mirror of
https://github.com/zitadel/zitadel.git
synced 2024-12-12 11:04:25 +00:00
389eb4a27a
* start v2 * start * run * some cleanup * remove v2 pkg again * simplify * webauthn * remove unused config * fix login path in Dockerfile * fix asset_generator.go * health handler * fix grpc web * refactor * merge * build new main.go * run new main.go * update logging pkg * fix error msg * update logging * cleanup * cleanup * go mod tidy * change localDevMode * fix customEndpoints * update logging * comments * change local flag to external configs * fix location generated go code * fix Co-authored-by: fforootd <florian@caos.ch>
281 lines
7.2 KiB
YAML
281 lines
7.2 KiB
YAML
Log:
|
|
Level: debug
|
|
Formatter:
|
|
Format: text
|
|
|
|
Port: 8080
|
|
ExternalPort: 8080
|
|
ExternalDomain: localhost
|
|
ExternalSecure: true
|
|
|
|
Database:
|
|
Host: localhost
|
|
Port: 26257
|
|
User: zitadel
|
|
Database: zitadel
|
|
Password: ""
|
|
MaxOpenConns: 20
|
|
MaxConnLifetime: 30m
|
|
MaxConnIdleTime: 30m
|
|
Options: ""
|
|
SSL:
|
|
Mode: diabled
|
|
RootCert: ""
|
|
Cert: ""
|
|
Key: ""
|
|
|
|
Projections:
|
|
Config:
|
|
RequeueEvery: 10s
|
|
RetryFailedAfter: 1s
|
|
MaxFailureCount: 5
|
|
BulkLimit: 200
|
|
MaxIterators: 1
|
|
Customizations:
|
|
projects:
|
|
BulkLimit: 2000
|
|
KeyConfig:
|
|
# We don't need an EncryptionKey but DecryptionKeys (and load them via env)
|
|
DecryptionKeyIDs:
|
|
Path: ""
|
|
|
|
AuthZ:
|
|
Repository:
|
|
Spooler:
|
|
ConcurrentWorkers: 1
|
|
BulkLimit: 10000
|
|
FailureCountUntilSkip: 5
|
|
|
|
Auth:
|
|
SearchLimit: 1000
|
|
Spooler:
|
|
ConcurrentWorkers: 1
|
|
BulkLimit: 10000
|
|
FailureCountUntilSkip: 5
|
|
|
|
Admin:
|
|
SearchLimit: 1000
|
|
Spooler:
|
|
ConcurrentWorkers: 1
|
|
BulkLimit: 10000
|
|
FailureCountUntilSkip: 5
|
|
|
|
UserAgentCookie:
|
|
Name: zitadel.useragent
|
|
Key:
|
|
EncryptionKeyID:
|
|
MaxAge: 8760h #365*24h (1 year)
|
|
|
|
OIDC:
|
|
CodeMethodS256: true
|
|
AuthMethodPost: true
|
|
AuthMethodPrivateKeyJWT: true
|
|
GrantTypeRefreshToken: true
|
|
RequestObjectSupported: true
|
|
SigningKeyAlgorithm: RS256
|
|
DefaultAccessTokenLifetime: 12h
|
|
DefaultIdTokenLifetime: 12h
|
|
DefaultRefreshTokenIdleExpiration: 720h #30d
|
|
DefaultRefreshTokenExpiration: 2160h #90d
|
|
Cache:
|
|
MaxAge: 12h
|
|
SharedMaxAge: 168h #7d
|
|
KeyConfig:
|
|
EncryptionKeyID: ""
|
|
DecryptionKeyIDs:
|
|
Path: ""
|
|
CustomEndpoints:
|
|
|
|
Login:
|
|
LanguageCookieName: zitadel.login.lang
|
|
CSRF:
|
|
CookieName: zitadel.login.csrf
|
|
Development: true
|
|
Key:
|
|
EncryptionKeyID:
|
|
Cache:
|
|
MaxAge: 12h
|
|
SharedMaxAge: 168h #7d
|
|
|
|
Console:
|
|
ConsoleOverwriteDir: ""
|
|
ShortCache:
|
|
MaxAge: 5m
|
|
SharedMaxAge: 15m
|
|
LongCache:
|
|
MaxAge: 12h
|
|
SharedMaxAge: 168h
|
|
|
|
Notification:
|
|
Repository:
|
|
Spooler:
|
|
ConcurrentWorkers: 1
|
|
BulkLimit: 10000
|
|
FailureCountUntilSkip: 5
|
|
Handlers:
|
|
|
|
#TODO: configure as soon as possible
|
|
#AssetStorage:
|
|
# Type: $ZITADEL_ASSET_STORAGE_TYPE
|
|
# Config:
|
|
# Endpoint: $ZITADEL_ASSET_STORAGE_ENDPOINT
|
|
# AccessKeyID: $ZITADEL_ASSET_STORAGE_ACCESS_KEY_ID
|
|
# SecretAccessKey: $ZITADEL_ASSET_STORAGE_SECRET_ACCESS_KEY
|
|
# SSL: $ZITADEL_ASSET_STORAGE_SSL
|
|
# Location: $ZITADEL_ASSET_STORAGE_LOCATION
|
|
# BucketPrefix: $ZITADEL_ASSET_STORAGE_BUCKET_PREFIX
|
|
# MultiDelete: $ZITADEL_ASSET_STORAGE_MULTI_DELETE
|
|
|
|
#TODO: remove as soon as possible
|
|
SystemDefaults:
|
|
# DefaultLanguage: 'en'
|
|
Domain: $ZITADEL_DEFAULT_DOMAIN
|
|
ZitadelDocs:
|
|
Issuer: $ZITADEL_ISSUER
|
|
DiscoveryEndpoint: '$ZITADEL_ISSUER/.well-known/openid-configuration'
|
|
UserVerificationKey:
|
|
EncryptionKeyID: $ZITADEL_USER_VERIFICATION_KEY
|
|
IDPConfigVerificationKey:
|
|
EncryptionKeyID: $ZITADEL_IDP_CONFIG_VERIFICATION_KEY
|
|
SecretGenerators:
|
|
PasswordSaltCost: 14
|
|
ClientSecretGenerator:
|
|
Length: 64
|
|
IncludeLowerLetters: true
|
|
IncludeUpperLetters: true
|
|
IncludeDigits: true
|
|
IncludeSymbols: false
|
|
InitializeUserCode:
|
|
Length: 6
|
|
Expiry: '72h'
|
|
IncludeLowerLetters: false
|
|
IncludeUpperLetters: true
|
|
IncludeDigits: true
|
|
IncludeSymbols: false
|
|
EmailVerificationCode:
|
|
Length: 6
|
|
Expiry: '1h'
|
|
IncludeLowerLetters: false
|
|
IncludeUpperLetters: true
|
|
IncludeDigits: true
|
|
IncludeSymbols: false
|
|
PhoneVerificationCode:
|
|
Length: 6
|
|
Expiry: '1h'
|
|
IncludeLowerLetters: false
|
|
IncludeUpperLetters: true
|
|
IncludeDigits: true
|
|
IncludeSymbols: false
|
|
PasswordVerificationCode:
|
|
Length: 6
|
|
Expiry: '1h'
|
|
IncludeLowerLetters: false
|
|
IncludeUpperLetters: true
|
|
IncludeDigits: true
|
|
IncludeSymbols: false
|
|
PasswordlessInitCode:
|
|
Length: 12
|
|
Expiry: '1h'
|
|
IncludeLowerLetters: true
|
|
IncludeUpperLetters: true
|
|
IncludeDigits: true
|
|
IncludeSymbols: false
|
|
MachineKeySize: 2048
|
|
ApplicationKeySize: 2048
|
|
Multifactors:
|
|
OTP:
|
|
Issuer: 'ZITADEL'
|
|
VerificationKey:
|
|
EncryptionKeyID: $ZITADEL_OTP_VERIFICATION_KEY
|
|
VerificationLifetimes:
|
|
PasswordCheck: 240h #10d
|
|
ExternalLoginCheck: 240h #10d
|
|
MFAInitSkip: 720h #30d
|
|
SecondFactorCheck: 18h
|
|
MultiFactorCheck: 12h
|
|
IamID: 'IAM'
|
|
DomainVerification:
|
|
VerificationKey:
|
|
EncryptionKeyID: $ZITADEL_DOMAIN_VERIFICATION_KEY
|
|
VerificationGenerator:
|
|
Length: 32
|
|
IncludeLowerLetters: true
|
|
IncludeUpperLetters: true
|
|
IncludeDigits: true
|
|
IncludeSymbols: false
|
|
Notifications:
|
|
# DebugMode: $DEBUG_MODE
|
|
Endpoints:
|
|
InitCode: '$ZITADEL_ACCOUNTS/user/init?userID={{.UserID}}&code={{.Code}}&passwordset={{.PasswordSet}}'
|
|
PasswordReset: '$ZITADEL_ACCOUNTS/password/init?userID={{.UserID}}&code={{.Code}}'
|
|
VerifyEmail: '$ZITADEL_ACCOUNTS/mail/verification?userID={{.UserID}}&code={{.Code}}'
|
|
DomainClaimed: '$ZITADEL_ACCOUNTS/login'
|
|
PasswordlessRegistration: '$ZITADEL_ACCOUNTS/login/passwordless/init'
|
|
Providers:
|
|
Email:
|
|
SMTP:
|
|
Host: $SMTP_HOST
|
|
User: $SMTP_USER
|
|
Password: $SMTP_PASSWORD
|
|
From: $EMAIL_SENDER_ADDRESS
|
|
FromName: $EMAIL_SENDER_NAME
|
|
# Tls: $SMTP_TLS
|
|
Twilio:
|
|
SID: $TWILIO_SERVICE_SID
|
|
Token: $TWILIO_TOKEN
|
|
From: $TWILIO_SENDER_NAME
|
|
FileSystem:
|
|
# Enabled: $FS_NOTIFICATIONS_ENABLED
|
|
Path: $FS_NOTIFICATIONS_PATH
|
|
# Compact: $FS_NOTIFICATIONS_COMPACT
|
|
Log:
|
|
# Enabled: $LOG_NOTIFICATIONS_ENABLED
|
|
# Compact: $LOG_NOTIFICATIONS_COMPACT
|
|
Chat:
|
|
# Enabled: $CHAT_ENABLED
|
|
Url: $CHAT_URL
|
|
# Compact: $CHAT_COMPACT
|
|
SplitCount: 4000
|
|
TemplateData:
|
|
InitCode:
|
|
Title: 'InitCode.Title'
|
|
PreHeader: 'InitCode.PreHeader'
|
|
Subject: 'InitCode.Subject'
|
|
Greeting: 'InitCode.Greeting'
|
|
Text: 'InitCode.Text'
|
|
ButtonText: 'InitCode.ButtonText'
|
|
PasswordReset:
|
|
Title: 'PasswordReset.Title'
|
|
PreHeader: 'PasswordReset.PreHeader'
|
|
Subject: 'PasswordReset.Subject'
|
|
Greeting: 'PasswordReset.Greeting'
|
|
Text: 'PasswordReset.Text'
|
|
ButtonText: 'PasswordReset.ButtonText'
|
|
VerifyEmail:
|
|
Title: 'VerifyEmail.Title'
|
|
PreHeader: 'VerifyEmail.PreHeader'
|
|
Subject: 'VerifyEmail.Subject'
|
|
Greeting: 'VerifyEmail.Greeting'
|
|
Text: 'VerifyEmail.Text'
|
|
ButtonText: 'VerifyEmail.ButtonText'
|
|
VerifyPhone:
|
|
Title: 'VerifyPhone.Title'
|
|
PreHeader: 'VerifyPhone.PreHeader'
|
|
Subject: 'VerifyPhone.Subject'
|
|
Greeting: 'VerifyPhone.Greeting'
|
|
Text: 'VerifyPhone.Text'
|
|
ButtonText: 'VerifyPhone.ButtonText'
|
|
DomainClaimed:
|
|
Title: 'DomainClaimed.Title'
|
|
PreHeader: 'DomainClaimed.PreHeader'
|
|
Subject: 'DomainClaimed.Subject'
|
|
Greeting: 'DomainClaimed.Greeting'
|
|
Text: 'DomainClaimed.Text'
|
|
ButtonText: 'DomainClaimed.ButtonText'
|
|
KeyConfig:
|
|
Size: 2048
|
|
PrivateKeyLifetime: 6h
|
|
PublicKeyLifetime: 30h
|
|
SigningKeyRotationCheck: 10s
|
|
SigningKeyGracefulPeriod: 10m
|