set to something that identifies the machine uniquely. Enabled by default.
* `Machine.Identification.Webhook` configures identification based on the response to an HTTP GET request.  Request headers can be configured, a JSONPath can be set for processing the response (no JSON parsing is done if this is not set), and the URL is allowed to contain environment variables in the format `"${var}"`.
The new flow for getting a unique machine id is:
1. PrivateIP (if enabled)
2. Hostname (if enabled)
3. Webhook (if enabled, to configured URL)
4. Give up and error out.
It's important that init configures machine identity first. Otherwise we could try to get an ID before configuring it. To prevent this from causing difficult to debug issues, where for example the default configuration was used, I've ensured that
the application will generate an error if the module hasn't been configured and you try to get an ID.
Misc changes:
* Spelling and gramatical corrections to `init.go::New()` long description.
* Spelling corrections to `verify_zitadel.go::newZitadel()`.
* Updated `production.md` and `development.md` based on the new build process. I think the run instructions are also out of date, but I'll leave that for someone else.
* `id.SonyFlakeGenerator` is now a function, which sets `id.sonyFlakeGenerator`, this allows us to defer initialization until configuration has been read.
* Update internal/id/config.go
Co-authored-by: Alexei-Barnes <82444470+Alexei-Barnes@users.noreply.github.com>
* Fix authored by @livio-a for tests
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
											 
										 
										
											2022-05-24 15:57:57 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     Hostname : 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       Enabled :   false   # ZITADEL_MACHINE_IDENTIFICATION_HOSTNAME_ENABLED 
  
						 
					
						
							
								
									
										
											 
										
											
												feat: Configurable Unique Machine Identification (#3626)
* feat: Configurable Unique Machine Identification
This change fixes Segfault on AWS App Runner with v2 #3625
The change introduces two new dependencies:
* github.com/drone/envsubst for supporting AWS ECS, which has its metadata endpoint described by an environment variable
* github.com/jarcoal/jpath so that only relevant data from a metadata response is used to identify the machine.
The change ads new configuration (see `defaults.yaml`):
* `Machine.Identification` enables configuration of how machines are uniquely identified - I'm not sure about the top level category `Machine`, as I don't have anything else to add to it. Happy to hear suggestions for better naming or structure here.
* `Machine.Identifiation.PrivateId` turns on or off the existing private IP based identification. Default is on.
* `Machine.Identification.Hostname` turns on or off using the OS hostname to identify the machine. Great for most cloud environments, where this tends to be set to something that identifies the machine uniquely. Enabled by default.
* `Machine.Identification.Webhook` configures identification based on the response to an HTTP GET request.  Request headers can be configured, a JSONPath can be set for processing the response (no JSON parsing is done if this is not set), and the URL is allowed to contain environment variables in the format `"${var}"`.
The new flow for getting a unique machine id is:
1. PrivateIP (if enabled)
2. Hostname (if enabled)
3. Webhook (if enabled, to configured URL)
4. Give up and error out.
It's important that init configures machine identity first. Otherwise we could try to get an ID before configuring it. To prevent this from causing difficult to debug issues, where for example the default configuration was used, I've ensured that
the application will generate an error if the module hasn't been configured and you try to get an ID.
Misc changes:
* Spelling and gramatical corrections to `init.go::New()` long description.
* Spelling corrections to `verify_zitadel.go::newZitadel()`.
* Updated `production.md` and `development.md` based on the new build process. I think the run instructions are also out of date, but I'll leave that for someone else.
* `id.SonyFlakeGenerator` is now a function, which sets `id.sonyFlakeGenerator`, this allows us to defer initialization until configuration has been read.
* Update internal/id/config.go
Co-authored-by: Alexei-Barnes <82444470+Alexei-Barnes@users.noreply.github.com>
* Fix authored by @livio-a for tests
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
											 
										 
										
											2022-05-24 15:57:57 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     # Use a webhook response to identify machines uniquely 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     # Google Cloud Configuration 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     Webhook : 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       Enabled :   true   # ZITADEL_MACHINE_IDENTIFICATION_WEBHOOK_ENABLED 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       Url :   "http://metadata.google.internal/computeMetadata/v1/instance/id"   # ZITADEL_MACHINE_IDENTIFICATION_WEBHOOK_URL 
  
						 
					
						
							
								
									
										
											 
										
											
												feat: Configurable Unique Machine Identification (#3626)
* feat: Configurable Unique Machine Identification
This change fixes Segfault on AWS App Runner with v2 #3625
The change introduces two new dependencies:
* github.com/drone/envsubst for supporting AWS ECS, which has its metadata endpoint described by an environment variable
* github.com/jarcoal/jpath so that only relevant data from a metadata response is used to identify the machine.
The change ads new configuration (see `defaults.yaml`):
* `Machine.Identification` enables configuration of how machines are uniquely identified - I'm not sure about the top level category `Machine`, as I don't have anything else to add to it. Happy to hear suggestions for better naming or structure here.
* `Machine.Identifiation.PrivateId` turns on or off the existing private IP based identification. Default is on.
* `Machine.Identification.Hostname` turns on or off using the OS hostname to identify the machine. Great for most cloud environments, where this tends to be set to something that identifies the machine uniquely. Enabled by default.
* `Machine.Identification.Webhook` configures identification based on the response to an HTTP GET request.  Request headers can be configured, a JSONPath can be set for processing the response (no JSON parsing is done if this is not set), and the URL is allowed to contain environment variables in the format `"${var}"`.
The new flow for getting a unique machine id is:
1. PrivateIP (if enabled)
2. Hostname (if enabled)
3. Webhook (if enabled, to configured URL)
4. Give up and error out.
It's important that init configures machine identity first. Otherwise we could try to get an ID before configuring it. To prevent this from causing difficult to debug issues, where for example the default configuration was used, I've ensured that
the application will generate an error if the module hasn't been configured and you try to get an ID.
Misc changes:
* Spelling and gramatical corrections to `init.go::New()` long description.
* Spelling corrections to `verify_zitadel.go::newZitadel()`.
* Updated `production.md` and `development.md` based on the new build process. I think the run instructions are also out of date, but I'll leave that for someone else.
* `id.SonyFlakeGenerator` is now a function, which sets `id.sonyFlakeGenerator`, this allows us to defer initialization until configuration has been read.
* Update internal/id/config.go
Co-authored-by: Alexei-Barnes <82444470+Alexei-Barnes@users.noreply.github.com>
* Fix authored by @livio-a for tests
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
											 
										 
										
											2022-05-24 15:57:57 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       Headers : 
  
						 
					
						
							
								
									
										
										
										
											2024-02-16 17:04:42 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								         "Metadata-Flavor":  "Google" 
  
						 
					
						
							
								
									
										
											 
										
											
												feat: Configurable Unique Machine Identification (#3626)
* feat: Configurable Unique Machine Identification
This change fixes Segfault on AWS App Runner with v2 #3625
The change introduces two new dependencies:
* github.com/drone/envsubst for supporting AWS ECS, which has its metadata endpoint described by an environment variable
* github.com/jarcoal/jpath so that only relevant data from a metadata response is used to identify the machine.
The change ads new configuration (see `defaults.yaml`):
* `Machine.Identification` enables configuration of how machines are uniquely identified - I'm not sure about the top level category `Machine`, as I don't have anything else to add to it. Happy to hear suggestions for better naming or structure here.
* `Machine.Identifiation.PrivateId` turns on or off the existing private IP based identification. Default is on.
* `Machine.Identification.Hostname` turns on or off using the OS hostname to identify the machine. Great for most cloud environments, where this tends to be set to something that identifies the machine uniquely. Enabled by default.
* `Machine.Identification.Webhook` configures identification based on the response to an HTTP GET request.  Request headers can be configured, a JSONPath can be set for processing the response (no JSON parsing is done if this is not set), and the URL is allowed to contain environment variables in the format `"${var}"`.
The new flow for getting a unique machine id is:
1. PrivateIP (if enabled)
2. Hostname (if enabled)
3. Webhook (if enabled, to configured URL)
4. Give up and error out.
It's important that init configures machine identity first. Otherwise we could try to get an ID before configuring it. To prevent this from causing difficult to debug issues, where for example the default configuration was used, I've ensured that
the application will generate an error if the module hasn't been configured and you try to get an ID.
Misc changes:
* Spelling and gramatical corrections to `init.go::New()` long description.
* Spelling corrections to `verify_zitadel.go::newZitadel()`.
* Updated `production.md` and `development.md` based on the new build process. I think the run instructions are also out of date, but I'll leave that for someone else.
* `id.SonyFlakeGenerator` is now a function, which sets `id.sonyFlakeGenerator`, this allows us to defer initialization until configuration has been read.
* Update internal/id/config.go
Co-authored-by: Alexei-Barnes <82444470+Alexei-Barnes@users.noreply.github.com>
* Fix authored by @livio-a for tests
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
											 
										 
										
											2022-05-24 15:57:57 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     # 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     # AWS EC2 IMDSv1 Configuration: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instancedata-data-retrieval.html 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     # Webhook: 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     #   Url: "http://169.254.169.254/latest/meta-data/ami-id" # ZITADEL_MACHINE_IDENTIFICATION_WEBHOOK_URL 
  
						 
					
						
							
								
									
										
											 
										
											
												feat: Configurable Unique Machine Identification (#3626)
* feat: Configurable Unique Machine Identification
This change fixes Segfault on AWS App Runner with v2 #3625
The change introduces two new dependencies:
* github.com/drone/envsubst for supporting AWS ECS, which has its metadata endpoint described by an environment variable
* github.com/jarcoal/jpath so that only relevant data from a metadata response is used to identify the machine.
The change ads new configuration (see `defaults.yaml`):
* `Machine.Identification` enables configuration of how machines are uniquely identified - I'm not sure about the top level category `Machine`, as I don't have anything else to add to it. Happy to hear suggestions for better naming or structure here.
* `Machine.Identifiation.PrivateId` turns on or off the existing private IP based identification. Default is on.
* `Machine.Identification.Hostname` turns on or off using the OS hostname to identify the machine. Great for most cloud environments, where this tends to be set to something that identifies the machine uniquely. Enabled by default.
* `Machine.Identification.Webhook` configures identification based on the response to an HTTP GET request.  Request headers can be configured, a JSONPath can be set for processing the response (no JSON parsing is done if this is not set), and the URL is allowed to contain environment variables in the format `"${var}"`.
The new flow for getting a unique machine id is:
1. PrivateIP (if enabled)
2. Hostname (if enabled)
3. Webhook (if enabled, to configured URL)
4. Give up and error out.
It's important that init configures machine identity first. Otherwise we could try to get an ID before configuring it. To prevent this from causing difficult to debug issues, where for example the default configuration was used, I've ensured that
the application will generate an error if the module hasn't been configured and you try to get an ID.
Misc changes:
* Spelling and gramatical corrections to `init.go::New()` long description.
* Spelling corrections to `verify_zitadel.go::newZitadel()`.
* Updated `production.md` and `development.md` based on the new build process. I think the run instructions are also out of date, but I'll leave that for someone else.
* `id.SonyFlakeGenerator` is now a function, which sets `id.sonyFlakeGenerator`, this allows us to defer initialization until configuration has been read.
* Update internal/id/config.go
Co-authored-by: Alexei-Barnes <82444470+Alexei-Barnes@users.noreply.github.com>
* Fix authored by @livio-a for tests
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
											 
										 
										
											2022-05-24 15:57:57 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     # 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     # AWS ECS v4 Configuration: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-metadata-endpoint-v4.html 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     # Webhook: 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     #   Url: "${ECS_CONTAINER_METADATA_URI_V4}" # ZITADEL_MACHINE_IDENTIFICATION_WEBHOOK_URL 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     #   JPath: "$.DockerId" # ZITADEL_MACHINE_IDENTIFICATION_WEBHOOK_JPATH 
  
						 
					
						
							
								
									
										
											 
										
											
												feat: Configurable Unique Machine Identification (#3626)
* feat: Configurable Unique Machine Identification
This change fixes Segfault on AWS App Runner with v2 #3625
The change introduces two new dependencies:
* github.com/drone/envsubst for supporting AWS ECS, which has its metadata endpoint described by an environment variable
* github.com/jarcoal/jpath so that only relevant data from a metadata response is used to identify the machine.
The change ads new configuration (see `defaults.yaml`):
* `Machine.Identification` enables configuration of how machines are uniquely identified - I'm not sure about the top level category `Machine`, as I don't have anything else to add to it. Happy to hear suggestions for better naming or structure here.
* `Machine.Identifiation.PrivateId` turns on or off the existing private IP based identification. Default is on.
* `Machine.Identification.Hostname` turns on or off using the OS hostname to identify the machine. Great for most cloud environments, where this tends to be set to something that identifies the machine uniquely. Enabled by default.
* `Machine.Identification.Webhook` configures identification based on the response to an HTTP GET request.  Request headers can be configured, a JSONPath can be set for processing the response (no JSON parsing is done if this is not set), and the URL is allowed to contain environment variables in the format `"${var}"`.
The new flow for getting a unique machine id is:
1. PrivateIP (if enabled)
2. Hostname (if enabled)
3. Webhook (if enabled, to configured URL)
4. Give up and error out.
It's important that init configures machine identity first. Otherwise we could try to get an ID before configuring it. To prevent this from causing difficult to debug issues, where for example the default configuration was used, I've ensured that
the application will generate an error if the module hasn't been configured and you try to get an ID.
Misc changes:
* Spelling and gramatical corrections to `init.go::New()` long description.
* Spelling corrections to `verify_zitadel.go::newZitadel()`.
* Updated `production.md` and `development.md` based on the new build process. I think the run instructions are also out of date, but I'll leave that for someone else.
* `id.SonyFlakeGenerator` is now a function, which sets `id.sonyFlakeGenerator`, this allows us to defer initialization until configuration has been read.
* Update internal/id/config.go
Co-authored-by: Alexei-Barnes <82444470+Alexei-Barnes@users.noreply.github.com>
* Fix authored by @livio-a for tests
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
											 
										 
										
											2022-05-24 15:57:57 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     # 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     # Azure Configuration: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/instance-metadata-service?tabs=linux 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     # Webhook: 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     #   Url: "http://169.254.169.254/metadata/instance?api-version=2021-02-01" # ZITADEL_MACHINE_IDENTIFICATION_WEBHOOK_URL 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     #   JPath: "$.compute.vmId" # ZITADEL_MACHINE_IDENTIFICATION_WEBHOOK_JPATH 
  
						 
					
						
							
								
									
										
											 
										
											
												feat: Configurable Unique Machine Identification (#3626)
* feat: Configurable Unique Machine Identification
This change fixes Segfault on AWS App Runner with v2 #3625
The change introduces two new dependencies:
* github.com/drone/envsubst for supporting AWS ECS, which has its metadata endpoint described by an environment variable
* github.com/jarcoal/jpath so that only relevant data from a metadata response is used to identify the machine.
The change ads new configuration (see `defaults.yaml`):
* `Machine.Identification` enables configuration of how machines are uniquely identified - I'm not sure about the top level category `Machine`, as I don't have anything else to add to it. Happy to hear suggestions for better naming or structure here.
* `Machine.Identifiation.PrivateId` turns on or off the existing private IP based identification. Default is on.
* `Machine.Identification.Hostname` turns on or off using the OS hostname to identify the machine. Great for most cloud environments, where this tends to be set to something that identifies the machine uniquely. Enabled by default.
* `Machine.Identification.Webhook` configures identification based on the response to an HTTP GET request.  Request headers can be configured, a JSONPath can be set for processing the response (no JSON parsing is done if this is not set), and the URL is allowed to contain environment variables in the format `"${var}"`.
The new flow for getting a unique machine id is:
1. PrivateIP (if enabled)
2. Hostname (if enabled)
3. Webhook (if enabled, to configured URL)
4. Give up and error out.
It's important that init configures machine identity first. Otherwise we could try to get an ID before configuring it. To prevent this from causing difficult to debug issues, where for example the default configuration was used, I've ensured that
the application will generate an error if the module hasn't been configured and you try to get an ID.
Misc changes:
* Spelling and gramatical corrections to `init.go::New()` long description.
* Spelling corrections to `verify_zitadel.go::newZitadel()`.
* Updated `production.md` and `development.md` based on the new build process. I think the run instructions are also out of date, but I'll leave that for someone else.
* `id.SonyFlakeGenerator` is now a function, which sets `id.sonyFlakeGenerator`, this allows us to defer initialization until configuration has been read.
* Update internal/id/config.go
Co-authored-by: Alexei-Barnes <82444470+Alexei-Barnes@users.noreply.github.com>
* Fix authored by @livio-a for tests
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
											 
										 
										
											2022-05-24 15:57:57 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2022-08-16 07:04:36 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								# Storage for assets like user avatar, organization logo, icon, font, ... 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								AssetStorage : 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   Type :   db   # ZITADEL_ASSET_STORAGE_TYPE 
  
						 
					
						
							
								
									
										
										
										
											2022-08-16 07:04:36 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   # HTTP cache control settings for serving assets in the assets API and login UI 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   # the assets will also be served with an etag and last-modified header 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   Cache : 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     MaxAge :   5s   # ZITADEL_ASSETSTORAGE_CACHE_MAXAGE 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     # 168h are 7 days 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     SharedMaxAge :   168h   # ZITADEL_ASSETSTORAGE_CACHE_SHAREDMAXAGE 
  
						 
					
						
							
								
									
										
										
										
											2022-08-16 07:04:36 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								# The Projections section defines the behavior for the scheduled and synchronous events projections. 
  
						 
					
						
							
								
									
										
										
										
											2022-02-14 17:22:30 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								Projections : 
  
						 
					
						
							
								
									
										
										
										
											2024-05-13 16:01:50 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   # The maximum duration a transaction remains open 
  
						 
					
						
							
								
									
										
										
										
											2023-10-19 12:19:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   # before it spots left folding additional events 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   # and updates the table. 
  
						 
					
						
							
								
									
										
										
										
											2024-09-17 13:08:13 +03:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   TransactionDuration :   1m   # ZITADEL_PROJECTIONS_TRANSACTIONDURATION 
  
						 
					
						
							
								
									
										
										
										
											2023-03-27 14:34:01 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   # Time interval between scheduled projections 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   RequeueEvery :   60s   # ZITADEL_PROJECTIONS_REQUEUEEVERY 
  
						 
					
						
							
								
									
										
										
										
											2023-03-27 14:34:01 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   # Time between retried database statements resulting from projected events 
  
						 
					
						
							
								
									
										
										
										
											2024-02-16 17:04:42 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   RetryFailedAfter :   1s   # ZITADEL_PROJECTIONS_RETRYFAILEDAFTER 
  
						 
					
						
							
								
									
										
										
										
											2023-03-27 14:34:01 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   # Retried execution number of database statements resulting from projected events 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   MaxFailureCount :   5   # ZITADEL_PROJECTIONS_MAXFAILURECOUNT 
  
						 
					
						
							
								
									
										
										
										
											2023-03-27 14:34:01 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   # Limit of returned events per query 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   BulkLimit :   200   # ZITADEL_PROJECTIONS_BULKLIMIT 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   # Only instances are projected, for which at least a projection-relevant event exists within the timeframe 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   # from HandleActiveInstances duration in the past until the projection's current time 
  
						 
					
						
							
								
									
										
										
										
											2023-12-19 13:32:08 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   # If set to 0 (default), every instance is always considered active 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   HandleActiveInstances :   0s   # ZITADEL_PROJECTIONS_HANDLEACTIVEINSTANCES 
  
						 
					
						
							
								
									
										
										
										
											2024-12-06 12:32:53 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   # Maximum amount of instances cached as active 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   # If set to 0, every instance is always considered active 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   MaxActiveInstances :   0   # ZITADEL_PROJECTIONS_MAXACTIVEINSTANCES 
  
						 
					
						
							
								
									
										
										
										
											2023-03-27 14:34:01 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   # In the Customizations section, all settings from above can be overwritten for each specific projection 
  
						 
					
						
							
								
									
										
										
										
											2022-03-28 10:05:09 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   Customizations : 
  
						 
					
						
							
								
									
										
										
										
											2023-10-27 20:43:13 +03:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     custom_texts : 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       BulkLimit :   400 
  
						 
					
						
							
								
									
										
										
										
											2024-07-17 07:23:29 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     project_grant_fields : 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       TransactionDuration :   0s 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       BulkLimit :   2000 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     org_domain_verified_fields : 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       TransactionDuration :   0s 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       BulkLimit :   2000 
  
						 
					
						
							
								
									
										
										
										
											2024-11-11 22:03:15 +10:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2023-03-27 14:34:01 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     # The Notifications projection is used for sending emails and SMS to users 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     Notifications : 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       # As notification projections don't result in database statements, retries don't have an effect 
  
						 
					
						
							
								
									
										
										
										
											2023-10-19 12:19:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       MaxFailureCount :   10   # ZITADEL_PROJECTIONS_CUSTOMIZATIONS_NOTIFICATIONS_MAXFAILURECOUNT 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       # Sending emails can take longer than 500ms 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       TransactionDuration :   5s   # ZITADEL_PROJECTIONS_CUSTOMIZATIONS_NOTIFICATIONS_TRANSACTIONDURATION 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     password_complexities : 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       TransactionDuration :   2s   # ZITADEL_PROJECTIONS_CUSTOMIZATIONS_PASSWORD_COMPLEXITIES_TRANSACTIONDURATION 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     lockout_policy : 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       TransactionDuration :   2s   # ZITADEL_PROJECTIONS_CUSTOMIZATIONS_LOCKOUT_POLICY_TRANSACTIONDURATION 
  
						 
					
						
							
								
									
										
										
										
											2023-03-29 00:09:06 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     # The NotificationsQuotas projection is used for calling quota webhooks 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     NotificationsQuotas : 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       # As quota notification projections don't result in database statements, retries don't have an effect 
  
						 
					
						
							
								
									
										
										
										
											2023-10-19 12:19:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       MaxFailureCount :   10   # ZITADEL_PROJECTIONS_CUSTOMIZATIONS_NOTIFICATIONSQUOTAS_MAXFAILURECOUNT 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       # Quota notifications are not so time critical. Setting RequeueEvery every five minutes doesn't annoy the db too much. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       RequeueEvery :   300s   # ZITADEL_PROJECTIONS_CUSTOMIZATIONS_NOTIFICATIONSQUOTAS_REQUEUEEVERY 
  
						 
					
						
							
								
									
										
										
										
											2023-10-19 12:19:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       # Sending emails can take longer than 500ms 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       TransactionDuration :   5s   # ZITADEL_PROJECTIONS_CUSTOMIZATIONS_NOTIFICATIONQUOTAS_TRANSACTIONDURATION 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     milestones : 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       BulkLimit :   50 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     # The Telemetry projection is used for calling telemetry webhooks 
  
						 
					
						
							
								
									
										
										
										
											2023-07-06 08:38:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     Telemetry : 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       # As sending telemetry data doesn't result in database statements, retries don't have any effects 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       MaxFailureCount :   0   # ZITADEL_PROJECTIONS_CUSTOMIZATIONS_TELEMETRY_MAXFAILURECOUNT 
  
						 
					
						
							
								
									
										
										
										
											2023-07-06 08:38:13 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       # Telemetry data synchronization is not time critical. Setting RequeueEvery to 55 minutes doesn't annoy the database too much. 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       RequeueEvery :   3300s   # ZITADEL_PROJECTIONS_CUSTOMIZATIONS_TELEMETRY_REQUEUEEVERY 
  
						 
					
						
							
								
									
										
										
										
											2022-02-14 17:22:30 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
											 
										
											
												feat(notification): use event worker pool (#8962)
# Which Problems Are Solved
The current handling of notification follows the same pattern as all
other projections:
Created events are handled sequentially (based on "position") by a
handler. During the process, a lot of information is aggregated (user,
texts, templates, ...).
This leads to back pressure on the projection since the handling of
events might take longer than the time before a new event (to be
handled) is created.
# How the Problems Are Solved
- The current user notification handler creates separate notification
events based on the user / session events.
- These events contain all the present and required information
including the userID.
- These notification events get processed by notification workers, which
gather the necessary information (recipient address, texts, templates)
to send out these notifications.
- If a notification fails, a retry event is created based on the current
notification request including the current state of the user (this
prevents race conditions, where a user is changed in the meantime and
the notification already gets the new state).
- The retry event will be handled after a backoff delay. This delay
increases with every attempt.
- If the configured amount of attempts is reached or the message expired
(based on config), a cancel event is created, letting the workers know,
the notification must no longer be handled.
- In case of successful send, a sent event is created for the
notification aggregate and the existing "sent" events for the user /
session object is stored.
- The following is added to the defaults.yaml to allow configuration of
the notification workers:
```yaml
Notifications:
  # The amount of workers processing the notification request events.
  # If set to 0, no notification request events will be handled. This can be useful when running in
  # multi binary / pod setup and allowing only certain executables to process the events.
  Workers: 1 # ZITADEL_NOTIFIACATIONS_WORKERS
  # The amount of events a single worker will process in a run.
  BulkLimit: 10 # ZITADEL_NOTIFIACATIONS_BULKLIMIT
  # Time interval between scheduled notifications for request events
  RequeueEvery: 2s # ZITADEL_NOTIFIACATIONS_REQUEUEEVERY
  # The amount of workers processing the notification retry events.
  # If set to 0, no notification retry events will be handled. This can be useful when running in
  # multi binary / pod setup and allowing only certain executables to process the events.
  RetryWorkers: 1 # ZITADEL_NOTIFIACATIONS_RETRYWORKERS
  # Time interval between scheduled notifications for retry events
  RetryRequeueEvery: 2s # ZITADEL_NOTIFIACATIONS_RETRYREQUEUEEVERY
  # Only instances are projected, for which at least a projection-relevant event exists within the timeframe
  # from HandleActiveInstances duration in the past until the projection's current time
  # If set to 0 (default), every instance is always considered active
  HandleActiveInstances: 0s # ZITADEL_NOTIFIACATIONS_HANDLEACTIVEINSTANCES
  # The maximum duration a transaction remains open
  # before it spots left folding additional events
  # and updates the table.
  TransactionDuration: 1m # ZITADEL_NOTIFIACATIONS_TRANSACTIONDURATION
  # Automatically cancel the notification after the amount of failed attempts
  MaxAttempts: 3 # ZITADEL_NOTIFIACATIONS_MAXATTEMPTS
  # Automatically cancel the notification if it cannot be handled within a specific time
  MaxTtl: 5m  # ZITADEL_NOTIFIACATIONS_MAXTTL
  # Failed attempts are retried after a confogired delay (with exponential backoff).
  # Set a minimum and maximum delay and a factor for the backoff
  MinRetryDelay: 1s  # ZITADEL_NOTIFIACATIONS_MINRETRYDELAY
  MaxRetryDelay: 20s # ZITADEL_NOTIFIACATIONS_MAXRETRYDELAY
  # Any factor below 1 will be set to 1
  RetryDelayFactor: 1.5 # ZITADEL_NOTIFIACATIONS_RETRYDELAYFACTOR
```
# Additional Changes
None
# Additional Context
- closes #8931
											 
										 
										
											2024-11-27 16:01:17 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								Notifications : 
  
						 
					
						
							
								
									
										
										
										
											2024-12-06 10:56:19 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   # Notifications can be processed by either a sequential mode (legacy) or a new parallel mode. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   # The parallel mode is currently only recommended for Postgres databases. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   # For CockroachDB, the sequential mode is recommended, see: https://github.com/zitadel/zitadel/issues/9002 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   # If legacy mode is enabled, the worker config below is ignored. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   LegacyEnabled :   true   # ZITADEL_NOTIFICATIONS_LEGACYENABLED 
  
						 
					
						
							
								
									
										
											 
										
											
												feat(notification): use event worker pool (#8962)
# Which Problems Are Solved
The current handling of notification follows the same pattern as all
other projections:
Created events are handled sequentially (based on "position") by a
handler. During the process, a lot of information is aggregated (user,
texts, templates, ...).
This leads to back pressure on the projection since the handling of
events might take longer than the time before a new event (to be
handled) is created.
# How the Problems Are Solved
- The current user notification handler creates separate notification
events based on the user / session events.
- These events contain all the present and required information
including the userID.
- These notification events get processed by notification workers, which
gather the necessary information (recipient address, texts, templates)
to send out these notifications.
- If a notification fails, a retry event is created based on the current
notification request including the current state of the user (this
prevents race conditions, where a user is changed in the meantime and
the notification already gets the new state).
- The retry event will be handled after a backoff delay. This delay
increases with every attempt.
- If the configured amount of attempts is reached or the message expired
(based on config), a cancel event is created, letting the workers know,
the notification must no longer be handled.
- In case of successful send, a sent event is created for the
notification aggregate and the existing "sent" events for the user /
session object is stored.
- The following is added to the defaults.yaml to allow configuration of
the notification workers:
```yaml
Notifications:
  # The amount of workers processing the notification request events.
  # If set to 0, no notification request events will be handled. This can be useful when running in
  # multi binary / pod setup and allowing only certain executables to process the events.
  Workers: 1 # ZITADEL_NOTIFIACATIONS_WORKERS
  # The amount of events a single worker will process in a run.
  BulkLimit: 10 # ZITADEL_NOTIFIACATIONS_BULKLIMIT
  # Time interval between scheduled notifications for request events
  RequeueEvery: 2s # ZITADEL_NOTIFIACATIONS_REQUEUEEVERY
  # The amount of workers processing the notification retry events.
  # If set to 0, no notification retry events will be handled. This can be useful when running in
  # multi binary / pod setup and allowing only certain executables to process the events.
  RetryWorkers: 1 # ZITADEL_NOTIFIACATIONS_RETRYWORKERS
  # Time interval between scheduled notifications for retry events
  RetryRequeueEvery: 2s # ZITADEL_NOTIFIACATIONS_RETRYREQUEUEEVERY
  # Only instances are projected, for which at least a projection-relevant event exists within the timeframe
  # from HandleActiveInstances duration in the past until the projection's current time
  # If set to 0 (default), every instance is always considered active
  HandleActiveInstances: 0s # ZITADEL_NOTIFIACATIONS_HANDLEACTIVEINSTANCES
  # The maximum duration a transaction remains open
  # before it spots left folding additional events
  # and updates the table.
  TransactionDuration: 1m # ZITADEL_NOTIFIACATIONS_TRANSACTIONDURATION
  # Automatically cancel the notification after the amount of failed attempts
  MaxAttempts: 3 # ZITADEL_NOTIFIACATIONS_MAXATTEMPTS
  # Automatically cancel the notification if it cannot be handled within a specific time
  MaxTtl: 5m  # ZITADEL_NOTIFIACATIONS_MAXTTL
  # Failed attempts are retried after a confogired delay (with exponential backoff).
  # Set a minimum and maximum delay and a factor for the backoff
  MinRetryDelay: 1s  # ZITADEL_NOTIFIACATIONS_MINRETRYDELAY
  MaxRetryDelay: 20s # ZITADEL_NOTIFIACATIONS_MAXRETRYDELAY
  # Any factor below 1 will be set to 1
  RetryDelayFactor: 1.5 # ZITADEL_NOTIFIACATIONS_RETRYDELAYFACTOR
```
# Additional Changes
None
# Additional Context
- closes #8931
											 
										 
										
											2024-11-27 16:01:17 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   # The amount of workers processing the notification request events. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   # If set to 0, no notification request events will be handled. This can be useful when running in 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   # multi binary / pod setup and allowing only certain executables to process the events. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   Workers :   1   # ZITADEL_NOTIFIACATIONS_WORKERS 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   # The amount of events a single worker will process in a run. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   BulkLimit :   10   # ZITADEL_NOTIFIACATIONS_BULKLIMIT 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   # Time interval between scheduled notifications for request events 
  
						 
					
						
							
								
									
										
										
										
											2024-12-04 21:17:49 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   RequeueEvery :   5s   # ZITADEL_NOTIFIACATIONS_REQUEUEEVERY 
  
						 
					
						
							
								
									
										
											 
										
											
												feat(notification): use event worker pool (#8962)
# Which Problems Are Solved
The current handling of notification follows the same pattern as all
other projections:
Created events are handled sequentially (based on "position") by a
handler. During the process, a lot of information is aggregated (user,
texts, templates, ...).
This leads to back pressure on the projection since the handling of
events might take longer than the time before a new event (to be
handled) is created.
# How the Problems Are Solved
- The current user notification handler creates separate notification
events based on the user / session events.
- These events contain all the present and required information
including the userID.
- These notification events get processed by notification workers, which
gather the necessary information (recipient address, texts, templates)
to send out these notifications.
- If a notification fails, a retry event is created based on the current
notification request including the current state of the user (this
prevents race conditions, where a user is changed in the meantime and
the notification already gets the new state).
- The retry event will be handled after a backoff delay. This delay
increases with every attempt.
- If the configured amount of attempts is reached or the message expired
(based on config), a cancel event is created, letting the workers know,
the notification must no longer be handled.
- In case of successful send, a sent event is created for the
notification aggregate and the existing "sent" events for the user /
session object is stored.
- The following is added to the defaults.yaml to allow configuration of
the notification workers:
```yaml
Notifications:
  # The amount of workers processing the notification request events.
  # If set to 0, no notification request events will be handled. This can be useful when running in
  # multi binary / pod setup and allowing only certain executables to process the events.
  Workers: 1 # ZITADEL_NOTIFIACATIONS_WORKERS
  # The amount of events a single worker will process in a run.
  BulkLimit: 10 # ZITADEL_NOTIFIACATIONS_BULKLIMIT
  # Time interval between scheduled notifications for request events
  RequeueEvery: 2s # ZITADEL_NOTIFIACATIONS_REQUEUEEVERY
  # The amount of workers processing the notification retry events.
  # If set to 0, no notification retry events will be handled. This can be useful when running in
  # multi binary / pod setup and allowing only certain executables to process the events.
  RetryWorkers: 1 # ZITADEL_NOTIFIACATIONS_RETRYWORKERS
  # Time interval between scheduled notifications for retry events
  RetryRequeueEvery: 2s # ZITADEL_NOTIFIACATIONS_RETRYREQUEUEEVERY
  # Only instances are projected, for which at least a projection-relevant event exists within the timeframe
  # from HandleActiveInstances duration in the past until the projection's current time
  # If set to 0 (default), every instance is always considered active
  HandleActiveInstances: 0s # ZITADEL_NOTIFIACATIONS_HANDLEACTIVEINSTANCES
  # The maximum duration a transaction remains open
  # before it spots left folding additional events
  # and updates the table.
  TransactionDuration: 1m # ZITADEL_NOTIFIACATIONS_TRANSACTIONDURATION
  # Automatically cancel the notification after the amount of failed attempts
  MaxAttempts: 3 # ZITADEL_NOTIFIACATIONS_MAXATTEMPTS
  # Automatically cancel the notification if it cannot be handled within a specific time
  MaxTtl: 5m  # ZITADEL_NOTIFIACATIONS_MAXTTL
  # Failed attempts are retried after a confogired delay (with exponential backoff).
  # Set a minimum and maximum delay and a factor for the backoff
  MinRetryDelay: 1s  # ZITADEL_NOTIFIACATIONS_MINRETRYDELAY
  MaxRetryDelay: 20s # ZITADEL_NOTIFIACATIONS_MAXRETRYDELAY
  # Any factor below 1 will be set to 1
  RetryDelayFactor: 1.5 # ZITADEL_NOTIFIACATIONS_RETRYDELAYFACTOR
```
# Additional Changes
None
# Additional Context
- closes #8931
											 
										 
										
											2024-11-27 16:01:17 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   # The amount of workers processing the notification retry events. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   # If set to 0, no notification retry events will be handled. This can be useful when running in 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   # multi binary / pod setup and allowing only certain executables to process the events. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   RetryWorkers :   1   # ZITADEL_NOTIFIACATIONS_RETRYWORKERS 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   # Time interval between scheduled notifications for retry events 
  
						 
					
						
							
								
									
										
										
										
											2024-12-04 21:17:49 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   RetryRequeueEvery :   5s   # ZITADEL_NOTIFIACATIONS_RETRYREQUEUEEVERY 
  
						 
					
						
							
								
									
										
											 
										
											
												feat(notification): use event worker pool (#8962)
# Which Problems Are Solved
The current handling of notification follows the same pattern as all
other projections:
Created events are handled sequentially (based on "position") by a
handler. During the process, a lot of information is aggregated (user,
texts, templates, ...).
This leads to back pressure on the projection since the handling of
events might take longer than the time before a new event (to be
handled) is created.
# How the Problems Are Solved
- The current user notification handler creates separate notification
events based on the user / session events.
- These events contain all the present and required information
including the userID.
- These notification events get processed by notification workers, which
gather the necessary information (recipient address, texts, templates)
to send out these notifications.
- If a notification fails, a retry event is created based on the current
notification request including the current state of the user (this
prevents race conditions, where a user is changed in the meantime and
the notification already gets the new state).
- The retry event will be handled after a backoff delay. This delay
increases with every attempt.
- If the configured amount of attempts is reached or the message expired
(based on config), a cancel event is created, letting the workers know,
the notification must no longer be handled.
- In case of successful send, a sent event is created for the
notification aggregate and the existing "sent" events for the user /
session object is stored.
- The following is added to the defaults.yaml to allow configuration of
the notification workers:
```yaml
Notifications:
  # The amount of workers processing the notification request events.
  # If set to 0, no notification request events will be handled. This can be useful when running in
  # multi binary / pod setup and allowing only certain executables to process the events.
  Workers: 1 # ZITADEL_NOTIFIACATIONS_WORKERS
  # The amount of events a single worker will process in a run.
  BulkLimit: 10 # ZITADEL_NOTIFIACATIONS_BULKLIMIT
  # Time interval between scheduled notifications for request events
  RequeueEvery: 2s # ZITADEL_NOTIFIACATIONS_REQUEUEEVERY
  # The amount of workers processing the notification retry events.
  # If set to 0, no notification retry events will be handled. This can be useful when running in
  # multi binary / pod setup and allowing only certain executables to process the events.
  RetryWorkers: 1 # ZITADEL_NOTIFIACATIONS_RETRYWORKERS
  # Time interval between scheduled notifications for retry events
  RetryRequeueEvery: 2s # ZITADEL_NOTIFIACATIONS_RETRYREQUEUEEVERY
  # Only instances are projected, for which at least a projection-relevant event exists within the timeframe
  # from HandleActiveInstances duration in the past until the projection's current time
  # If set to 0 (default), every instance is always considered active
  HandleActiveInstances: 0s # ZITADEL_NOTIFIACATIONS_HANDLEACTIVEINSTANCES
  # The maximum duration a transaction remains open
  # before it spots left folding additional events
  # and updates the table.
  TransactionDuration: 1m # ZITADEL_NOTIFIACATIONS_TRANSACTIONDURATION
  # Automatically cancel the notification after the amount of failed attempts
  MaxAttempts: 3 # ZITADEL_NOTIFIACATIONS_MAXATTEMPTS
  # Automatically cancel the notification if it cannot be handled within a specific time
  MaxTtl: 5m  # ZITADEL_NOTIFIACATIONS_MAXTTL
  # Failed attempts are retried after a confogired delay (with exponential backoff).
  # Set a minimum and maximum delay and a factor for the backoff
  MinRetryDelay: 1s  # ZITADEL_NOTIFIACATIONS_MINRETRYDELAY
  MaxRetryDelay: 20s # ZITADEL_NOTIFIACATIONS_MAXRETRYDELAY
  # Any factor below 1 will be set to 1
  RetryDelayFactor: 1.5 # ZITADEL_NOTIFIACATIONS_RETRYDELAYFACTOR
```
# Additional Changes
None
# Additional Context
- closes #8931
											 
										 
										
											2024-11-27 16:01:17 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   # Only instances are projected, for which at least a projection-relevant event exists within the timeframe 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   # from HandleActiveInstances duration in the past until the projection's current time 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   # If set to 0 (default), every instance is always considered active 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   HandleActiveInstances :   0s   # ZITADEL_NOTIFIACATIONS_HANDLEACTIVEINSTANCES 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   # The maximum duration a transaction remains open 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   # before it spots left folding additional events 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   # and updates the table. 
  
						 
					
						
							
								
									
										
										
										
											2024-12-04 21:17:49 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   TransactionDuration :   10s   # ZITADEL_NOTIFIACATIONS_TRANSACTIONDURATION 
  
						 
					
						
							
								
									
										
											 
										
											
												feat(notification): use event worker pool (#8962)
# Which Problems Are Solved
The current handling of notification follows the same pattern as all
other projections:
Created events are handled sequentially (based on "position") by a
handler. During the process, a lot of information is aggregated (user,
texts, templates, ...).
This leads to back pressure on the projection since the handling of
events might take longer than the time before a new event (to be
handled) is created.
# How the Problems Are Solved
- The current user notification handler creates separate notification
events based on the user / session events.
- These events contain all the present and required information
including the userID.
- These notification events get processed by notification workers, which
gather the necessary information (recipient address, texts, templates)
to send out these notifications.
- If a notification fails, a retry event is created based on the current
notification request including the current state of the user (this
prevents race conditions, where a user is changed in the meantime and
the notification already gets the new state).
- The retry event will be handled after a backoff delay. This delay
increases with every attempt.
- If the configured amount of attempts is reached or the message expired
(based on config), a cancel event is created, letting the workers know,
the notification must no longer be handled.
- In case of successful send, a sent event is created for the
notification aggregate and the existing "sent" events for the user /
session object is stored.
- The following is added to the defaults.yaml to allow configuration of
the notification workers:
```yaml
Notifications:
  # The amount of workers processing the notification request events.
  # If set to 0, no notification request events will be handled. This can be useful when running in
  # multi binary / pod setup and allowing only certain executables to process the events.
  Workers: 1 # ZITADEL_NOTIFIACATIONS_WORKERS
  # The amount of events a single worker will process in a run.
  BulkLimit: 10 # ZITADEL_NOTIFIACATIONS_BULKLIMIT
  # Time interval between scheduled notifications for request events
  RequeueEvery: 2s # ZITADEL_NOTIFIACATIONS_REQUEUEEVERY
  # The amount of workers processing the notification retry events.
  # If set to 0, no notification retry events will be handled. This can be useful when running in
  # multi binary / pod setup and allowing only certain executables to process the events.
  RetryWorkers: 1 # ZITADEL_NOTIFIACATIONS_RETRYWORKERS
  # Time interval between scheduled notifications for retry events
  RetryRequeueEvery: 2s # ZITADEL_NOTIFIACATIONS_RETRYREQUEUEEVERY
  # Only instances are projected, for which at least a projection-relevant event exists within the timeframe
  # from HandleActiveInstances duration in the past until the projection's current time
  # If set to 0 (default), every instance is always considered active
  HandleActiveInstances: 0s # ZITADEL_NOTIFIACATIONS_HANDLEACTIVEINSTANCES
  # The maximum duration a transaction remains open
  # before it spots left folding additional events
  # and updates the table.
  TransactionDuration: 1m # ZITADEL_NOTIFIACATIONS_TRANSACTIONDURATION
  # Automatically cancel the notification after the amount of failed attempts
  MaxAttempts: 3 # ZITADEL_NOTIFIACATIONS_MAXATTEMPTS
  # Automatically cancel the notification if it cannot be handled within a specific time
  MaxTtl: 5m  # ZITADEL_NOTIFIACATIONS_MAXTTL
  # Failed attempts are retried after a confogired delay (with exponential backoff).
  # Set a minimum and maximum delay and a factor for the backoff
  MinRetryDelay: 1s  # ZITADEL_NOTIFIACATIONS_MINRETRYDELAY
  MaxRetryDelay: 20s # ZITADEL_NOTIFIACATIONS_MAXRETRYDELAY
  # Any factor below 1 will be set to 1
  RetryDelayFactor: 1.5 # ZITADEL_NOTIFIACATIONS_RETRYDELAYFACTOR
```
# Additional Changes
None
# Additional Context
- closes #8931
											 
										 
										
											2024-11-27 16:01:17 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   # Automatically cancel the notification after the amount of failed attempts 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   MaxAttempts :   3   # ZITADEL_NOTIFIACATIONS_MAXATTEMPTS 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   # Automatically cancel the notification if it cannot be handled within a specific time 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   MaxTtl :   5m    # ZITADEL_NOTIFIACATIONS_MAXTTL 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   # Failed attempts are retried after a confogired delay (with exponential backoff). 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   # Set a minimum and maximum delay and a factor for the backoff 
  
						 
					
						
							
								
									
										
										
										
											2024-12-04 21:17:49 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   MinRetryDelay :   5s    # ZITADEL_NOTIFIACATIONS_MINRETRYDELAY 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   MaxRetryDelay :   1m   # ZITADEL_NOTIFIACATIONS_MAXRETRYDELAY 
  
						 
					
						
							
								
									
										
											 
										
											
												feat(notification): use event worker pool (#8962)
# Which Problems Are Solved
The current handling of notification follows the same pattern as all
other projections:
Created events are handled sequentially (based on "position") by a
handler. During the process, a lot of information is aggregated (user,
texts, templates, ...).
This leads to back pressure on the projection since the handling of
events might take longer than the time before a new event (to be
handled) is created.
# How the Problems Are Solved
- The current user notification handler creates separate notification
events based on the user / session events.
- These events contain all the present and required information
including the userID.
- These notification events get processed by notification workers, which
gather the necessary information (recipient address, texts, templates)
to send out these notifications.
- If a notification fails, a retry event is created based on the current
notification request including the current state of the user (this
prevents race conditions, where a user is changed in the meantime and
the notification already gets the new state).
- The retry event will be handled after a backoff delay. This delay
increases with every attempt.
- If the configured amount of attempts is reached or the message expired
(based on config), a cancel event is created, letting the workers know,
the notification must no longer be handled.
- In case of successful send, a sent event is created for the
notification aggregate and the existing "sent" events for the user /
session object is stored.
- The following is added to the defaults.yaml to allow configuration of
the notification workers:
```yaml
Notifications:
  # The amount of workers processing the notification request events.
  # If set to 0, no notification request events will be handled. This can be useful when running in
  # multi binary / pod setup and allowing only certain executables to process the events.
  Workers: 1 # ZITADEL_NOTIFIACATIONS_WORKERS
  # The amount of events a single worker will process in a run.
  BulkLimit: 10 # ZITADEL_NOTIFIACATIONS_BULKLIMIT
  # Time interval between scheduled notifications for request events
  RequeueEvery: 2s # ZITADEL_NOTIFIACATIONS_REQUEUEEVERY
  # The amount of workers processing the notification retry events.
  # If set to 0, no notification retry events will be handled. This can be useful when running in
  # multi binary / pod setup and allowing only certain executables to process the events.
  RetryWorkers: 1 # ZITADEL_NOTIFIACATIONS_RETRYWORKERS
  # Time interval between scheduled notifications for retry events
  RetryRequeueEvery: 2s # ZITADEL_NOTIFIACATIONS_RETRYREQUEUEEVERY
  # Only instances are projected, for which at least a projection-relevant event exists within the timeframe
  # from HandleActiveInstances duration in the past until the projection's current time
  # If set to 0 (default), every instance is always considered active
  HandleActiveInstances: 0s # ZITADEL_NOTIFIACATIONS_HANDLEACTIVEINSTANCES
  # The maximum duration a transaction remains open
  # before it spots left folding additional events
  # and updates the table.
  TransactionDuration: 1m # ZITADEL_NOTIFIACATIONS_TRANSACTIONDURATION
  # Automatically cancel the notification after the amount of failed attempts
  MaxAttempts: 3 # ZITADEL_NOTIFIACATIONS_MAXATTEMPTS
  # Automatically cancel the notification if it cannot be handled within a specific time
  MaxTtl: 5m  # ZITADEL_NOTIFIACATIONS_MAXTTL
  # Failed attempts are retried after a confogired delay (with exponential backoff).
  # Set a minimum and maximum delay and a factor for the backoff
  MinRetryDelay: 1s  # ZITADEL_NOTIFIACATIONS_MINRETRYDELAY
  MaxRetryDelay: 20s # ZITADEL_NOTIFIACATIONS_MAXRETRYDELAY
  # Any factor below 1 will be set to 1
  RetryDelayFactor: 1.5 # ZITADEL_NOTIFIACATIONS_RETRYDELAYFACTOR
```
# Additional Changes
None
# Additional Context
- closes #8931
											 
										 
										
											2024-11-27 16:01:17 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   # Any factor below 1 will be set to 1 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   RetryDelayFactor :   1.5   # ZITADEL_NOTIFIACATIONS_RETRYDELAYFACTOR 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2022-02-14 17:22:30 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								Auth : 
  
						 
					
						
							
								
									
										
										
										
											2023-10-19 12:19:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   # See Projections.BulkLimit 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   SearchLimit :   1000   # ZITADEL_AUTH_SEARCHLIMIT 
  
						 
					
						
							
								
									
										
										
										
											2022-02-14 17:22:30 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   Spooler : 
  
						 
					
						
							
								
									
										
										
										
											2024-05-13 16:01:50 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     # See Projections.TransationDuration 
  
						 
					
						
							
								
									
										
										
										
											2023-10-19 12:19:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     TransactionDuration :   10s   #ZITADEL_AUTH_SPOOLER_TRANSACTIONDURATION 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     # See Projections.BulkLimit 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     BulkLimit :   100   #ZITADEL_AUTH_SPOOLER_BULKLIMIT 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     # See Projections.MaxFailureCount 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     FailureCountUntilSkip :   5   #ZITADEL_AUTH_SPOOLER_FAILURECOUNTUNTILSKIP 
  
						 
					
						
							
								
									
										
										
										
											2024-04-23 13:23:50 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   # Defines the amount of auth requests stored in the LRU caches. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   # There are two caches implemented one for id and one for code 
  
						 
					
						
							
								
									
										
										
										
											2024-04-26 09:30:35 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   AmountOfCachedAuthRequests :   0   #ZITADEL_AUTH_AMOUNTOFCACHEDAUTHREQUESTS 
  
						 
					
						
							
								
									
										
										
										
											2022-02-14 17:22:30 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								Admin : 
  
						 
					
						
							
								
									
										
										
										
											2023-10-19 12:19:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   # See Projections.BulkLimit 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   SearchLimit :   1000   # ZITADEL_ADMIN_SEARCHLIMIT 
  
						 
					
						
							
								
									
										
										
										
											2022-02-14 17:22:30 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   Spooler : 
  
						 
					
						
							
								
									
										
										
										
											2023-10-19 12:19:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     # See Projections.TransationDuration 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     TransactionDuration :   10s 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     # See Projections.BulkLimit 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     BulkLimit :   200 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     # See Projections.MaxFailureCount 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     FailureCountUntilSkip :   5 
  
						 
					
						
							
								
									
										
										
										
											2022-02-14 17:22:30 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								UserAgentCookie : 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   Name :   zitadel.useragent   # ZITADEL_USERAGENTCOOKIE_NAME 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   # 8760h are 365 days, one year 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   MaxAge :   8760h   # ZITADEL_USERAGENTCOOKIE_MAXAGE 
  
						 
					
						
							
								
									
										
										
										
											2022-02-14 17:22:30 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								OIDC : 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   CodeMethodS256 :   true   # ZITADEL_OIDC_CODEMETHODS256 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   AuthMethodPost :   true   # ZITADEL_OIDC_AUTHMETHODPOST 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   AuthMethodPrivateKeyJWT :   true   # ZITADEL_OIDC_AUTHMETHODPRIVATEKEYJWT 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   GrantTypeRefreshToken :   true   # ZITADEL_OIDC_GRANTTYPEREFRESHTOKEN 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   RequestObjectSupported :   true   # ZITADEL_OIDC_REQUESTOBJECTSUPPORTED 
  
						 
					
						
							
								
									
										
										
										
											2024-11-11 22:03:15 +10:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2022-09-27 11:53:49 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   # Sets the default values for lifetime and expiration for OIDC 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   # This default can be overwritten in the default instance configuration and for each instance during runtime 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   # !!! Changing this after the initial setup will have no impact without a restart !!! 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   DefaultAccessTokenLifetime :   12h   # ZITADEL_OIDC_DEFAULTACCESSTOKENLIFETIME 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   DefaultIdTokenLifetime :   12h   # ZITADEL_OIDC_DEFAULTIDTOKENLIFETIME 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   # 720h are 30 days, one month 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   DefaultRefreshTokenIdleExpiration :   720h   # ZITADEL_OIDC_DEFAULTREFRESHTOKENIDLEEXPIRATION 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   # 2160h are 90 days, three months 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   DefaultRefreshTokenExpiration :   2160h   # ZITADEL_OIDC_DEFAULTREFRESHTOKENEXPIRATION 
  
						 
					
						
							
								
									
										
										
										
											2024-11-11 22:03:15 +10:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2024-08-23 15:43:46 +03:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   # HTTP Cache-Control max-age header value to set on the jwks endpoint. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   # Only used when the web keys feature is enabled.  0 sets a no-store value. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   JWKSCacheControlMaxAge :   5m   # ZITADEL_OIDC_JWKSCACHECONTROLMAXAGE 
  
						 
					
						
							
								
									
										
										
										
											2022-02-14 17:22:30 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   CustomEndpoints : 
  
						 
					
						
							
								
									
										
										
										
											2022-06-07 10:04:51 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     Auth : 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       Path :   /oauth/v2/authorize   # ZITADEL_OIDC_CUSTOMENDPOINTS_AUTH_PATH 
  
						 
					
						
							
								
									
										
										
										
											2022-06-07 10:04:51 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     Token : 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       Path :   /oauth/v2/token   # ZITADEL_OIDC_CUSTOMENDPOINTS_TOKEN_PATH 
  
						 
					
						
							
								
									
										
										
										
											2022-06-07 10:04:51 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     Introspection : 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       Path :   /oauth/v2/introspect   # ZITADEL_OIDC_CUSTOMENDPOINTS_INTROSPECTION_PATH 
  
						 
					
						
							
								
									
										
										
										
											2022-06-07 10:04:51 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     Userinfo : 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       Path :   /oidc/v1/userinfo   # ZITADEL_OIDC_CUSTOMENDPOINTS_USERINFO_PATH 
  
						 
					
						
							
								
									
										
										
										
											2022-06-07 10:04:51 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     Revocation : 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       Path :   /oauth/v2/revoke   # ZITADEL_OIDC_CUSTOMENDPOINTS_REVOCATION_PATH 
  
						 
					
						
							
								
									
										
										
										
											2022-06-07 10:04:51 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     EndSession : 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       Path :   /oidc/v1/end_session   # ZITADEL_OIDC_CUSTOMENDPOINTS_ENDSESSION_PATH 
  
						 
					
						
							
								
									
										
										
										
											2022-06-07 10:04:51 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     Keys : 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       Path :   /oauth/v2/keys   # ZITADEL_OIDC_CUSTOMENDPOINTS_KEYS_PATH 
  
						 
					
						
							
								
									
										
										
										
											2023-04-19 11:46:02 +03:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     DeviceAuth : 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       Path :   /oauth/v2/device_authorization   # ZITADEL_OIDC_CUSTOMENDPOINTS_DEVICEAUTH_PATH 
  
						 
					
						
							
								
									
										
										
										
											2024-08-12 11:55:07 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   DeviceAuth : 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     Lifetime :   5m   # ZITADEL_OIDC_DEVICEAUTH_LIFETIME 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     PollInterval :   5s   # ZITADEL_OIDC_DEVICEAUTH_POLLINTERVAL 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     UserCode : 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       CharSet :   "BCDFGHJKLMNPQRSTVWXZ"   # ZITADEL_OIDC_DEVICEAUTH_USERCODE_CHARSET 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       CharAmount :   8   # ZITADEL_OIDC_DEVICEAUTH_USERCODE_CHARARMOUNT 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       DashInterval :   4   # ZITADEL_OIDC_DEVICEAUTH_USERCODE_DASHINTERVAL 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   DefaultLoginURLV2 :   "/login?authRequest="   # ZITADEL_OIDC_DEFAULTLOGINURLV2 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   DefaultLogoutURLV2 :   "/logout?post_logout_redirect="   # ZITADEL_OIDC_DEFAULTLOGOUTURLV2 
  
						 
					
						
							
								
									
										
										
										
											2024-01-29 17:11:52 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   PublicKeyCacheMaxAge :   24h   # ZITADEL_OIDC_PUBLICKEYCACHEMAXAGE 
  
						 
					
						
							
								
									
										
										
										
											2024-10-31 15:57:17 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   DefaultBackChannelLogoutLifetime :   15m   # ZITADEL_OIDC_DEFAULTBACKCHANNELLOGOUTLIFETIME 
  
						 
					
						
							
								
									
										
										
										
											2022-02-14 17:22:30 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2022-09-12 17:18:08 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								SAML : 
  
						 
					
						
							
								
									
										
										
										
											2024-12-19 12:11:40 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   DefaultLoginURLV2 :   "/login?authRequest="   # ZITADEL_SAML_DEFAULTLOGINURLV2 
  
						 
					
						
							
								
									
										
										
										
											2022-09-12 17:18:08 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   ProviderConfig : 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     MetadataConfig : 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       Path :   "/metadata"   # ZITADEL_SAML_PROVIDERCONFIG_METADATACONFIG_PATH 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       SignatureAlgorithm :   "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"   # ZITADEL_SAML_PROVIDERCONFIG_METADATACONFIG_SIGNATUREALGORITHM 
  
						 
					
						
							
								
									
										
										
										
											2022-09-12 17:18:08 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     IDPConfig : 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       SignatureAlgorithm :   "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"   # ZITADEL_SAML_PROVIDERCONFIG_IDPCONFIG_SIGNATUREALGORITHM 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       WantAuthRequestsSigned :   true   # ZITADEL_SAML_PROVIDERCONFIG_IDPCONFIG_WANTAUTHREQUESTSSIGNED 
  
						 
					
						
							
								
									
										
										
										
											2022-09-12 17:18:08 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       Endpoints : 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     #Organisation: 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     #  Name: ZITADEL # ZITADEL_SAML_PROVIDERCONFIG_ORGANISATION_NAME 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     #  URL: https://zitadel.com # ZITADEL_SAML_PROVIDERCONFIG_ORGANISATION_URL 
  
						 
					
						
							
								
									
										
										
										
											2022-09-12 17:18:08 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     #ContactPerson: 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     #  ContactType: "technical" # ZITADEL_SAML_PROVIDERCONFIG_CONTACTPERSON_CONTACTTYPE 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     #  Company: ZITADEL # ZITADEL_SAML_PROVIDERCONFIG_CONTACTPERSON_COMPANY 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     #  EmailAddress: hi@zitadel.com # ZITADEL_SAML_PROVIDERCONFIG_CONTACTPERSON_EMAILADDRESS 
  
						 
					
						
							
								
									
										
										
										
											2022-09-12 17:18:08 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2025-01-09 12:46:36 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								SCIM : 
  
						 
					
						
							
								
									
										
										
										
											2025-01-29 19:11:12 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   DocumentationUrl :   https://zitadel.com/docs/guides/manage/user/scim2 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   AuthenticationSchemes : 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     - Name :   Zitadel authentication token 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       Description :   Authentication scheme using the OAuth Bearer Token Standard 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       SpecUri :   https://www.rfc-editor.org/info/rfc6750 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       DocumentationUri :   https://zitadel.com/docs/guides/integrate/service-users/authenticate-service-users 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       Type :   oauthbearertoken 
  
						 
					
						
							
								
									
										
										
										
											2025-01-09 12:46:36 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   # default values whether an email/phone is considered verified when a users email/phone is created or updated 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   EmailVerified :   true   # ZITADEL_SCIM_EMAILVERIFIED 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   PhoneVerified :   true   # ZITADEL_SCIM_PHONEVERIFIED 
  
						 
					
						
							
								
									
										
										
										
											2025-01-29 15:23:56 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   MaxRequestBodySize :   1_000_000   # ZITADEL_SCIM_MAXREQUESTBODYSIZE 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   Bulk : 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     MaxOperationsCount :   100   # ZITADEL_SCIM_BULK_MAXOPERATIONSCOUNT 
  
						 
					
						
							
								
									
										
										
										
											2025-01-09 12:46:36 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2022-02-14 17:22:30 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								Login : 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   LanguageCookieName :   zitadel.login.lang   # ZITADEL_LOGIN_LANGUAGECOOKIENAME 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   CSRFCookieName :   zitadel.login.csrf   # ZITADEL_LOGIN_CSRFCOOKIENAME 
  
						 
					
						
							
								
									
										
										
										
											2022-02-14 17:22:30 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   Cache : 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     MaxAge :   12h   # ZITADEL_LOGIN_CACHE_MAXAGE 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     # 168h is 7 days, one week 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     SharedMaxAge :   168h   # ZITADEL_LOGIN_CACHE_SHAREDMAXAGE 
  
						 
					
						
							
								
									
										
										
										
											2023-08-24 11:41:52 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   DefaultOTPEmailURLV2 :   "/otp/verify?loginName={{.LoginName}}&code={{.Code}}"   # ZITADEL_LOGIN_CACHE_DEFAULTOTPEMAILURLV2 
  
						 
					
						
							
								
									
										
										
										
											2022-02-14 17:22:30 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								Console : 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   ShortCache : 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     MaxAge :   0m   # ZITADEL_CONSOLE_SHORTCACHE_MAXAGE 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     SharedMaxAge :   5m   # ZITADEL_CONSOLE_SHORTCACHE_SHAREDMAXAGE 
  
						 
					
						
							
								
									
										
										
										
											2022-02-14 17:22:30 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   LongCache : 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     MaxAge :   12h   # ZITADEL_CONSOLE_LONGCACHE_MAXAGE 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     # 168h is 7 days, one week 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     SharedMaxAge :   168h   # ZITADEL_CONSOLE_LONGCACHE_SHAREDMAXAGE 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   InstanceManagementURL :   ""   # ZITADEL_CONSOLE_INSTANCEMANAGEMENTURL 
  
						 
					
						
							
								
									
										
										
										
											2025-01-07 15:38:13 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   PostHog : 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     URL :   ""   # ZITADEL_CONSOLE_POSTHOG_URL 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     Token :   ""   # ZITADEL_CONSOLE_POSTHOG_TOKEN 
  
						 
					
						
							
								
									
										
										
										
											2022-02-14 17:22:30 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2022-03-14 07:55:09 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								EncryptionKeys : 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   DomainVerification : 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     EncryptionKeyID :   "domainVerificationKey"   # ZITADEL_ENCRYPTIONKEYS_DOMAINVERIFICATION_ENCRYPTIONKEYID 
  
						 
					
						
							
								
									
										
										
										
											2024-02-16 17:04:42 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     DecryptionKeyIDs :   # ZITADEL_ENCRYPTIONKEYS_DOMAINVERIFICATION_DECRYPTIONKEYIDS (comma separated list) 
  
						 
					
						
							
								
									
										
										
										
											2022-03-14 07:55:09 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   IDPConfig : 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     EncryptionKeyID :   "idpConfigKey"   # ZITADEL_ENCRYPTIONKEYS_IDPCONFIG_ENCRYPTIONKEYID 
  
						 
					
						
							
								
									
										
										
										
											2024-02-16 17:04:42 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     DecryptionKeyIDs :   # ZITADEL_ENCRYPTIONKEYS_IDPCONFIG_DECRYPTIONKEYIDS (comma separated list) 
  
						 
					
						
							
								
									
										
										
										
											2022-03-14 07:55:09 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   OIDC : 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     EncryptionKeyID :   "oidcKey"   # ZITADEL_ENCRYPTIONKEYS_OIDC_ENCRYPTIONKEYID 
  
						 
					
						
							
								
									
										
										
										
											2024-02-16 17:04:42 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     DecryptionKeyIDs :   # ZITADEL_ENCRYPTIONKEYS_OIDC_DECRYPTIONKEYIDS (comma separated list) 
  
						 
					
						
							
								
									
										
										
										
											2022-09-12 17:18:08 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   SAML : 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     EncryptionKeyID :   "samlKey"   # ZITADEL_ENCRYPTIONKEYS_SAML_ENCRYPTIONKEYID 
  
						 
					
						
							
								
									
										
										
										
											2024-02-16 17:04:42 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     DecryptionKeyIDs :   # ZITADEL_ENCRYPTIONKEYS_SAML_DECRYPTIONKEYIDS (comma separated list) 
  
						 
					
						
							
								
									
										
										
										
											2022-03-14 07:55:09 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   OTP : 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     EncryptionKeyID :   "otpKey"   # ZITADEL_ENCRYPTIONKEYS_OTP_ENCRYPTIONKEYID 
  
						 
					
						
							
								
									
										
										
										
											2024-02-16 17:04:42 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     DecryptionKeyIDs :   # ZITADEL_ENCRYPTIONKEYS_OTP_DECRYPTIONKEYIDS (comma separated list) 
  
						 
					
						
							
								
									
										
										
										
											2022-03-14 07:55:09 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   SMS : 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     EncryptionKeyID :   "smsKey"   # ZITADEL_ENCRYPTIONKEYS_SMS_ENCRYPTIONKEYID 
  
						 
					
						
							
								
									
										
										
										
											2024-02-16 17:04:42 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     DecryptionKeyIDs :   # ZITADEL_ENCRYPTIONKEYS_SMS_DECRYPTIONKEYIDS (comma separated list) 
  
						 
					
						
							
								
									
										
										
										
											2022-03-14 07:55:09 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   SMTP : 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     EncryptionKeyID :   "smtpKey"   # ZITADEL_ENCRYPTIONKEYS_SMTP_ENCRYPTIONKEYID 
  
						 
					
						
							
								
									
										
										
										
											2024-02-16 17:04:42 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     DecryptionKeyIDs :   # ZITADEL_ENCRYPTIONKEYS_SMTP_DECRYPTIONKEYIDS (comma separated list) 
  
						 
					
						
							
								
									
										
										
										
											2022-03-14 07:55:09 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   User : 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     EncryptionKeyID :   "userKey"   # ZITADEL_ENCRYPTIONKEYS_USER_ENCRYPTIONKEYID 
  
						 
					
						
							
								
									
										
										
										
											2024-02-16 17:04:42 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     DecryptionKeyIDs :   # ZITADEL_ENCRYPTIONKEYS_USER_DECRYPTIONKEYIDS (comma separated list) 
  
						 
					
						
							
								
									
										
										
										
											2024-11-28 11:06:52 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   Target : 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     EncryptionKeyID :   "targetKey"   # ZITADEL_ENCRYPTIONKEYS_TARGET_ENCRYPTIONKEYID 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     DecryptionKeyIDs :   # ZITADEL_ENCRYPTIONKEYS_TARGET_DECRYPTIONKEYIDS (comma separated list) 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   CSRFCookieKeyID :   "csrfCookieKey"   # ZITADEL_ENCRYPTIONKEYS_CSRFCOOKIEKEYID 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   UserAgentCookieKeyID :   "userAgentCookieKey"   # ZITADEL_ENCRYPTIONKEYS_USERAGENTCOOKIEKEYID 
  
						 
					
						
							
								
									
										
										
										
											2022-03-14 07:55:09 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2022-05-30 13:38:30 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								SystemAPIUsers : 
  
						 
					
						
							
								
									
										
										
										
											2023-10-25 17:10:45 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								# # Add keys for authentication of the systemAPI here: 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								# # you can specify any name for the user, but they will have to match the `issuer` and `sub` claim in the JWT: 
  
						 
					
						
							
								
									
										
										
										
											2022-09-27 11:53:49 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								# - superuser: 
  
						 
					
						
							
								
									
										
										
										
											2023-10-25 17:10:45 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								#     Path: /path/to/superuser/ey.pem  # you can provide the key either by reference with the path 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								#     Memberships: 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								#       # MemberType System allows the user to access all APIs for all instances or organizations 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								#       - MemberType: System 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								#         Roles: 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								#           - "SYSTEM_OWNER" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								#           # Actually, we don't recommend adding IAM_OWNER and ORG_OWNER to the System membership, as this basically enables god mode for the system user 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								#           - "IAM_OWNER" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								#           - "ORG_OWNER" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								#       # MemberType IAM and Organization let you restrict access to a specific instance or organization by specifying the AggregateID 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								#       - MemberType: IAM 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								#         Roles: "IAM_OWNER" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								#         AggregateID: "123456789012345678" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								#       - MemberType: Organization 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								#         Roles: "ORG_OWNER" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								#         AggregateID: "123456789012345678" 
  
						 
					
						
							
								
									
										
										
										
											2022-09-27 11:53:49 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								# - superuser2: 
  
						 
					
						
							
								
									
										
										
										
											2023-10-25 17:10:45 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								#     # If no memberships are specified, the user has a membership of type System with the role "SYSTEM_OWNER" 
  
						 
					
						
							
								
									
										
										
										
											2022-09-27 11:53:49 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								#     KeyData: <base64 encoded key>     # or you can directly embed it as base64 encoded value 
  
						 
					
						
							
								
									
										
										
										
											2024-02-16 17:04:42 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								# Configure the SystemAPIUsers by environment variable using JSON notation: 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								# ZITADEL_SYSTEMAPIUSERS='{"systemuser":{"Path":"/path/to/superuser/key.pem"},"systemuser2":{"KeyData":"<base64 encoded key>"}}' 
  
						 
					
						
							
								
									
										
										
										
											2022-05-30 13:38:30 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2022-02-14 17:22:30 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								SystemDefaults : 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   SecretGenerators : 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     MachineKeySize :   2048   # ZITADEL_SYSTEMDEFAULTS_SECRETGENERATORS_MACHINEKEYSIZE 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     ApplicationKeySize :   2048   # ZITADEL_SYSTEMDEFAULTS_SECRETGENERATORS_APPLICATIONKEYSIZE 
  
						 
					
						
							
								
									
										
										
										
											2023-07-14 09:49:57 +03:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   PasswordHasher : 
  
						 
					
						
							
								
									
										
										
										
											2023-08-29 09:08:24 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     # Set hasher configuration for user passwords. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     # Passwords previously hashed with a different algorithm 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     # or cost are automatically re-hashed using this config, 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     # upon password validation or update. 
  
						 
					
						
							
								
									
										
										
										
											2023-07-14 09:49:57 +03:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     Hasher : 
  
						 
					
						
							
								
									
										
										
										
											2024-05-08 08:48:26 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       # Supported algorithms: "argon2i", "argon2id", "bcrypt", "scrypt", "pbkdf2" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       # Depending on the algorithm, different configuration options take effect. 
  
						 
					
						
							
								
									
										
										
										
											2024-07-23 16:13:35 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       Algorithm :   bcrypt   # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER_ALGORITHM 
  
						 
					
						
							
								
									
										
										
										
											2024-05-08 08:48:26 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       # Cost takes effect for the algorithms bcrypt and scrypt 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       Cost :   14   # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER_COST 
  
						 
					
						
							
								
									
										
										
										
											2024-05-08 08:48:26 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       # Time takes effect for the algorithms argon2i and argon2id 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       Time :   3   # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER_TIME 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       # Memory takes effect for the algorithms argon2i and argon2id 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       Memory :   32768   # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER_MEMORY 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       # Threads takes effect for the algorithms argon2i and argon2id 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       Threads :   4   # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER_THREADS 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       # Rounds takes effect for the algorithm pbkdf2 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       Rounds :   290000   # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER_ROUNDS 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       # Hash takes effect for the algorithm pbkdf2 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       # Can be "sha1", "sha224", "sha256", "sha384" or "sha512" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       Hash :   sha256   # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER_HASH 
  
						 
					
						
							
								
									
										
										
										
											2023-08-02 14:27:18 +03:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2023-07-14 09:49:57 +03:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     # Verifiers enable the possibility of verifying 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     # passwords that are previously hashed using another 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     # algorithm then the Hasher. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     # This can be used when migrating from one algorithm to another, 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     # or when importing users with hashed passwords. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     # There is no need to enable a Verifier of the same algorithm 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     # as the Hasher. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     # 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     # The format of the encoded hash strings must comply 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     # with https://github.com/P-H-C/phc-string-format/blob/master/phc-sf-spec.md 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     # https://passlib.readthedocs.io/en/stable/modular_crypt_format.html 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     # 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     # Supported verifiers: (uncomment to enable) 
  
						 
					
						
							
								
									
										
										
										
											2024-05-08 08:48:26 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     Verifiers :   # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_VERIFIERS 
  
						 
					
						
							
								
									
										
										
										
											2024-06-25 11:10:49 +03:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     #   - "argon2"   # verifier for both argon2i and argon2id. 
  
						 
					
						
							
								
									
										
										
										
											2023-07-14 09:49:57 +03:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     #   - "bcrypt" 
  
						 
					
						
							
								
									
										
										
										
											2024-06-25 11:10:49 +03:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     #   - "md5"      # md5Crypt with salt and password shuffling. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     #   - "md5plain" # md5 digest of a password without salt 
  
						 
					
						
							
								
									
										
										
										
											2023-07-14 09:49:57 +03:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     #   - "scrypt" 
  
						 
					
						
							
								
									
										
										
										
											2024-06-25 11:10:49 +03:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     #   - "pbkdf2"   # verifier for all pbkdf2 hash modes. 
  
						 
					
						
							
								
									
										
										
										
											2024-04-05 12:35:49 +03:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   SecretHasher : 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     # Set hasher configuration for machine users, API and OIDC client secrets. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     Hasher : 
  
						 
					
						
							
								
									
										
										
										
											2024-05-08 08:48:26 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       # Supported algorithms: "argon2i", "argon2id", "bcrypt", "scrypt", "pbkdf2" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       # Depending on the algorithm, different configuration options take effect. 
  
						 
					
						
							
								
									
										
										
										
											2024-07-23 16:13:35 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       Algorithm :   bcrypt   # ZITADEL_SYSTEMDEFAULTS_SECRETHASHER_HASHER_ALGORITHM 
  
						 
					
						
							
								
									
										
										
										
											2024-05-08 08:48:26 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       # Cost takes effect for the algorithms bcrypt and scrypt 
  
						 
					
						
							
								
									
										
										
										
											2024-04-05 12:35:49 +03:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       Cost :   4   # ZITADEL_SYSTEMDEFAULTS_SECRETHASHER_HASHER_COST 
  
						 
					
						
							
								
									
										
										
										
											2024-05-08 08:48:26 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       # Time takes effect for the algorithms argon2i and argon2id 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       Time :   3   # ZITADEL_SYSTEMDEFAULTS_SECRETHASHER_HASHER_TIME 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       # Memory takes effect for the algorithms argon2i and argon2id 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       Memory :   32768   # ZITADEL_SYSTEMDEFAULTS_SECRETHASHER_HASHER_MEMORY 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       # Threads takes effect for the algorithms argon2i and argon2id 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       Threads :   4   # ZITADEL_SYSTEMDEFAULTS_SECRETHASHER_HASHER_THREADS 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       # Rounds takes effect for the algorithm pbkdf2 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       Rounds :   290000   # ZITADEL_SYSTEMDEFAULTS_SECRETHASHER_HASHER_ROUNDS 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       # Hash takes effect for the algorithm pbkdf2 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       # Can be "sha1", "sha224", "sha256", "sha384" or "sha512" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       Hash :   sha256   # ZITADEL_SYSTEMDEFAULTS_SECRETHASHER_HASHER_HASH 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     Verifiers :   # ZITADEL_SYSTEMDEFAULTS_SECRETHASHER_VERIFIERS 
  
						 
					
						
							
								
									
										
										
										
											2022-02-14 17:22:30 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   Multifactors : 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     OTP : 
  
						 
					
						
							
								
									
										
										
										
											2023-04-26 07:17:23 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       # If this is empty, the issuer is the requested domain 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       # This is helpful in scenarios with multiple ZITADEL environments or virtual instances 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       Issuer :   "ZITADEL"   # ZITADEL_SYSTEMDEFAULTS_MULTIFACTORS_OTP_ISSUER 
  
						 
					
						
							
								
									
										
										
										
											2022-02-14 17:22:30 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   DomainVerification : 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     VerificationGenerator : 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       Length :   32   # ZITADEL_SYSTEMDEFAULTS_DOMAINVERIFICATION_VERIFICATIONGENERATOR_LENGTH 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       IncludeLowerLetters :   true   # ZITADEL_SYSTEMDEFAULTS_DOMAINVERIFICATION_VERIFICATIONGENERATOR_INCLUDELOWERLETTERS 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       IncludeUpperLetters :   true   # ZITADEL_SYSTEMDEFAULTS_DOMAINVERIFICATION_VERIFICATIONGENERATOR_INCLUDEUPPERLETTERS 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       IncludeDigits :   true   # ZITADEL_SYSTEMDEFAULTS_DOMAINVERIFICATION_VERIFICATIONGENERATOR_INCLUDEDIGITS 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       IncludeSymbols :   false   # ZITADEL_SYSTEMDEFAULTS_DOMAINVERIFICATION_VERIFICATIONGENERATOR_INCLUDESYMBOLS 
  
						 
					
						
							
								
									
										
										
										
											2022-02-14 17:22:30 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   Notifications : 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     FileSystemPath :   ".notifications/"   # ZITADEL_SYSTEMDEFAULTS_NOTIFICATIONS_FILESYSTEMPATH 
  
						 
					
						
							
								
									
										
										
										
											2022-02-14 17:22:30 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   KeyConfig : 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     Size :   2048   # ZITADEL_SYSTEMDEFAULTS_KEYCONFIG_SIZE 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     CertificateSize :   4096   # ZITADEL_SYSTEMDEFAULTS_KEYCONFIG_CERTIFICATESIZE 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     PrivateKeyLifetime :   6h   # ZITADEL_SYSTEMDEFAULTS_KEYCONFIG_PRIVATEKEYLIFETIME 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     PublicKeyLifetime :   30h   # ZITADEL_SYSTEMDEFAULTS_KEYCONFIG_PUBLICKEYLIFETIME 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     # 8766h are 1 year 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     CertificateLifetime :   8766h   # ZITADEL_SYSTEMDEFAULTS_KEYCONFIG_CERTIFICATELIFETIME 
  
						 
					
						
							
								
									
										
										
										
											2024-08-12 22:32:01 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   # DefaultQueryLimit limits the number of items that can be queried in a single v3 API search request without explicitly passing a limit. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   DefaultQueryLimit :   100   # ZITADEL_SYSTEMDEFAULTS_DEFAULTQUERYLIMIT 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   # MaxQueryLimit limits the number of items that can be queried in a single v3 API search request with explicitly passing a limit. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   MaxQueryLimit :   1000   # ZITADEL_SYSTEMDEFAULTS_MAXQUERYLIMIT 
  
						 
					
						
							
								
									
										
										
										
											2022-03-29 11:53:19 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2022-10-06 14:23:59 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								Actions : 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   HTTP : 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     # Wildcard sub domains are currently unsupported 
  
						 
					
						
							
								
									
										
										
										
											2024-02-16 17:04:42 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     DenyList :   # ZITADEL_ACTIONS_HTTP_DENYLIST (comma separated list) 
  
						 
					
						
							
								
									
										
										
										
											2022-10-06 14:23:59 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       - localhost 
  
						 
					
						
							
								
									
										
										
										
											2024-10-22 16:16:44 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       - "127.0.0.0/8" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       - "::1" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       - "0.0.0.0" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       - "::" 
  
						 
					
						
							
								
									
										
										
										
											2022-10-06 14:23:59 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2023-02-15 02:52:11 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								LogStore : 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   Access : 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     Stdout : 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       # If enabled, all access logs are printed to the binary's standard output 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       Enabled :   false   # ZITADEL_LOGSTORE_ACCESS_STDOUT_ENABLED 
  
						 
					
						
							
								
									
										
										
										
											2023-02-15 02:52:11 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   Execution : 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     Stdout : 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       # If enabled, all execution logs are printed to the binary's standard output 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       Enabled :   true   # ZITADEL_LOGSTORE_EXECUTION_STDOUT_ENABLED 
  
						 
					
						
							
								
									
										
										
										
											2023-02-15 02:52:11 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								Quotas : 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   Access : 
  
						 
					
						
							
								
									
										
										
										
											2023-09-15 16:58:45 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     # If enabled, authenticated requests are counted and potentially limited depending on the configured quota of the instance 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     Enabled :   false   # ZITADEL_QUOTAS_ACCESS_ENABLED 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     Debounce : 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       MinFrequency :   0s   # ZITADEL_QUOTAS_ACCESS_DEBOUNCE_MINFREQUENCY 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       MaxBulkSize :   0   # ZITADEL_QUOTAS_ACCESS_DEBOUNCE_MAXBULKSIZE 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     ExhaustedCookieKey :   "zitadel.quota.exhausted"   # ZITADEL_QUOTAS_ACCESS_EXHAUSTEDCOOKIEKEY 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     ExhaustedCookieMaxAge :   "300s"   # ZITADEL_QUOTAS_ACCESS_EXHAUSTEDCOOKIEMAXAGE 
  
						 
					
						
							
								
									
										
										
										
											2023-09-15 16:58:45 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   Execution : 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     # If enabled, all action executions are counted and potentially limited depending on the configured quota of the instance 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     Enabled :   false   # ZITADEL_QUOTAS_EXECUTION_DATABASE_ENABLED 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     Debounce : 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       MinFrequency :   0s   # ZITADEL_QUOTAS_EXECUTION_DEBOUNCE_MINFREQUENCY 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       MaxBulkSize :   0   # ZITADEL_QUOTAS_EXECUTION_DEBOUNCE_MAXBULKSIZE 
  
						 
					
						
							
								
									
										
										
										
											2023-02-15 02:52:11 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2022-12-15 10:40:13 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								Eventstore : 
  
						 
					
						
							
								
									
										
										
										
											2023-10-19 12:19:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   # Sets the maximum duration of transactions pushing events 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   PushTimeout :   15s   #ZITADEL_EVENTSTORE_PUSHTIMEOUT 
  
						 
					
						
							
								
									
										
										
										
											2024-02-23 10:29:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   # Maximum amount of push retries in case of primary key violation on the sequence 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   MaxRetries :   5   #ZITADEL_EVENTSTORE_MAXRETRIES 
  
						 
					
						
							
								
									
										
										
										
											2022-12-15 10:40:13 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2024-03-05 08:37:12 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								# The DefaultInstance section defines the default values for each new virtual instance that is created. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								# Check out https://zitadel.com/docs/concepts/structure/instance#multiple-virtual-instances for more information about virtual instances. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								# For the initial setup, the default values are used to create the first instance. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								# However, you might want to have your first instance created by the setup job to have a different configuration. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								# To overwrite the default values for the initial setup, configure the FirstInstance yaml section and pass it using the --steps flag. 
  
						 
					
						
							
								
									
										
										
										
											2022-04-21 12:37:39 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								DefaultInstance : 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   InstanceName :   ZITADEL   # ZITADEL_DEFAULTINSTANCE_INSTANCENAME 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   DefaultLanguage :   en   # ZITADEL_DEFAULTINSTANCE_DEFAULTLANGUAGE 
  
						 
					
						
							
								
									
										
										
										
											2022-04-21 12:37:39 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   Org : 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     Name :   ZITADEL   # ZITADEL_DEFAULTINSTANCE_ORG_NAME 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     # In the DefaultInstance.Org.Human section, the initial organization's admin user with the role IAM_OWNER is defined. 
  
						 
					
						
							
								
									
										
										
										
											2024-07-04 13:39:28 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     # If DefaultInstance.Org.Machine.Machine is defined, a service user is created with the IAM_OWNER role. 
  
						 
					
						
							
								
									
										
										
										
											2022-04-21 12:37:39 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     Human : 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       # In case that UserLoginMustBeDomain is false (default) and if you don't overwrite the username with an email, 
  
						 
					
						
							
								
									
										
										
										
											2022-09-23 14:08:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       # it will be suffixed by the org domain (org-name + domain from config). 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       # for example zitadel-admin in org `My Org` on domain.tld -> zitadel-admin@my-org.domain.tld 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       UserName :   zitadel-admin   # ZITADEL_DEFAULTINSTANCE_ORG_HUMAN_USERNAME 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       FirstName :   ZITADEL   # ZITADEL_DEFAULTINSTANCE_ORG_HUMAN_FIRSTNAME 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       LastName :   Admin   # ZITADEL_DEFAULTINSTANCE_ORG_HUMAN_LASTNAME 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       NickName :   # ZITADEL_DEFAULTINSTANCE_ORG_HUMAN_NICKNAME 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       DisplayName :   # ZITADEL_DEFAULTINSTANCE_ORG_HUMAN_DISPLAYNAME 
  
						 
					
						
							
								
									
										
										
										
											2022-04-21 12:37:39 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       Email : 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								         Address :   # ZITADEL_DEFAULTINSTANCE_ORG_HUMAN_EMAIL_ADDRESS 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         Verified :   false   # ZITADEL_DEFAULTINSTANCE_ORG_HUMAN_EMAIL_VERIFIED 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       PreferredLanguage :   en   # ZITADEL_DEFAULTINSTANCE_ORG_HUMAN_PREFERREDLANGUAGE 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       Gender :   # ZITADEL_DEFAULTINSTANCE_ORG_HUMAN_GENDER 
  
						 
					
						
							
								
									
										
										
										
											2022-04-21 12:37:39 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       Phone : 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								         Number :   # ZITADEL_DEFAULTINSTANCE_ORG_HUMAN_PHONE_NUMBER 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         Verified :   # ZITADEL_DEFAULTINSTANCE_ORG_HUMAN_PHONE_VERIFIED 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       Password :   # ZITADEL_DEFAULTINSTANCE_ORG_HUMAN_PASSWORD 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     # In the DefaultInstance.Org.Machine section, the initial organization's admin user with the role IAM_OWNER is defined. 
  
						 
					
						
							
								
									
										
										
										
											2024-07-04 13:39:28 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     # If DefaultInstance.Org.Machine.Machine is defined, a service user is created with the IAM_OWNER role. 
  
						 
					
						
							
								
									
										
										
										
											2022-12-09 13:04:33 +00:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     Machine : 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       Machine : 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								         Username :   # ZITADEL_DEFAULTINSTANCE_ORG_MACHINE_MACHINE_USERNAME 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         Name :   # ZITADEL_DEFAULTINSTANCE_ORG_MACHINE_MACHINE_NAME 
  
						 
					
						
							
								
									
										
										
										
											2022-12-09 13:04:33 +00:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       MachineKey : 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								         # date format: 2023-01-01T00:00:00Z 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         ExpirationDate :   # ZITADEL_DEFAULTINSTANCE_ORG_MACHINE_MACHINEKEY_EXPIRATIONDATE 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         # Currently, the only supported value is 1 for JSON 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         Type :   # ZITADEL_DEFAULTINSTANCE_ORG_MACHINE_MACHINEKEY_TYPE 
  
						 
					
						
							
								
									
										
										
										
											2022-12-09 13:04:33 +00:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       Pat : 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								         # date format: 2023-01-01T00:00:00Z 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         ExpirationDate :   # ZITADEL_DEFAULTINSTANCE_ORG_MACHINE_PAT_EXPIRATIONDATE 
  
						 
					
						
							
								
									
										
										
										
											2022-04-21 12:37:39 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   SecretGenerators : 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     ClientSecret : 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       Length :   64   # ZITADEL_DEFAULTINSTANCE_SECRETGENERATORS_CLIENTSECRET_LENGTH 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       IncludeLowerLetters :   true   # ZITADEL_DEFAULTINSTANCE_SECRETGENERATORS_CLIENTSECRET_INCLUDELOWERLETTERS 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       IncludeUpperLetters :   true   # ZITADEL_DEFAULTINSTANCE_SECRETGENERATORS_CLIENTSECRET_INCLUDEUPPERLETTERS 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       IncludeDigits :   true   # ZITADEL_DEFAULTINSTANCE_SECRETGENERATORS_CLIENTSECRET_INCLUDEDIGITS 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       IncludeSymbols :   false   # ZITADEL_DEFAULTINSTANCE_SECRETGENERATORS_CLIENTSECRET_INCLUDESYMBOLS 
  
						 
					
						
							
								
									
										
										
										
											2022-04-21 12:37:39 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     InitializeUserCode : 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       Length :   6   # ZITADEL_DEFAULTINSTANCE_SECRETGENERATORS_INITIALIZEUSERCODE_LENGTH 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       Expiry :   "72h"   # ZITADEL_DEFAULTINSTANCE_SECRETGENERATORS_INITIALIZEUSERCODE_EXPIRY 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       IncludeLowerLetters :   false   # ZITADEL_DEFAULTINSTANCE_SECRETGENERATORS_INITIALIZEUSERCODE_INCLUDELOWERLETTERS 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       IncludeUpperLetters :   true   # ZITADEL_DEFAULTINSTANCE_SECRETGENERATORS_INITIALIZEUSERCODE_INCLUDEUPPERLETTERS 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       IncludeDigits :   true   # ZITADEL_DEFAULTINSTANCE_SECRETGENERATORS_INITIALIZEUSERCODE_INCLUDEDIGITS 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       IncludeSymbols :   false   # ZITADEL_DEFAULTINSTANCE_SECRETGENERATORS_INITIALIZEUSERCODE_INCLUDESYMBOLS 
  
						 
					
						
							
								
									
										
										
										
											2022-04-21 12:37:39 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     EmailVerificationCode : 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       Length :   6   # ZITADEL_DEFAULTINSTANCE_SECRETGENERATORS_EMAILVERIFICATIONCODE_LENGTH 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       Expiry :   "1h"   # ZITADEL_DEFAULTINSTANCE_SECRETGENERATORS_EMAILVERIFICATIONCODE_EXPIRY 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       IncludeLowerLetters :   false   # ZITADEL_DEFAULTINSTANCE_SECRETGENERATORS_EMAILVERIFICATIONCODE_INCLUDELOWERLETTERS 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       IncludeUpperLetters :   true   # ZITADEL_DEFAULTINSTANCE_SECRETGENERATORS_EMAILVERIFICATIONCODE_INCLUDEUPPERLETTERS 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       IncludeDigits :   true   # ZITADEL_DEFAULTINSTANCE_SECRETGENERATORS_EMAILVERIFICATIONCODE_INCLUDEDIGITS 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       IncludeSymbols :   false   # ZITADEL_DEFAULTINSTANCE_SECRETGENERATORS_EMAILVERIFICATIONCODE_INCLUDESYMBOLS 
  
						 
					
						
							
								
									
										
										
										
											2022-04-21 12:37:39 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     PhoneVerificationCode : 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       Length :   6   # ZITADEL_DEFAULTINSTANCE_SECRETGENERATORS_PHONEVERIFICATIONCODE_LENGTH 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       Expiry :   "1h"   # ZITADEL_DEFAULTINSTANCE_SECRETGENERATORS_PHONEVERIFICATIONCODE_EXPIRY 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       IncludeLowerLetters :   false   # ZITADEL_DEFAULTINSTANCE_SECRETGENERATORS_PHONEVERIFICATIONCODE_INCLUDELOWERLETTERS 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       IncludeUpperLetters :   true   # ZITADEL_DEFAULTINSTANCE_SECRETGENERATORS_PHONEVERIFICATIONCODE_INCLUDEUPPERLETTERS 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       IncludeDigits :   true   # ZITADEL_DEFAULTINSTANCE_SECRETGENERATORS_PHONEVERIFICATIONCODE_INCLUDEDIGITS 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       IncludeSymbols :   false   # ZITADEL_DEFAULTINSTANCE_SECRETGENERATORS_PHONEVERIFICATIONCODE_INCLUDESYMBOLS 
  
						 
					
						
							
								
									
										
										
										
											2022-04-21 12:37:39 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     PasswordVerificationCode : 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       Length :   6   # ZITADEL_DEFAULTINSTANCE_SECRETGENERATORS_PASSWORDVERIFICATIONCODE_LENGTH 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       Expiry :   "1h"   # ZITADEL_DEFAULTINSTANCE_SECRETGENERATORS_PASSWORDVERIFICATIONCODE_EXPIRY 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       IncludeLowerLetters :   false   # ZITADEL_DEFAULTINSTANCE_SECRETGENERATORS_PASSWORDVERIFICATIONCODE_INCLUDELOWERLETTERS 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       IncludeUpperLetters :   true   # ZITADEL_DEFAULTINSTANCE_SECRETGENERATORS_PASSWORDVERIFICATIONCODE_INCLUDEUPPERLETTERS 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       IncludeDigits :   true   # ZITADEL_DEFAULTINSTANCE_SECRETGENERATORS_PASSWORDVERIFICATIONCODE_INCLUDEDIGITS 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       IncludeSymbols :   false   # ZITADEL_DEFAULTINSTANCE_SECRETGENERATORS_PASSWORDVERIFICATIONCODE_INCLUDESYMBOLS 
  
						 
					
						
							
								
									
										
										
										
											2022-04-21 12:37:39 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     PasswordlessInitCode : 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       Length :   12   # ZITADEL_DEFAULTINSTANCE_SECRETGENERATORS_PASSWORDLESSINITCODE_LENGTH 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       Expiry :   "1h"   # ZITADEL_DEFAULTINSTANCE_SECRETGENERATORS_PASSWORDLESSINITCODE_EXPIRY 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       IncludeLowerLetters :   true   # ZITADEL_DEFAULTINSTANCE_SECRETGENERATORS_PASSWORDLESSINITCODE_INCLUDELOWERLETTERS 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       IncludeUpperLetters :   true   # ZITADEL_DEFAULTINSTANCE_SECRETGENERATORS_PASSWORDLESSINITCODE_INCLUDEUPPERLETTERS 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       IncludeDigits :   true   # ZITADEL_DEFAULTINSTANCE_SECRETGENERATORS_PASSWORDLESSINITCODE_INCLUDEDIGITS 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       IncludeSymbols :   false   # ZITADEL_DEFAULTINSTANCE_SECRETGENERATORS_PASSWORDLESSINITCODE_INCLUDESYMBOLS 
  
						 
					
						
							
								
									
										
										
										
											2022-04-21 12:37:39 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     DomainVerification : 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       Length :   32   # ZITADEL_DEFAULTINSTANCE_SECRETGENERATORS_DOMAINVERIFICATION_LENGTH 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       IncludeLowerLetters :   true   # ZITADEL_DEFAULTINSTANCE_SECRETGENERATORS_DOMAINVERIFICATION_INCLUDELOWERLETTERS 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       IncludeUpperLetters :   true   # ZITADEL_DEFAULTINSTANCE_SECRETGENERATORS_DOMAINVERIFICATION_INCLUDEUPPERLETTERS 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       IncludeDigits :   true   # ZITADEL_DEFAULTINSTANCE_SECRETGENERATORS_DOMAINVERIFICATION_INCLUDEDIGITS 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       IncludeSymbols :   false   # ZITADEL_DEFAULTINSTANCE_SECRETGENERATORS_DOMAINVERIFICATION_INCLUDESYMBOLS 
  
						 
					
						
							
								
									
										
										
										
											2023-07-26 13:00:41 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     OTPSMS : 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       Length :   8   # ZITADEL_DEFAULTINSTANCE_SECRETGENERATORS_OTPSMS_LENGTH 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       Expiry :   "5m"   # ZITADEL_DEFAULTINSTANCE_SECRETGENERATORS_OTPSMS_EXPIRY 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       IncludeLowerLetters :   false   # ZITADEL_DEFAULTINSTANCE_SECRETGENERATORS_OTPSMS_INCLUDELOWERLETTERS 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       IncludeUpperLetters :   false   # ZITADEL_DEFAULTINSTANCE_SECRETGENERATORS_OTPSMS_INCLUDEUPPERLETTERS 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       IncludeDigits :   true   # ZITADEL_DEFAULTINSTANCE_SECRETGENERATORS_OTPSMS_INCLUDEDIGITS 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       IncludeSymbols :   false   # ZITADEL_DEFAULTINSTANCE_SECRETGENERATORS_OTPSMS_INCLUDESYMBOLS 
  
						 
					
						
							
								
									
										
										
										
											2023-07-26 13:00:41 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     OTPEmail : 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       Length :   8   # ZITADEL_DEFAULTINSTANCE_SECRETGENERATORS_OTPEMAIL_LENGTH 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       Expiry :   "5m"   # ZITADEL_DEFAULTINSTANCE_SECRETGENERATORS_OTPEMAIL_EXPIRY 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       IncludeLowerLetters :   false   # ZITADEL_DEFAULTINSTANCE_SECRETGENERATORS_OTPEMAIL_INCLUDELOWERLETTERS 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       IncludeUpperLetters :   false   # ZITADEL_DEFAULTINSTANCE_SECRETGENERATORS_OTPEMAIL_INCLUDEUPPERLETTERS 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       IncludeDigits :   true   # ZITADEL_DEFAULTINSTANCE_SECRETGENERATORS_OTPEMAIL_INCLUDEDIGITS 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       IncludeSymbols :   false   # ZITADEL_DEFAULTINSTANCE_SECRETGENERATORS_OTPEMAIL_INCLUDESYMBOLS 
  
						 
					
						
							
								
									
										
										
										
											2024-09-11 12:53:55 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     InviteCode : 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       Length :   6   # ZITADEL_DEFAULTINSTANCE_SECRETGENERATORS_INITIALIZEUSERCODE_LENGTH 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       Expiry :   "72h"   # ZITADEL_DEFAULTINSTANCE_SECRETGENERATORS_INITIALIZEUSERCODE_EXPIRY 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       IncludeLowerLetters :   false   # ZITADEL_DEFAULTINSTANCE_SECRETGENERATORS_INITIALIZEUSERCODE_INCLUDELOWERLETTERS 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       IncludeUpperLetters :   true   # ZITADEL_DEFAULTINSTANCE_SECRETGENERATORS_INITIALIZEUSERCODE_INCLUDEUPPERLETTERS 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       IncludeDigits :   true   # ZITADEL_DEFAULTINSTANCE_SECRETGENERATORS_INITIALIZEUSERCODE_INCLUDEDIGITS 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       IncludeSymbols :   false   # ZITADEL_DEFAULTINSTANCE_SECRETGENERATORS_INITIALIZEUSERCODE_INCLUDESYMBOLS 
  
						 
					
						
							
								
									
										
										
										
											2024-11-28 11:06:52 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     SigningKey : 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       Length :   36   # ZITADEL_DEFAULTINSTANCE_SECRETGENERATORS_SIGNINGKEY_LENGTH 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       IncludeLowerLetters :   true   # ZITADEL_DEFAULTINSTANCE_SECRETGENERATORS_SIGNINGKEY_INCLUDELOWERLETTERS 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       IncludeUpperLetters :   true   # ZITADEL_DEFAULTINSTANCE_SECRETGENERATORS_SIGNINGKEY_INCLUDEUPPERLETTERS 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       IncludeDigits :   true   # ZITADEL_DEFAULTINSTANCE_SECRETGENERATORS_SIGNINGKEY_INCLUDEDIGITS 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       IncludeSymbols :   false   # ZITADEL_DEFAULTINSTANCE_SECRETGENERATORS_SIGNINGKEY_INCLUDESYMBOLS 
  
						 
					
						
							
								
									
										
										
										
											2022-04-21 12:37:39 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   PasswordComplexityPolicy : 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     MinLength :   8   # ZITADEL_DEFAULTINSTANCE_PASSWORDCOMPLEXITYPOLICY_MINLENGTH 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     HasLowercase :   true   # ZITADEL_DEFAULTINSTANCE_PASSWORDCOMPLEXITYPOLICY_HASLOWERCASE 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     HasUppercase :   true   # ZITADEL_DEFAULTINSTANCE_PASSWORDCOMPLEXITYPOLICY_HASUPPERCASE 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     HasNumber :   true   # ZITADEL_DEFAULTINSTANCE_PASSWORDCOMPLEXITYPOLICY_HASNUMBER 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     HasSymbol :   true   # ZITADEL_DEFAULTINSTANCE_PASSWORDCOMPLEXITYPOLICY_HASSYMBOL 
  
						 
					
						
							
								
									
										
										
										
											2022-04-21 12:37:39 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   PasswordAgePolicy : 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     ExpireWarnDays :   0   # ZITADEL_DEFAULTINSTANCE_PASSWORDAGEPOLICY_EXPIREWARNDAYS 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     MaxAgeDays :   0   # ZITADEL_DEFAULTINSTANCE_PASSWORDAGEPOLICY_MAXAGEDAYS 
  
						 
					
						
							
								
									
										
										
										
											2022-04-21 12:37:39 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   DomainPolicy : 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     UserLoginMustBeDomain :   false   # ZITADEL_DEFAULTINSTANCE_DOMAINPOLICY_USERLOGINMUSTBEDOMAIN 
  
						 
					
						
							
								
									
										
										
										
											2023-09-20 12:45:11 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     ValidateOrgDomains :   false   # ZITADEL_DEFAULTINSTANCE_DOMAINPOLICY_VALIDATEORGDOMAINS 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     SMTPSenderAddressMatchesInstanceDomain :   false   # ZITADEL_DEFAULTINSTANCE_DOMAINPOLICY_SMTPSENDERADDRESSMATCHESINSTANCEDOMAIN 
  
						 
					
						
							
								
									
										
										
										
											2022-04-21 12:37:39 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   LoginPolicy : 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     AllowUsernamePassword :   true   # ZITADEL_DEFAULTINSTANCE_LOGINPOLICY_ALLOWUSERNAMEPASSWORD 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     AllowRegister :   true   # ZITADEL_DEFAULTINSTANCE_LOGINPOLICY_ALLOWREGISTER 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     AllowExternalIDP :   true   # ZITADEL_DEFAULTINSTANCE_LOGINPOLICY_ALLOWEXTERNALIDP 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     ForceMFA :   false   # ZITADEL_DEFAULTINSTANCE_LOGINPOLICY_FORCEMFA 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     HidePasswordReset :   false   # ZITADEL_DEFAULTINSTANCE_LOGINPOLICY_HIDEPASSWORDRESET 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     IgnoreUnknownUsernames :   false   # ZITADEL_DEFAULTINSTANCE_LOGINPOLICY_IGNOREUNKNOWNUSERNAMES 
  
						 
					
						
							
								
									
										
										
										
											2023-09-20 12:45:11 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     AllowDomainDiscovery :   true   # ZITADEL_DEFAULTINSTANCE_LOGINPOLICY_ALLOWDOMAINDISCOVERY 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     # 1 is allowed, 0 is not allowed 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     PasswordlessType :   1   # ZITADEL_DEFAULTINSTANCE_LOGINPOLICY_PASSWORDLESSTYPE 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     # DefaultRedirectURL is empty by default because we use the Console UI 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     DefaultRedirectURI :   # ZITADEL_DEFAULTINSTANCE_LOGINPOLICY_DEFAULTREDIRECTURI 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     # 240h = 10d 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     PasswordCheckLifetime :   240h   # ZITADEL_DEFAULTINSTANCE_LOGINPOLICY_PASSWORDCHECKLIFETIME 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     # 240h = 10d 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     ExternalLoginCheckLifetime :   240h   # ZITADEL_DEFAULTINSTANCE_LOGINPOLICY_EXTERNALLOGINCHECKLIFETIME 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     # 720h = 30d 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     MfaInitSkipLifetime :   720h   # ZITADEL_DEFAULTINSTANCE_LOGINPOLICY_MFAINITSKIPLIFETIME 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     SecondFactorCheckLifetime :   18h   # ZITADEL_DEFAULTINSTANCE_LOGINPOLICY_SECONDFACTORCHECKLIFETIME 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     MultiFactorCheckLifetime :   12h   # ZITADEL_DEFAULTINSTANCE_LOGINPOLICY_MULTIFACTORCHECKLIFETIME 
  
						 
					
						
							
								
									
										
										
										
											2022-04-21 12:37:39 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   PrivacyPolicy : 
  
						 
					
						
							
								
									
										
										
										
											2024-07-25 08:39:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     TOSLink :   ""   # ZITADEL_DEFAULTINSTANCE_PRIVACYPOLICY_TOSLINK 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     PrivacyLink :   ""   # ZITADEL_DEFAULTINSTANCE_PRIVACYPOLICY_PRIVACYLINK 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     HelpLink :   ""   # ZITADEL_DEFAULTINSTANCE_PRIVACYPOLICY_HELPLINK 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     SupportEmail :   ""   # ZITADEL_DEFAULTINSTANCE_PRIVACYPOLICY_SUPPORTEMAIL 
  
						 
					
						
							
								
									
										
										
										
											2024-05-13 16:01:50 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     DocsLink :   https://zitadel.com/docs   # ZITADEL_DEFAULTINSTANCE_PRIVACYPOLICY_DOCSLINK 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     CustomLink :   ""   # ZITADEL_DEFAULTINSTANCE_PRIVACYPOLICY_CUSTOMLINK 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     CustomLinkText :   ""   # ZITADEL_DEFAULTINSTANCE_PRIVACYPOLICY_CUSTOMLINKTEXT 
  
						 
					
						
							
								
									
										
										
										
											2023-01-25 09:49:41 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   NotificationPolicy : 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     PasswordChange :   true   # ZITADEL_DEFAULTINSTANCE_NOTIFICATIONPOLICY_PASSWORDCHANGE 
  
						 
					
						
							
								
									
										
										
										
											2022-04-21 12:37:39 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   LabelPolicy : 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     PrimaryColor :   "#5469d4"   # ZITADEL_DEFAULTINSTANCE_LABELPOLICY_PRIMARYCOLOR 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     BackgroundColor :   "#fafafa"   # ZITADEL_DEFAULTINSTANCE_LABELPOLICY_BACKGROUNDCOLOR 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     WarnColor :   "#cd3d56"   # ZITADEL_DEFAULTINSTANCE_LABELPOLICY_WARNCOLOR 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     FontColor :   "#000000"   # ZITADEL_DEFAULTINSTANCE_LABELPOLICY_FONTCOLOR 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     PrimaryColorDark :   "#2073c4"   # ZITADEL_DEFAULTINSTANCE_LABELPOLICY_PRIMARYCOLORDARK 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     BackgroundColorDark :   "#111827"   # ZITADEL_DEFAULTINSTANCE_LABELPOLICY_BACKGROUNDCOLORDARK 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     WarnColorDark :   "#ff3b5b"   # ZITADEL_DEFAULTINSTANCE_LABELPOLICY_WARNCOLORDARK 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     FontColorDark :   "#ffffff"   # ZITADEL_DEFAULTINSTANCE_LABELPOLICY_FONTCOLORDARK 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     HideLoginNameSuffix :   false   # ZITADEL_DEFAULTINSTANCE_LABELPOLICY_HIDELOGINNAMESUFFIX 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     ErrorMsgPopup :   false   # ZITADEL_DEFAULTINSTANCE_LABELPOLICY_ERRORMSGPOPUP 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     DisableWatermark :   false   # ZITADEL_DEFAULTINSTANCE_LABELPOLICY_DISABLEWATERMARK 
  
						 
					
						
							
								
									
										
										
										
											2022-04-21 12:37:39 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   LockoutPolicy : 
  
						 
					
						
							
								
									
										
										
										
											2024-04-10 11:14:55 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     MaxPasswordAttempts :   0   # ZITADEL_DEFAULTINSTANCE_LOCKOUTPOLICY_MAXPASSWORDATTEMPTS 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     MaxOTPAttempts :   0   # ZITADEL_DEFAULTINSTANCE_LOCKOUTPOLICY_MAXOTPATTEMPTS 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     ShouldShowLockoutFailure :   true   # ZITADEL_DEFAULTINSTANCE_LOCKOUTPOLICY_SHOULDSHOWLOCKOUTFAILURE 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   EmailTemplate :   CjwhZG9jdHlwZSBodG1sPgo8aHRtbCB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMTk5OS94aHRtbCIgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVybjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSI+CjxoZWFkPgogIDx0aXRsZT4KCiAgPC90aXRsZT4KICA8IS0tW2lmICFtc29dPjwhLS0+CiAgPG1ldGEgaHR0cC1lcXVpdj0iWC1VQS1Db21wYXRpYmxlIiBjb250ZW50PSJJRT1lZGdlIj4KICA8IS0tPCFbZW5kaWZdLS0+CiAgPG1ldGEgaHR0cC1lcXVpdj0iQ29udGVudC1UeXBlIiBjb250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9VVRGLTgiPgogIDxtZXRhIG5hbWU9InZpZXdwb3J0IiBjb250ZW50PSJ3aWR0aD1kZXZpY2Utd2lkdGgsIGluaXRpYWwtc2NhbGU9MSI+CiAgPHN0eWxlIHR5cGU9InRleHQvY3NzIj4KICAgICNvdXRsb29rIGEgeyBwYWRkaW5nOjA7IH0KICAgIGJvZHkgeyBtYXJnaW46MDtwYWRkaW5nOjA7LXdlYmtpdC10ZXh0LXNpemUtYWRqdXN0OjEwMCU7LW1zLXRleHQtc2l6ZS1hZGp1c3Q6MTAwJTsgfQogICAgdGFibGUsIHRkIHsgYm9yZGVyLWNvbGxhcHNlOmNvbGxhcHNlO21zby10YWJsZS1sc3BhY2U6MHB0O21zby10YWJsZS1yc3BhY2U6MHB0OyB9CiAgICBpbWcgeyBib3JkZXI6MDtoZWlnaHQ6YXV0bztsaW5lLWhlaWdodDoxMDAlOyBvdXRsaW5lOm5vbmU7dGV4dC1kZWNvcmF0aW9uOm5vbmU7LW1zLWludGVycG9sYXRpb24tbW9kZTpiaWN1YmljOyB9CiAgICBwIHsgZGlzcGxheTpibG9jazttYXJnaW46MTNweCAwOyB9CiAgPC9zdHlsZT4KICA8IS0tW2lmIG1zb10+CiAgPHhtbD4KICAgIDxvOk9mZmljZURvY3VtZW50U2V0dGluZ3M+CiAgICAgIDxvOkFsbG93UE5HLz4KICAgICAgPG86UGl4ZWxzUGVySW5jaD45NjwvbzpQaXhlbHNQZXJJbmNoPgogICAgPC9vOk9mZmljZURvY3VtZW50U2V0dGluZ3M+CiAgPC94bWw+CiAgPCFbZW5kaWZdLS0+CiAgPCEtLVtpZiBsdGUgbXNvIDExXT4KICA8c3R5bGUgdHlwZT0idGV4dC9jc3MiPgogICAgLm1qLW91dGxvb2stZ3JvdXAtZml4IHsgd2lkdGg6MTAwJSAhaW1wb3J0YW50OyB9CiAgPC9zdHlsZT4KICA8IVtlbmRpZl0tLT4KCgogIDxzdHlsZSB0eXBlPSJ0ZXh0L2NzcyI+CiAgICBAbWVkaWEgb25seSBzY3JlZW4gYW5kIChtaW4td2lkdGg6NDgwcHgpIHsKICAgICAgLm1qLWNvbHVtbi1wZXItMTAwIHsgd2lkdGg6MTAwJSAhaW1wb3J0YW50OyBtYXgtd2lkdGg6IDEwMCU7IH0KICAgICAgLm1qLWNvbHVtbi1wZXItNjAgeyB3aWR0aDo2MCUgIWltcG9ydGFudDsgbWF4LXdpZHRoOiA2MCU7IH0KICAgIH0KICA8L3N0eWxlPgoKCiAgPHN0eWxlIHR5cGU9InRleHQvY3NzIj4KCgoKICAgIEBtZWRpYSBvbmx5IHNjcmVlbiBhbmQgKG1heC13aWR0aDo0ODBweCkgewogICAgICB0YWJsZS5tai1mdWxsLXdpZHRoLW1vYmlsZSB7IHdpZHRoOiAxMDAlICFpbXBvcnRhbnQ7IH0KICAgICAgdGQubWotZnVsbC13aWR0aC1tb2JpbGUgeyB3aWR0aDogYXV0byAhaW1wb3J0YW50OyB9CiAgICB9CgogIDwvc3R5bGU+CiAgPHN0eWxlIHR5cGU9InRleHQvY3NzIj4uc2hhZG93IGEgewogICAgYm94LXNoYWRvdzogMHB4IDNweCAxcHggLTJweCByZ2JhKDAsIDAsIDAsIDAuMiksIDBweCAycHggMnB4IDBweCByZ2JhKDAsIDAsIDAsIDAuMTQpLCAwcHggMXB4IDVweCAwcHggcmdiYSgwLCAwLCAwLCAwLjEyKTsKICB9PC9zdHlsZT4KCiAge3tpZiAuRm9udFVSTH19CiAgPHN0eWxlPgogICAgQGZvbnQtZmFjZSB7CiAgICAgIGZvbnQtZmFtaWx5OiAne3suRm9udEZhY2VGYW1pbHl9fSc7CiAgICAgIGZvbnQtc3R5bGU6IG5vcm1hbDsKICAgICAgZm9udC1kaXNwbGF5OiBzd2FwOwogICAgICBzcmM6IHVybCh7ey5Gb250VVJMfX0pOwogICAgfQogIDwvc3R5bGU+CiAge3tlbmR9fQoKPC9oZWFkPgo8Ym9keSBzdHlsZT0id29yZC1zcGFjaW5nOm5vcm1hbDsiPgoKCjxkaXYKICAgICAgICBzdHlsZT0iIgo+CgogIDx0YWJsZQogICAgICAgICAgYWxpZ249ImNlbnRlciIgYm9yZGVyPSIwIiBjZWxscGFkZGluZz0iMCIgY2VsbHNwYWNpbmc9IjAiIHJvbGU9InByZXNlbnRhdGlvbiIgc3R5bGU9ImJhY2tncm91bmQ6e3suQmFja2dyb3VuZENvbG9yfX07YmFja2dyb3VuZC1jb2xvcjp7ey5CYWNrZ3JvdW5kQ29sb3J9fTt3aWR0aDoxMDAlO2JvcmRlci1yYWRpdXM6MTZweDsiCiAgPgogICAgPHRib2R5PgogICAgPHRyPgogICAgICA8dGQ+CgoKICAgICAgICA8IS0tW2lmIG1zbyB8IElFXT48dGFibGUgYWxpZ249ImNlbnRlciIgYm9yZGVyPSIwIiBjZWxscGFkZGluZz0iMCIgY2VsbHNwYWNpbmc9IjAiIGNsYXNzPSIiIHN0eWxlPSJ3aWR0aDo4MDBweDsiIHdpZHRoPSI4MDAiID48dHI+PHRkIHN0eWxlPSJsaW5lLWhlaWdodDowcHg7Zm9udC1zaXplOjBweDttc28tbGluZS1oZWlnaHQtcnVsZTpleGFjdGx5OyI+PCFbZW5kaWZdLS0+CgoKICAgICAgICA8ZGl2ICBzdHlsZT0ibWFyZ2luOjBweCBhdXRvO2JvcmRlci1yYWRpdXM6MTZweDttYXgtd2lkdGg6ODAwcHg7Ij4KCiAgICAgICAgICA8dGFibGUKICAgICAgICAgICAgICAgICAgYWxpZ249ImNlbnRlciIgYm9yZGVyPSIwIiBjZWxscGFkZGluZz0iMCIgY2VsbHNwYWNpbmc9IjAiIHJvbGU9InByZXNlbnRhdGlvbiIgc3R5bGU9IndpZHRoOjEwMCU7Ym9yZGVyLXJhZGl1czoxNnB4OyIKICAgICAgICAgID4KICAgICAgICAgICAgPHRib2R5PgogICAgICAgICAgICA8dHI+CiAgICAgICAgICAgICAgPHRkCiAgICAgICAgICAgICAgICAgICAgICBzdHlsZT0iZGlyZWN0aW9uOmx0cjtmb250LXNpemU6MHB4O3BhZGRpbmc6MjBweCAwO3BhZGRpbmctbGVmdDowO3RleHQtYWxpZ246Y2VudGVyOyIKICAgICAgICAgICAgICA+CiAgICAgICAgICAgICAgICA8IS0tW2lmIG1zbyB8IElFXT48dGFibGUgcm9sZT0icHJlc2VudGF0aW9uIiBib3JkZXI9IjAiIGNlbGxwYWRkaW5nPSIwIiBjZWxsc3BhY2luZz0iMCI+PHRyPjx0ZCBjbGFzcz0iIiB3aWR0aD0iODAwcHgiID48IVtlbmRpZl0tLT4KCiAgICAgICAgICAgICAgIC 
  
						 
					
						
							
								
									
										
										
										
											2024-11-11 22:03:15 +10:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2024-08-14 17:18:14 +03:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   # WebKeys configures the OIDC token signing keys that are generated when a new instance is created. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   # WebKeys are still in alpha, so the config is disabled here. This will prevent generation of keys for now. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   # WebKeys: 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   #  Type: "rsa" # ZITADEL_DEFAULTINSTANCE_WEBKEYS_TYPE 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   #  Config: 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   #    Bits: "2048" # ZITADEL_DEFAULTINSTANCE_WEBKEYS_CONFIG_BITS 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   #    Hasher: "sha256" # ZITADEL_DEFAULTINSTANCE_WEBKEYS_CONFIG_HASHER 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   # WebKeys: 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   #  Type: "ecdsa" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   #  Config: 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   #    Curve: "P256" # ZITADEL_DEFAULTINSTANCE_WEBKEYS_CONFIG_CURVE 
  
						 
					
						
							
								
									
										
										
										
											2024-11-11 22:03:15 +10:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2022-09-27 11:53:49 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   # Sets the default values for lifetime and expiration for OIDC in each newly created instance 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   # This default can be overwritten for each instance during runtime 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   # Overwrites the system defaults 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   # If defined but not all durations are set it will result in an error 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   OIDCSettings : 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     AccessTokenLifetime :   12h   # ZITADEL_DEFAULTINSTANCE_OIDCSETTINGS_ACCESSTOKENLIFETIME 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     IdTokenLifetime :   12h   # ZITADEL_DEFAULTINSTANCE_OIDCSETTINGS_IDTOKENLIFETIME 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     # 720h are 30 days 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     RefreshTokenIdleExpiration :   720h   # ZITADEL_DEFAULTINSTANCE_OIDCSETTINGS_REFRESHTOKENIDLEEXPIRATION 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     # 2160h are 90 days 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     RefreshTokenExpiration :   2160h   # ZITADEL_DEFAULTINSTANCE_OIDCSETTINGS_REFRESHTOKENEXPIRATION 
  
						 
					
						
							
								
									
										
										
										
											2022-05-30 17:39:18 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   # this configuration sets the default email configuration 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   SMTPConfiguration : 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     # Configuration of the host 
  
						 
					
						
							
								
									
										
										
										
											2022-05-30 17:39:18 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     SMTP : 
  
						 
					
						
							
								
									
										
										
										
											2023-01-17 10:20:16 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       # must include the port, like smtp.mailtrap.io:2525. IPv6 is also supported, like [2001:db8::1]:2525 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       Host :   # ZITADEL_DEFAULTINSTANCE_SMTPCONFIGURATION_SMTP_HOST 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       User :   # ZITADEL_DEFAULTINSTANCE_SMTPCONFIGURATION_SMTP_USER 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       Password :   # ZITADEL_DEFAULTINSTANCE_SMTPCONFIGURATION_SMTP_PASSWORD 
  
						 
					
						
							
								
									
										
										
										
											2023-12-18 11:54:43 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     TLS :   # ZITADEL_DEFAULTINSTANCE_SMTPCONFIGURATION_TLS 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     # If the host of the sender is different from ExternalDomain set DefaultInstance.DomainPolicy.SMTPSenderAddressMatchesInstanceDomain to false 
  
						 
					
						
							
								
									
										
										
										
											2023-12-18 11:54:43 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     From :   # ZITADEL_DEFAULTINSTANCE_SMTPCONFIGURATION_FROM 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     FromName :   # ZITADEL_DEFAULTINSTANCE_SMTPCONFIGURATION_FROMNAME 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     ReplyToAddress :   # ZITADEL_DEFAULTINSTANCE_SMTPCONFIGURATION_REPLYTOADDRESS 
  
						 
					
						
							
								
									
										
										
										
											2024-02-16 17:04:42 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   # Configure the MessageTexts by environment variable using JSON notation: 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   # ZITADEL_DEFAULTINSTANCE_MESSAGETEXTS='[{"messageTextType": "InitCode", "title": "My custom title"},{"messageTextType": "PasswordReset", "greeting": "Hi there!"}]' 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   # Beware that if you configure the MessageTexts by environment variable, all the default MessageTexts are lost. 
  
						 
					
						
							
								
									
										
										
										
											2022-04-21 12:37:39 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   MessageTexts : 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     - MessageTextType :   InitCode 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       Language :   de 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       Title :   Zitadel - User initialisieren 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       PreHeader :   User initialisieren 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       Subject :   User initialisieren 
  
						 
					
						
							
								
									
										
										
										
											2023-04-11 17:56:51 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       Greeting :   Hallo {{.DisplayName}}, 
  
						 
					
						
							
								
									
										
										
										
											2024-10-14 13:12:08 +05:30 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       Text :   Dieser Benutzer wurde soeben im Zitadel erstellt. Mit dem Benutzernamen <br><strong>{{.PreferredLoginName}}</strong><br> kannst du dich anmelden. Nutze den untenstehenden Button, um die Initialisierung abzuschliessen <br>(Code <strong>{{.Code}}</strong>).<br> Falls du dieses Mail nicht angefordert hast, kannst du es einfach ignorieren. 
  
						 
					
						
							
								
									
										
										
										
											2022-04-21 12:37:39 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       ButtonText :   Initialisierung abschliessen 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     - MessageTextType :   PasswordReset 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       Language :   de 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       Title :   Zitadel - Passwort zurücksetzen 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       PreHeader :   Passwort zurücksetzen 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       Subject :   Passwort zurücksetzen 
  
						 
					
						
							
								
									
										
										
										
											2023-04-11 17:56:51 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       Greeting :   Hallo {{.DisplayName}}, 
  
						 
					
						
							
								
									
										
										
										
											2024-10-14 13:12:08 +05:30 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       Text :   Wir haben eine Anfrage für das Zurücksetzen deines Passwortes bekommen. Du kannst den untenstehenden Button verwenden, um dein Passwort zurückzusetzen <br>(Code <strong>{{.Code}}</strong>).<br> Falls du dieses Mail nicht angefordert hast, kannst du es ignorieren. 
  
						 
					
						
							
								
									
										
										
										
											2022-04-21 12:37:39 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       ButtonText :   Passwort zurücksetzen 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     - MessageTextType :   VerifyEmail 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       Language :   de 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       Title :   Zitadel - Email verifizieren 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       PreHeader :   Email verifizieren 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       Subject :   Email verifizieren 
  
						 
					
						
							
								
									
										
										
										
											2023-04-11 17:56:51 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       Greeting :   Hallo {{.DisplayName}}, 
  
						 
					
						
							
								
									
										
										
										
											2024-10-14 13:12:08 +05:30 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       Text :   Eine neue E-Mail Adresse wurde hinzugefügt. Bitte verwende den untenstehenden Button um diese zu verifizieren <br>(Code <strong>{{.Code}}</strong>).<br> Falls du deine E-Mail Adresse nicht selber hinzugefügt hast, kannst du dieses E-Mail ignorieren. 
  
						 
					
						
							
								
									
										
										
										
											2022-04-21 12:37:39 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       ButtonText :   Email verifizieren 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     - MessageTextType :   VerifyPhone 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       Language :   de 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       Title :   Zitadel - Telefonnummer verifizieren 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       PreHeader :   Telefonnummer verifizieren 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       Subject :   Telefonnummer verifizieren 
  
						 
					
						
							
								
									
										
										
										
											2023-04-11 17:56:51 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       Greeting :   Hallo {{.DisplayName}}, 
  
						 
					
						
							
								
									
										
										
										
											2022-04-21 12:37:39 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       Text :   Eine Telefonnummer wurde hinzugefügt. Bitte verifiziere diese in dem du folgenden Code eingibst (Code {{.Code}}) 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       ButtonText :   Telefon verifizieren 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     - MessageTextType :   DomainClaimed 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       Language :   de 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       Title :   Zitadel - Domain wurde beansprucht 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       PreHeader :   Email / Username ändern 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       Subject :   Domain wurde beansprucht 
  
						 
					
						
							
								
									
										
										
										
											2023-04-11 17:56:51 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       Greeting :   Hallo {{.DisplayName}}, 
  
						 
					
						
							
								
									
										
										
										
											2022-04-21 12:37:39 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       Text :   Die Domain {{.Domain}} wurde von einer Organisation beansprucht. Dein derzeitiger User {{.Username}} ist nicht Teil dieser Organisation. Daher musst du beim nächsten Login eine neue Email hinterlegen. Für diesen Login haben wir dir einen temporären Usernamen ({{.TempUsername}}) erstellt. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       ButtonText :   Login 
  
						 
					
						
							
								
									
										
										
										
											2023-01-25 09:49:41 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     - MessageTextType :   PasswordChange 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       Language :   de 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       Title :   ZITADEL - Passwort von Benutzer wurde geändert 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       PreHeader :   Passwort Änderung 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       Subject :   Passwort von Benutzer wurde geändert 
  
						 
					
						
							
								
									
										
										
										
											2023-04-11 17:56:51 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       Greeting :   Hallo {{.DisplayName}}, 
  
						 
					
						
							
								
									
										
										
										
											2023-01-25 09:49:41 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       Text :   Das Password vom Benutzer wurde geändert. Wenn diese Änderung von jemand anderem gemacht wurde, empfehlen wir die sofortige Zurücksetzung ihres Passworts. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       ButtonText :   Login 
  
						 
					
						
							
								
									
										
										
										
											2022-04-21 12:37:39 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     - MessageTextType :   InitCode 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       Language :   en 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       Title :   Zitadel - Initialize User 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       PreHeader :   Initialize User 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       Subject :   Initialize User 
  
						 
					
						
							
								
									
										
										
										
											2023-04-11 17:56:51 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       Greeting :   Hello {{.DisplayName}}, 
  
						 
					
						
							
								
									
										
										
										
											2022-04-21 12:37:39 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       Text :   This user was created in Zitadel. Use the username {{.PreferredLoginName}} to login. Please click the button below to finish the initialization process. (Code {{.Code}}) If you didn't ask for this mail, please ignore it. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       ButtonText :   Finish initialization 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     - MessageTextType :   PasswordReset 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       Language :   en 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       Title :   Zitadel - Reset password 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       PreHeader :   Reset password 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       Subject :   Reset password 
  
						 
					
						
							
								
									
										
										
										
											2023-04-11 17:56:51 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       Greeting :   Hello {{.DisplayName}}, 
  
						 
					
						
							
								
									
										
										
										
											2022-04-21 12:37:39 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       Text :   We received a password reset request. Please use the button below to reset your password. (Code {{.Code}}) If you didn't ask for this mail, please ignore it. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       ButtonText :   Reset password 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     - MessageTextType :   VerifyEmail 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       Language :   en 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       Title :   Zitadel - Verify email 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       PreHeader :   Verify email 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       Subject :   Verify email 
  
						 
					
						
							
								
									
										
										
										
											2023-04-11 17:56:51 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       Greeting :   Hello {{.DisplayName}}, 
  
						 
					
						
							
								
									
										
										
										
											2024-11-11 22:03:15 +10:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       Text :   A new email has been added. Please use the button below to verify your email. (Code {{.Code}}) If you didn't add a new email, please ignore this email. 
  
						 
					
						
							
								
									
										
										
										
											2022-04-21 12:37:39 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       ButtonText :   Verify email 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     - MessageTextType :   VerifyPhone 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       Language :   en 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       Title :   Zitadel - Verify phone 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       PreHeader :   Verify phone 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       Subject :   Verify phone 
  
						 
					
						
							
								
									
										
										
										
											2023-04-11 17:56:51 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       Greeting :   Hello {{.DisplayName}}, 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       Text :   A new phone number has been added. Please use the following code to verify it {{.Code}}. 
  
						 
					
						
							
								
									
										
										
										
											2022-04-21 12:37:39 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       ButtonText :   Verify phone 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     - MessageTextType :   DomainClaimed 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       Language :   en 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       Title :   Zitadel - Domain has been claimed 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       PreHeader :   Change email/username 
  
						 
					
						
							
								
									
										
										
										
											2022-04-21 12:37:39 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       Subject :   Domain has been claimed 
  
						 
					
						
							
								
									
										
										
										
											2023-04-11 17:56:51 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       Greeting :   Hello {{.DisplayName}}, 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       Text :   The domain {{.Domain}} has been claimed by an organization. Your current user {{.UserName}} is not part of this organization. Therefore you'll have to change your email when you login. We have created a temporary username ({{.TempUsername}}) for this login. 
  
						 
					
						
							
								
									
										
										
										
											2022-04-21 12:37:39 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       ButtonText :   Login 
  
						 
					
						
							
								
									
										
										
										
											2023-01-25 09:49:41 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     - MessageTextType :   PasswordChange 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       Language :   en 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       Title :   ZITADEL - Password of user has changed 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       PreHeader :   Change password 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       Subject :   Password of user has changed 
  
						 
					
						
							
								
									
										
										
										
											2023-04-11 17:56:51 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       Greeting :   Hello {{.DisplayName}}, 
  
						 
					
						
							
								
									
										
										
										
											2023-01-25 09:49:41 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       Text :   The password of your user has changed. If this change was not done by you, please be advised to immediately reset your password. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       ButtonText :   Login 
  
						 
					
						
							
								
									
										
										
										
											2024-03-12 14:50:13 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2024-02-28 10:55:54 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   # Once a feature is set on the instance (true or false), system level feature settings 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   # will be ignored until instance level features are reset. 
  
						 
					
						
							
								
									
										
										
										
											2023-09-29 10:21:32 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   Features : 
  
						 
					
						
							
								
									
										
										
										
											2024-02-28 10:55:54 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     LoginDefaultOrg :   true   # ZITADEL_DEFAULTINSTANCE_FEATURES_LOGINDEFAULTORG 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     # TriggerIntrospectionProjections: false # ZITADEL_DEFAULTINSTANCE_FEATURES_TRIGGERINTROSPECTIONPROJECTIONS 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     # LegacyIntrospection: false # ZITADEL_DEFAULTINSTANCE_FEATURES_LEGACYINTROSPECTION 
  
						 
					
						
							
								
									
										
										
										
											2025-01-16 11:09:15 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     # PermissionCheckV2: false # ZITADEL_DEFAULTINSTANCE_FEATURES_PERMISSIONCHECKV2 
  
						 
					
						
							
								
									
										
										
										
											2023-10-25 13:42:00 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   Limits : 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     # AuditLogRetention limits the number of events that can be queried via the events API by their age. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     # A value of "0s" means that all events are available. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     # If this value is set, it overwrites the system default unless it is not reset via the admin API. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     AuditLogRetention :   # ZITADEL_DEFAULTINSTANCE_LIMITS_AUDITLOGRETENTION 
  
						 
					
						
							
								
									
										
										
										
											2024-01-17 11:16:48 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     # If Block is true, all requests except to /ui/console or the system API are blocked and /ui/login is redirected to /ui/console. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     # /ui/console shows a message that the instance is blocked with a link to Console.InstanceManagementURL 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     Block :   # ZITADEL_DEFAULTINSTANCE_LIMITS_BLOCK 
  
						 
					
						
							
								
									
										
										
										
											2023-11-22 10:29:38 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   Restrictions : 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     # DisallowPublicOrgRegistration defines if ZITADEL should expose the endpoint /ui/login/register/org 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     # If it is true, the endpoint returns the HTTP status 404 on GET requests, and 409 on POST requests. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     DisallowPublicOrgRegistration :   # ZITADEL_DEFAULTINSTANCE_RESTRICTIONS_DISALLOWPUBLICORGREGISTRATION 
  
						 
					
						
							
								
									
										
										
										
											2023-12-05 12:12:01 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     # AllowedLanguages restricts the languages that can be used. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     # If the list is empty, all supported languages are allowed. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     AllowedLanguages :   # ZITADEL_DEFAULTINSTANCE_RESTRICTIONS_ALLOWEDLANGUAGES 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     # - en 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     # - de 
  
						 
					
						
							
								
									
										
										
										
											2023-02-15 02:52:11 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   Quotas : 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     # Items take a slice of quota configurations, whereas, for each unit type and instance, one or zero quotas may exist. 
  
						 
					
						
							
								
									
										
										
										
											2023-02-15 02:52:11 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     # The following unit types are supported 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     # "requests.all.authenticated" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     # The sum of all requests to the ZITADEL API with an authorization header, 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     # excluding the following exceptions 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     # - Calls to the System API 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     # - Calls that cause internal server errors 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     # - Failed authorizations 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     # - Requests after the quota already exceeded 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     # "actions.all.runs.seconds" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     # The sum of all actions run durations in seconds 
  
						 
					
						
							
								
									
										
										
										
											2024-02-16 17:04:42 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     # Configure the Items by environment variable using JSON notation: 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     # ZITADEL_DEFAULTINSTANCE_QUOTAS_ITEMS='[{"unit": "requests.all.authenticated", "notifications": [{"percent": 100}]}]' 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     Items :   # ZITADEL_DEFAULTINSTANCE_QUOTAS_ITEMS 
  
						 
					
						
							
								
									
										
										
										
											2023-02-15 02:52:11 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								#      - Unit: "requests.all.authenticated" 
  
						 
					
						
							
								
									
										
										
										
											2023-08-07 22:32:10 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								#        # From defines the starting time from which the current quota period is calculated. 
  
						 
					
						
							
								
									
										
										
										
											2023-02-15 02:52:11 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								#        # This is relevant for querying the current usage. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								#        From: "2023-01-01T00:00:00Z" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								#        # ResetInterval defines the quota periods duration 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								#        ResetInterval: 720h # 30 days 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								#        # Amount defines the number of units for this quota 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								#        Amount: 25000 
  
						 
					
						
							
								
									
										
										
										
											2024-01-17 11:16:48 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								#        # Limit defines whether ZITADEL should block further authenticated requests when the configured amount is used. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								#        # If you not only want to block authenticated requests but also authentication itself, consider using the system APIs SetLimits method. 
  
						 
					
						
							
								
									
										
										
										
											2023-02-15 02:52:11 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								#        Limit: false 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								#        # Notifications are emitted by ZITADEL when certain quota percentages are reached 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								#        Notifications: 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								#            # Percent defines the relative amount of used units, after which a notification should be emitted. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								#          - Percent: 100 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								#            # Repeat defines, whether a notification should be emitted each time when a multitude of the configured Percent is used. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								#            Repeat: true 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								#            # CallURL is called when a relative amount of the quota is used. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								#            CallURL: "https://httpbin.org/post" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2023-10-25 13:42:00 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								# AuditLogRetention limits the number of events that can be queried via the events API by their age. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								# A value of "0s" means that all events are available. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								# If an audit log retention is set using an instance limit, it will overwrite the system default. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								AuditLogRetention :   0s   # ZITADEL_AUDITLOGRETENTION 
  
						 
					
						
							
								
									
										
										
										
											2023-03-17 10:14:06 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
									
										
										
										
											2022-03-29 11:53:19 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								InternalAuthZ : 
  
						 
					
						
							
								
									
										
										
										
											2024-02-16 17:04:42 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   # Configure the RolePermissionMappings by environment variable using JSON notation: 
  
						 
					
						
							
								
									
										
										
										
											2024-04-14 11:55:54 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   # ZITADEL_INTERNALAUTHZ_ROLEPERMISSIONMAPPINGS='[{"role": "IAM_OWNER", "permissions": ["iam.write"]}, {"role": "ORG_OWNER", "permissions": ["org.write"]}]' 
  
						 
					
						
							
								
									
										
										
										
											2024-02-16 17:04:42 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   # Beware that if you configure the RolePermissionMappings by environment variable, all the default RolePermissionMappings are lost. 
  
						 
					
						
							
								
									
										
										
										
											2025-01-16 11:09:15 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   # 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   # Warning: RolePermissionMappings are synhronized to the database. 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   # Changes here will only be applied after running `zitadel setup` or `zitadel start-from-setup`. 
  
						 
					
						
							
								
									
										
										
										
											2022-03-29 11:53:19 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   RolePermissionMappings : 
  
						 
					
						
							
								
									
										
										
										
											2023-10-25 17:10:45 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     - Role :   "SYSTEM_OWNER" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       Permissions : 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "system.instance.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "system.instance.write" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "system.instance.delete" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "system.domain.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "system.domain.write" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "system.domain.delete" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "system.debug.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "system.debug.write" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "system.debug.delete" 
  
						 
					
						
							
								
									
										
										
										
											2024-02-28 10:55:54 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								         - "system.feature.read" 
  
						 
					
						
							
								
									
										
										
										
											2023-10-25 17:10:45 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								         - "system.feature.write" 
  
						 
					
						
							
								
									
										
										
										
											2024-02-28 10:55:54 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								         - "system.feature.delete" 
  
						 
					
						
							
								
									
										
										
										
											2023-10-25 17:10:45 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								         - "system.limits.write" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "system.limits.delete" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "system.quota.write" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "system.quota.delete" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "system.iam.member.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     - Role :   "SYSTEM_OWNER_VIEWER" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       Permissions : 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "system.instance.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "system.domain.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "system.debug.read" 
  
						 
					
						
							
								
									
										
										
										
											2024-02-28 10:55:54 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								         - "system.feature.read" 
  
						 
					
						
							
								
									
										
										
										
											2023-10-25 17:10:45 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								         - "system.iam.member.read" 
  
						 
					
						
							
								
									
										
										
										
											2022-04-29 10:25:12 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     - Role :   "IAM_OWNER" 
  
						 
					
						
							
								
									
										
										
										
											2022-03-29 11:53:19 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       Permissions : 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "iam.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "iam.write" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "iam.policy.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "iam.policy.write" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "iam.policy.delete" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "iam.member.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "iam.member.write" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "iam.member.delete" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "iam.idp.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "iam.idp.write" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "iam.idp.delete" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "iam.action.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "iam.action.write" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "iam.action.delete" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "iam.flow.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "iam.flow.write" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "iam.flow.delete" 
  
						 
					
						
							
								
									
										
										
										
											2024-02-28 10:55:54 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								         - "iam.feature.read" 
  
						 
					
						
							
								
									
										
										
										
											2023-09-29 10:21:32 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								         - "iam.feature.write" 
  
						 
					
						
							
								
									
										
										
										
											2024-02-28 10:55:54 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								         - "iam.feature.delete" 
  
						 
					
						
							
								
									
										
										
										
											2023-11-22 10:29:38 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								         - "iam.restrictions.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "iam.restrictions.write" 
  
						 
					
						
							
								
									
										
										
										
											2024-08-14 17:18:14 +03:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								         - "iam.web_key.write" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "iam.web_key.delete" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "iam.web_key.read" 
  
						 
					
						
							
								
									
										
										
										
											2024-09-11 11:24:00 +03:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								         - "iam.debug.write" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "iam.debug.read" 
  
						 
					
						
							
								
									
										
										
										
											2022-03-29 11:53:19 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								         - "org.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "org.global.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "org.create" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "org.write" 
  
						 
					
						
							
								
									
										
										
										
											2022-11-30 17:01:17 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								         - "org.delete" 
  
						 
					
						
							
								
									
										
										
										
											2022-03-29 11:53:19 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								         - "org.member.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "org.member.write" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "org.member.delete" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "org.idp.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "org.idp.write" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "org.idp.delete" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "org.action.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "org.action.write" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "org.action.delete" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "org.flow.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "org.flow.write" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "org.flow.delete" 
  
						 
					
						
							
								
									
										
										
										
											2024-02-28 10:55:54 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								         - "org.feature.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "org.feature.write" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "org.feature.delete" 
  
						 
					
						
							
								
									
										
										
										
											2022-03-29 11:53:19 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								         - "user.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.global.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.write" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.delete" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.grant.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.grant.write" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.grant.delete" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.membership.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.credential.write" 
  
						 
					
						
							
								
									
										
										
										
											2023-05-24 13:22:00 +03:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								         - "user.passkey.write" 
  
						 
					
						
							
								
									
										
										
										
											2024-02-28 10:55:54 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								         - "user.feature.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.feature.write" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.feature.delete" 
  
						 
					
						
							
								
									
										
										
										
											2022-03-29 11:53:19 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								         - "policy.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "policy.write" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "policy.delete" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.create" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.write" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.delete" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.member.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.member.write" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.member.delete" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.role.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.role.write" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.role.delete" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.app.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.app.write" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.app.delete" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.grant.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.grant.write" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.grant.delete" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.grant.member.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.grant.member.write" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.grant.member.delete" 
  
						 
					
						
							
								
									
										
										
										
											2023-01-16 12:30:03 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								         - "events.read" 
  
						 
					
						
							
								
									
										
										
										
											2023-10-25 13:16:34 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								         - "milestones.read" 
  
						 
					
						
							
								
									
										
										
										
											2024-12-19 10:37:46 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								         - "session.read" 
  
						 
					
						
							
								
									
										
										
										
											2023-11-16 08:35:50 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								         - "session.delete" 
  
						 
					
						
							
								
									
										
										
										
											2024-08-12 22:32:01 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								         - "action.target.read" 
  
						 
					
						
							
								
									
										
										
										
											2024-07-31 14:42:12 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								         - "action.target.write" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "action.target.delete" 
  
						 
					
						
							
								
									
										
										
										
											2024-08-12 22:32:01 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								         - "action.execution.read" 
  
						 
					
						
							
								
									
										
										
										
											2024-07-31 14:42:12 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								         - "action.execution.write" 
  
						 
					
						
							
								
									
										
										
										
											2024-03-22 14:26:13 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								         - "userschema.read" 
  
						 
					
						
							
								
									
										
										
										
											2024-03-12 14:50:13 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								         - "userschema.write" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "userschema.delete" 
  
						 
					
						
							
								
									
										
										
										
											2022-04-29 10:25:12 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     - Role :   "IAM_OWNER_VIEWER" 
  
						 
					
						
							
								
									
										
										
										
											2022-03-29 11:53:19 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       Permissions : 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "iam.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "iam.policy.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "iam.member.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "iam.idp.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "iam.action.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "iam.flow.read" 
  
						 
					
						
							
								
									
										
										
										
											2023-11-22 10:29:38 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								         - "iam.restrictions.read" 
  
						 
					
						
							
								
									
										
										
										
											2024-02-28 10:55:54 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								         - "iam.feature.read" 
  
						 
					
						
							
								
									
										
										
										
											2024-08-14 17:18:14 +03:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								         - "iam.web_key.read" 
  
						 
					
						
							
								
									
										
										
										
											2024-09-11 11:24:00 +03:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								         - "iam.debug.read" 
  
						 
					
						
							
								
									
										
										
										
											2022-03-29 11:53:19 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								         - "org.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "org.member.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "org.idp.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "org.action.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "org.flow.read" 
  
						 
					
						
							
								
									
										
										
										
											2024-02-28 10:55:54 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								         - "org.feature.read" 
  
						 
					
						
							
								
									
										
										
										
											2022-03-29 11:53:19 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								         - "user.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.global.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.grant.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.membership.read" 
  
						 
					
						
							
								
									
										
										
										
											2024-02-28 10:55:54 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								         - "user.feature.read" 
  
						 
					
						
							
								
									
										
										
										
											2022-03-29 11:53:19 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								         - "policy.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.member.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.role.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.app.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.grant.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.grant.member.read" 
  
						 
					
						
							
								
									
										
										
										
											2023-01-16 12:30:03 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								         - "events.read" 
  
						 
					
						
							
								
									
										
										
										
											2023-10-25 13:16:34 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								         - "milestones.read" 
  
						 
					
						
							
								
									
										
										
										
											2024-08-12 22:32:01 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								         - "action.target.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "action.execution.read" 
  
						 
					
						
							
								
									
										
										
										
											2024-03-22 14:26:13 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								         - "userschema.read" 
  
						 
					
						
							
								
									
										
										
										
											2022-04-29 10:25:12 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     - Role :   "IAM_ORG_MANAGER" 
  
						 
					
						
							
								
									
										
										
										
											2022-03-29 11:53:19 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       Permissions : 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "org.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "org.global.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "org.create" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "org.write" 
  
						 
					
						
							
								
									
										
										
										
											2022-11-30 17:01:17 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								         - "org.delete" 
  
						 
					
						
							
								
									
										
										
										
											2022-03-29 11:53:19 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								         - "org.member.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "org.member.write" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "org.member.delete" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "org.idp.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "org.idp.write" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "org.idp.delete" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "org.action.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "org.action.write" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "org.action.delete" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "org.flow.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "org.flow.write" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "org.flow.delete" 
  
						 
					
						
							
								
									
										
										
										
											2024-02-28 10:55:54 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								         - "org.feature.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "org.feature.write" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "org.feature.delete" 
  
						 
					
						
							
								
									
										
										
										
											2022-03-29 11:53:19 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								         - "user.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.global.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.write" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.delete" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.grant.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.grant.write" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.grant.delete" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.membership.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.credential.write" 
  
						 
					
						
							
								
									
										
										
										
											2023-05-24 13:22:00 +03:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								         - "user.passkey.write" 
  
						 
					
						
							
								
									
										
										
										
											2024-02-28 10:55:54 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								         - "user.feature.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.feature.write" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.feature.delete" 
  
						 
					
						
							
								
									
										
										
										
											2022-03-29 11:53:19 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								         - "policy.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "policy.write" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "policy.delete" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.create" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.write" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.delete" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.member.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.member.write" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.member.delete" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.role.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.role.write" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.role.delete" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.app.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.app.write" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.app.delete" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.grant.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.grant.write" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.grant.delete" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.grant.member.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.grant.member.write" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.grant.member.delete" 
  
						 
					
						
							
								
									
										
										
										
											2023-11-16 08:35:50 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								         - "session.delete" 
  
						 
					
						
							
								
									
										
										
										
											2022-04-29 10:25:12 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     - Role :   "IAM_USER_MANAGER" 
  
						 
					
						
							
								
									
										
										
										
											2022-03-29 11:53:19 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       Permissions : 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "org.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "org.global.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "org.member.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "org.member.delete" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.global.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.write" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.delete" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.grant.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.grant.write" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.grant.delete" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.membership.read" 
  
						 
					
						
							
								
									
										
										
										
											2023-05-24 13:22:00 +03:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								         - "user.passkey.write" 
  
						 
					
						
							
								
									
										
										
										
											2024-02-28 10:55:54 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								         - "user.feature.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.feature.write" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.feature.delete" 
  
						 
					
						
							
								
									
										
										
										
											2022-03-29 11:53:19 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								         - "project.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.member.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.role.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.app.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.grant.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.grant.write" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.grant.delete" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.grant.member.read" 
  
						 
					
						
							
								
									
										
										
										
											2023-11-16 08:35:50 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								         - "session.delete" 
  
						 
					
						
							
								
									
										
										
										
											2024-02-28 12:21:11 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     - Role :   "IAM_ADMIN_IMPERSONATOR" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       Permissions : 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "admin.impersonation" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "impersonation" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     - Role :   "IAM_END_USER_IMPERSONATOR" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       Permissions : 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "impersonation" 
  
						 
					
						
							
								
									
										
										
										
											2022-04-29 10:25:12 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     - Role :   "ORG_OWNER" 
  
						 
					
						
							
								
									
										
										
										
											2022-03-29 11:53:19 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       Permissions : 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "org.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "org.global.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "org.write" 
  
						 
					
						
							
								
									
										
										
										
											2022-11-30 17:01:17 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								         - "org.delete" 
  
						 
					
						
							
								
									
										
										
										
											2022-03-29 11:53:19 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								         - "org.member.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "org.member.write" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "org.member.delete" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "org.idp.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "org.idp.write" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "org.idp.delete" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "org.action.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "org.action.write" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "org.action.delete" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "org.flow.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "org.flow.write" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "org.flow.delete" 
  
						 
					
						
							
								
									
										
										
										
											2024-02-28 10:55:54 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								         - "org.feature.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "org.feature.write" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "org.feature.delete" 
  
						 
					
						
							
								
									
										
										
										
											2022-03-29 11:53:19 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								         - "user.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.global.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.write" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.delete" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.grant.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.grant.write" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.grant.delete" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.membership.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.credential.write" 
  
						 
					
						
							
								
									
										
										
										
											2023-05-24 13:22:00 +03:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								         - "user.passkey.write" 
  
						 
					
						
							
								
									
										
										
										
											2024-02-28 10:55:54 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								         - "user.feature.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.feature.write" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.feature.delete" 
  
						 
					
						
							
								
									
										
										
										
											2022-03-29 11:53:19 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								         - "policy.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "policy.write" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "policy.delete" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.create" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.write" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.delete" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.member.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.member.write" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.member.delete" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.role.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.role.write" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.role.delete" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.app.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.app.write" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.grant.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.grant.write" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.grant.delete" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.grant.member.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.grant.member.write" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.grant.member.delete" 
  
						 
					
						
							
								
									
										
										
										
											2023-11-16 08:35:50 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								         - "session.delete" 
  
						 
					
						
							
								
									
										
										
										
											2024-12-19 10:37:46 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     - Role :   "IAM_LOGIN_CLIENT" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       Permissions : 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "iam.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "iam.policy.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "iam.member.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "iam.member.write" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "iam.idp.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "iam.feature.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "iam.restrictions.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "org.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "org.member.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "org.member.write" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "org.idp.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "org.feature.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.write" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.grant.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.grant.write" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.membership.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.credential.write" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.passkey.write" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.feature.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "policy.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.member.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.member.write" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.role.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.app.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.member.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.member.write" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.grant.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.grant.member.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.grant.member.write" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "session.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "session.link" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "session.delete" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "userschema.read" 
  
						 
					
						
							
								
									
										
										
										
											2022-04-29 10:25:12 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     - Role :   "ORG_USER_MANAGER" 
  
						 
					
						
							
								
									
										
										
										
											2022-03-29 11:53:19 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       Permissions : 
  
						 
					
						
							
								
									
										
										
										
											2023-02-21 09:31:35 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								         - "org.read" 
  
						 
					
						
							
								
									
										
										
										
											2022-03-29 11:53:19 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								         - "user.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.global.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.write" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.delete" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.grant.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.grant.write" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.grant.delete" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.membership.read" 
  
						 
					
						
							
								
									
										
										
										
											2024-02-28 10:55:54 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								         - "user.feature.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.feature.write" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.feature.delete" 
  
						 
					
						
							
								
									
										
										
										
											2023-02-21 09:31:35 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								         - "policy.read" 
  
						 
					
						
							
								
									
										
										
										
											2022-03-29 11:53:19 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								         - "project.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.role.read" 
  
						 
					
						
							
								
									
										
										
										
											2023-11-16 08:35:50 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								         - "session.delete" 
  
						 
					
						
							
								
									
										
										
										
											2022-04-29 10:25:12 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     - Role :   "ORG_OWNER_VIEWER" 
  
						 
					
						
							
								
									
										
										
										
											2022-03-29 11:53:19 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       Permissions : 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "org.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "org.member.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "org.idp.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "org.action.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "org.flow.read" 
  
						 
					
						
							
								
									
										
										
										
											2024-02-28 10:55:54 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								         - "org.feature.read" 
  
						 
					
						
							
								
									
										
										
										
											2022-03-29 11:53:19 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								         - "user.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.global.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.grant.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.membership.read" 
  
						 
					
						
							
								
									
										
										
										
											2024-02-28 10:55:54 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								         - "user.feature.read" 
  
						 
					
						
							
								
									
										
										
										
											2022-03-29 11:53:19 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								         - "policy.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.member.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.role.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.app.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.grant.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.grant.member.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.grant.user.grant.read" 
  
						 
					
						
							
								
									
										
										
										
											2022-07-12 10:03:44 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     - Role :   "ORG_SETTINGS_MANAGER" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       Permissions : 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "org.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "org.write" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "org.member.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "org.idp.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "org.idp.write" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "org.idp.delete" 
  
						 
					
						
							
								
									
										
										
										
											2024-02-28 10:55:54 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								         - "org.feature.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "org.feature.write" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "org.feature.delete" 
  
						 
					
						
							
								
									
										
										
										
											2022-07-12 10:03:44 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								         - "policy.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "policy.write" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "policy.delete" 
  
						 
					
						
							
								
									
										
										
										
											2022-04-29 10:25:12 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     - Role :   "ORG_USER_PERMISSION_EDITOR" 
  
						 
					
						
							
								
									
										
										
										
											2022-03-29 11:53:19 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       Permissions : 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "org.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "org.member.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.global.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.grant.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.grant.write" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.grant.delete" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "policy.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.member.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.role.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.app.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.grant.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.grant.member.read" 
  
						 
					
						
							
								
									
										
										
										
											2022-04-29 10:25:12 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     - Role :   "ORG_PROJECT_PERMISSION_EDITOR" 
  
						 
					
						
							
								
									
										
										
										
											2022-03-29 11:53:19 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       Permissions : 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "org.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "org.member.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.global.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.grant.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.grant.write" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.grant.delete" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "policy.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.member.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.role.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.app.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.grant.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.grant.write" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.grant.delete" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.grant.member.read" 
  
						 
					
						
							
								
									
										
										
										
											2022-04-29 10:25:12 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     - Role :   "ORG_PROJECT_CREATOR" 
  
						 
					
						
							
								
									
										
										
										
											2022-03-29 11:53:19 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       Permissions : 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.global.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "policy.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.read:self" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.create" 
  
						 
					
						
							
								
									
										
										
										
											2024-02-28 12:21:11 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     - Role :   "ORG_ADMIN_IMPERSONATOR" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       Permissions : 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "admin.impersonation" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "impersonation" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								     - Role :   "ORG_END_USER_IMPERSONATOR" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       Permissions : 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "impersonation" 
  
						 
					
						
							
								
									
										
										
										
											2022-04-29 10:25:12 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     - Role :   "PROJECT_OWNER" 
  
						 
					
						
							
								
									
										
										
										
											2022-03-29 11:53:19 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       Permissions : 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "org.global.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "policy.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.write" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.delete" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.member.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.member.write" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.member.delete" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.role.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.role.write" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.role.delete" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.app.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.app.write" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.app.delete" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.grant.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.grant.write" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.grant.delete" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.grant.member.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.grant.member.write" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.grant.member.delete" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.global.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.grant.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.grant.write" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.grant.delete" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.membership.read" 
  
						 
					
						
							
								
									
										
										
										
											2022-04-29 10:25:12 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     - Role :   "PROJECT_OWNER_VIEWER" 
  
						 
					
						
							
								
									
										
										
										
											2022-03-29 11:53:19 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       Permissions : 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "policy.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.member.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.role.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.app.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.grant.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.grant.member.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.global.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.grant.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.membership.read" 
  
						 
					
						
							
								
									
										
										
										
											2022-04-29 10:25:12 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     - Role :   "SELF_MANAGEMENT_GLOBAL" 
  
						 
					
						
							
								
									
										
										
										
											2022-03-29 11:53:19 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       Permissions : 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "org.create" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "policy.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.self.delete" 
  
						 
					
						
							
								
									
										
										
										
											2023-07-07 22:14:07 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     - Role :   "ORG_USER_SELF_MANAGER" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								       Permissions : 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "policy.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.self.delete" 
  
						 
					
						
							
								
									
										
										
										
											2022-04-29 10:25:12 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     - Role :   "PROJECT_OWNER_GLOBAL" 
  
						 
					
						
							
								
									
										
										
										
											2022-03-29 11:53:19 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       Permissions : 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "org.global.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "policy.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.write" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.delete" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.member.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.member.write" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.member.delete" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.role.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.role.write" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.role.delete" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.app.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.app.write" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.app.delete" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.global.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.grant.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.grant.write" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.grant.delete" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.membership.read" 
  
						 
					
						
							
								
									
										
										
										
											2022-04-29 10:25:12 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     - Role :   "PROJECT_OWNER_VIEWER_GLOBAL" 
  
						 
					
						
							
								
									
										
										
										
											2022-03-29 11:53:19 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       Permissions : 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "policy.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.member.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.role.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.app.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.grant.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.grant.member.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.global.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.grant.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.membership.read" 
  
						 
					
						
							
								
									
										
										
										
											2022-04-29 10:25:12 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     - Role :   "PROJECT_GRANT_OWNER" 
  
						 
					
						
							
								
									
										
										
										
											2022-03-29 11:53:19 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       Permissions : 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "policy.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "org.global.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.grant.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.grant.member.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.grant.member.write" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.grant.member.delete" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.global.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.grant.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.grant.write" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.grant.delete" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.membership.read" 
  
						 
					
						
							
								
									
										
										
										
											2022-04-29 10:25:12 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								     - Role :   "PROJECT_GRANT_OWNER_VIEWER" 
  
						 
					
						
							
								
									
										
										
										
											2022-03-29 11:53:19 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								       Permissions : 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "policy.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.grant.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "project.grant.member.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.global.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.grant.read" 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								         - "user.membership.read" 
  
						 
					
						
							
								
									
										
										
										
											2024-01-25 17:28:20 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								# If a new projection is introduced it will be prefilled during the setup process (if enabled) 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								# This can prevent serving outdated data after a version upgrade, but might require a longer setup / upgrade process: 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								# https://zitadel.com/docs/self-hosting/manage/updating_scaling 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								InitProjections : 
  
						 
					
						
							
								
									
										
										
										
											2024-03-23 12:52:52 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   Enabled :   true   # ZITADEL_INITPROJECTIONS_ENABLED 
  
						 
					
						
							
								
									
										
										
										
											2024-01-25 17:28:20 +01:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   RetryFailedAfter :   100ms   # ZITADEL_INITPROJECTIONS_RETRYFAILEDAFTER 
  
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								   MaxFailureCount :   2   # ZITADEL_INITPROJECTIONS_MAXFAILURECOUNT 
  
						 
					
						
							
								
									
										
										
										
											2024-05-13 16:01:50 +02:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								   BulkLimit :   1000   # ZITADEL_INITPROJECTIONS_BULKLIMIT