Log: Level: debug Formatter: Format: text Port: 8080 ExternalPort: 8080 ExternalDomain: localhost ExternalSecure: true HTTP2HostHeader: ":authority" HTTP1HostHeader: "host" Database: Host: localhost Port: 26257 Database: zitadel MaxOpenConns: 20 MaxConnLifetime: 30m MaxConnIdleTime: 30m Options: "" User: Username: zitadel Password: "" SSL: Mode: disable RootCert: "" Cert: "" Key: "" AdminUser: Username: root Password: "" SSL: Mode: disable RootCert: "" Cert: "" Key: "" Projections: RequeueEvery: 10s RetryFailedAfter: 1s MaxFailureCount: 5 BulkLimit: 200 MaxIterators: 1 Customizations: projects: BulkLimit: 2000 AuthZ: Repository: Spooler: ConcurrentWorkers: 1 BulkLimit: 10000 FailureCountUntilSkip: 5 Auth: SearchLimit: 1000 Spooler: ConcurrentWorkers: 1 BulkLimit: 10000 FailureCountUntilSkip: 5 Admin: SearchLimit: 1000 Spooler: ConcurrentWorkers: 1 BulkLimit: 10000 FailureCountUntilSkip: 5 UserAgentCookie: Name: zitadel.useragent MaxAge: 8760h #365*24h (1 year) OIDC: CodeMethodS256: true AuthMethodPost: true AuthMethodPrivateKeyJWT: true GrantTypeRefreshToken: true RequestObjectSupported: true SigningKeyAlgorithm: RS256 DefaultAccessTokenLifetime: 12h DefaultIdTokenLifetime: 12h DefaultRefreshTokenIdleExpiration: 720h #30d DefaultRefreshTokenExpiration: 2160h #90d Cache: MaxAge: 12h SharedMaxAge: 168h #7d CustomEndpoints: Login: LanguageCookieName: zitadel.login.lang CSRFCookieName: zitadel.login.csrf Cache: MaxAge: 12h SharedMaxAge: 168h #7d Console: ConsoleOverwriteDir: "" ShortCache: MaxAge: 5m SharedMaxAge: 15m LongCache: MaxAge: 12h SharedMaxAge: 168h Notification: Repository: Spooler: ConcurrentWorkers: 1 BulkLimit: 10000 FailureCountUntilSkip: 5 Handlers: EncryptionKeys: DomainVerification: EncryptionKeyID: "domainVerificationKey" DecryptionKeyIDs: IDPConfig: EncryptionKeyID: "idpConfigKey" DecryptionKeyIDs: OIDC: EncryptionKeyID: "oidcKey" DecryptionKeyIDs: OTP: EncryptionKeyID: "otpKey" DecryptionKeyIDs: SMS: EncryptionKeyID: "smsKey" DecryptionKeyIDs: SMTP: EncryptionKeyID: "smtpKey" DecryptionKeyIDs: User: EncryptionKeyID: "userKey" DecryptionKeyIDs: CSRFCookieKeyID: "csrfCookieKey" UserAgentCookieKeyID: "userAgentCookieKey" #TODO: configure as soon as possible #AssetStorage: # Type: $ZITADEL_ASSET_STORAGE_TYPE # Config: # Endpoint: $ZITADEL_ASSET_STORAGE_ENDPOINT # AccessKeyID: $ZITADEL_ASSET_STORAGE_ACCESS_KEY_ID # SecretAccessKey: $ZITADEL_ASSET_STORAGE_SECRET_ACCESS_KEY # SSL: $ZITADEL_ASSET_STORAGE_SSL # Location: $ZITADEL_ASSET_STORAGE_LOCATION # BucketPrefix: $ZITADEL_ASSET_STORAGE_BUCKET_PREFIX # MultiDelete: $ZITADEL_ASSET_STORAGE_MULTI_DELETE #TODO: remove as soon as possible SystemDefaults: # DefaultLanguage: 'en' Domain: $ZITADEL_DEFAULT_DOMAIN ZitadelDocs: Issuer: $ZITADEL_ISSUER DiscoveryEndpoint: '$ZITADEL_ISSUER/.well-known/openid-configuration' SecretGenerators: PasswordSaltCost: 14 MachineKeySize: 2048 ApplicationKeySize: 2048 Multifactors: OTP: Issuer: 'ZITADEL' DomainVerification: VerificationGenerator: Length: 32 IncludeLowerLetters: true IncludeUpperLetters: true IncludeDigits: true IncludeSymbols: false Notifications: Endpoints: InitCode: '$ZITADEL_ACCOUNTS/user/init?userID={{.UserID}}&code={{.Code}}&passwordset={{.PasswordSet}}' PasswordReset: '$ZITADEL_ACCOUNTS/password/init?userID={{.UserID}}&code={{.Code}}' VerifyEmail: '$ZITADEL_ACCOUNTS/mail/verification?userID={{.UserID}}&code={{.Code}}' DomainClaimed: '$ZITADEL_ACCOUNTS/login' PasswordlessRegistration: '$ZITADEL_ACCOUNTS/login/passwordless/init' FileSystemPath: '.notifications/' KeyConfig: Size: 2048 PrivateKeyLifetime: 6h PublicKeyLifetime: 30h SigningKeyRotationCheck: 10s SigningKeyGracefulPeriod: 10m InternalAuthZ: RolePermissionMappings: - Role: 'IAM_OWNER' Permissions: - "iam.read" - "iam.write" - "iam.features.read" - "iam.features.write" - "iam.policy.read" - "iam.policy.write" - "iam.policy.delete" - "iam.member.read" - "iam.member.write" - "iam.member.delete" - "iam.idp.read" - "iam.idp.write" - "iam.idp.delete" - "iam.action.read" - "iam.action.write" - "iam.action.delete" - "iam.flow.read" - "iam.flow.write" - "iam.flow.delete" - "org.read" - "org.global.read" - "org.create" - "org.write" - "org.member.read" - "org.member.write" - "org.member.delete" - "org.idp.read" - "org.idp.write" - "org.idp.delete" - "org.action.read" - "org.action.write" - "org.action.delete" - "org.flow.read" - "org.flow.write" - "org.flow.delete" - "user.read" - "user.global.read" - "user.write" - "user.delete" - "user.grant.read" - "user.grant.write" - "user.grant.delete" - "user.membership.read" - "user.credential.write" - "features.read" - "policy.read" - "policy.write" - "policy.delete" - "project.read" - "project.create" - "project.write" - "project.delete" - "project.member.read" - "project.member.write" - "project.member.delete" - "project.role.read" - "project.role.write" - "project.role.delete" - "project.app.read" - "project.app.write" - "project.app.delete" - "project.grant.read" - "project.grant.write" - "project.grant.delete" - "project.grant.member.read" - "project.grant.member.write" - "project.grant.member.delete" - Role: 'IAM_OWNER_VIEWER' Permissions: - "iam.read" - "iam.features.read" - "iam.policy.read" - "iam.member.read" - "iam.idp.read" - "iam.action.read" - "iam.flow.read" - "org.read" - "org.member.read" - "org.idp.read" - "org.action.read" - "org.flow.read" - "user.read" - "user.global.read" - "user.grant.read" - "user.membership.read" - "features.read" - "policy.read" - "project.read" - "project.member.read" - "project.role.read" - "project.app.read" - "project.grant.read" - "project.grant.member.read" - Role: 'IAM_ORG_MANAGER' Permissions: - "org.read" - "org.global.read" - "org.create" - "org.write" - "org.member.read" - "org.member.write" - "org.member.delete" - "org.idp.read" - "org.idp.write" - "org.idp.delete" - "org.action.read" - "org.action.write" - "org.action.delete" - "org.flow.read" - "org.flow.write" - "org.flow.delete" - "user.read" - "user.global.read" - "user.write" - "user.delete" - "user.grant.read" - "user.grant.write" - "user.grant.delete" - "user.membership.read" - "user.credential.write" - "features.read" - "policy.read" - "policy.write" - "policy.delete" - "project.read" - "project.create" - "project.write" - "project.delete" - "project.member.read" - "project.member.write" - "project.member.delete" - "project.role.read" - "project.role.write" - "project.role.delete" - "project.app.read" - "project.app.write" - "project.app.delete" - "project.grant.read" - "project.grant.write" - "project.grant.delete" - "project.grant.member.read" - "project.grant.member.write" - "project.grant.member.delete" - Role: 'IAM_USER_MANAGER' Permissions: - "org.read" - "org.global.read" - "org.member.read" - "org.member.delete" - "user.read" - "user.global.read" - "user.write" - "user.delete" - "user.grant.read" - "user.grant.write" - "user.grant.delete" - "user.membership.read" - "features.read" - "project.read" - "project.member.read" - "project.role.read" - "project.app.read" - "project.grant.read" - "project.grant.write" - "project.grant.delete" - "project.grant.member.read" - Role: 'ORG_OWNER' Permissions: - "org.read" - "org.global.read" - "org.create" - "org.write" - "org.member.read" - "org.member.write" - "org.member.delete" - "org.idp.read" - "org.idp.write" - "org.idp.delete" - "org.action.read" - "org.action.write" - "org.action.delete" - "org.flow.read" - "org.flow.write" - "org.flow.delete" - "user.read" - "user.global.read" - "user.write" - "user.delete" - "user.grant.read" - "user.grant.write" - "user.grant.delete" - "user.membership.read" - "user.credential.write" - "features.read" - "policy.read" - "policy.write" - "policy.delete" - "project.read" - "project.create" - "project.write" - "project.delete" - "project.member.read" - "project.member.write" - "project.member.delete" - "project.role.read" - "project.role.write" - "project.role.delete" - "project.app.read" - "project.app.write" - "project.grant.read" - "project.grant.write" - "project.grant.delete" - "project.grant.member.read" - "project.grant.member.write" - "project.grant.member.delete" - Role: 'ORG_USER_MANAGER' Permissions: - "user.read" - "user.global.read" - "user.write" - "user.delete" - "user.grant.read" - "user.grant.write" - "user.grant.delete" - "user.membership.read" - "project.read" - "project.role.read" - Role: 'ORG_OWNER_VIEWER' Permissions: - "org.read" - "org.member.read" - "org.idp.read" - "org.action.read" - "org.flow.read" - "user.read" - "user.global.read" - "user.grant.read" - "user.membership.read" - "features.read" - "policy.read" - "project.read" - "project.member.read" - "project.role.read" - "project.app.read" - "project.grant.read" - "project.grant.member.read" - "project.grant.user.grant.read" - Role: 'ORG_USER_PERMISSION_EDITOR' Permissions: - "org.read" - "org.member.read" - "user.read" - "user.global.read" - "user.grant.read" - "user.grant.write" - "user.grant.delete" - "policy.read" - "project.read" - "project.member.read" - "project.role.read" - "project.app.read" - "project.grant.read" - "project.grant.member.read" - Role: 'ORG_PROJECT_PERMISSION_EDITOR' Permissions: - "org.read" - "org.member.read" - "user.read" - "user.global.read" - "user.grant.read" - "user.grant.write" - "user.grant.delete" - "policy.read" - "project.read" - "project.member.read" - "project.role.read" - "project.app.read" - "project.grant.read" - "project.grant.write" - "project.grant.delete" - "project.grant.member.read" - Role: 'ORG_PROJECT_CREATOR' Permissions: - "user.global.read" - "policy.read" - "project.read:self" - "project.create" - Role: 'PROJECT_OWNER' Permissions: - "org.global.read" - "policy.read" - "project.read" - "project.write" - "project.delete" - "project.member.read" - "project.member.write" - "project.member.delete" - "project.role.read" - "project.role.write" - "project.role.delete" - "project.app.read" - "project.app.write" - "project.app.delete" - "project.grant.read" - "project.grant.write" - "project.grant.delete" - "project.grant.member.read" - "project.grant.member.write" - "project.grant.member.delete" - "user.read" - "user.global.read" - "user.grant.read" - "user.grant.write" - "user.grant.delete" - "user.membership.read" - Role: 'PROJECT_OWNER_VIEWER' Permissions: - "policy.read" - "project.read" - "project.member.read" - "project.role.read" - "project.app.read" - "project.grant.read" - "project.grant.member.read" - "user.read" - "user.global.read" - "user.grant.read" - "user.membership.read" - Role: 'SELF_MANAGEMENT_GLOBAL' Permissions: - "org.create" - "policy.read" - "user.self.delete" - Role: 'PROJECT_OWNER_GLOBAL' Permissions: - "org.global.read" - "policy.read" - "project.read" - "project.write" - "project.delete" - "project.member.read" - "project.member.write" - "project.member.delete" - "project.role.read" - "project.role.write" - "project.role.delete" - "project.app.read" - "project.app.write" - "project.app.delete" - "user.global.read" - "user.grant.read" - "user.grant.write" - "user.grant.delete" - "user.membership.read" - Role: 'PROJECT_OWNER_VIEWER_GLOBAL' Permissions: - "policy.read" - "project.read" - "project.member.read" - "project.role.read" - "project.app.read" - "project.grant.read" - "project.grant.member.read" - "user.global.read" - "user.grant.read" - "user.membership.read" - Role: 'PROJECT_GRANT_OWNER' Permissions: - "policy.read" - "org.global.read" - "project.read" - "project.grant.read" - "project.grant.member.read" - "project.grant.member.write" - "project.grant.member.delete" - "user.read" - "user.global.read" - "user.grant.read" - "user.grant.write" - "user.grant.delete" - "user.membership.read" - Role: 'PROJECT_GRANT_OWNER_VIEWER' Permissions: - "policy.read" - "project.read" - "project.grant.read" - "project.grant.member.read" - "user.read" - "user.global.read" - "user.grant.read" - "user.membership.read"