mirror of
https://github.com/zitadel/zitadel.git
synced 2024-12-12 11:04:25 +00:00
5463244376
* enable overwrite of adminUser fields in defaults.yaml * create schema and table * cli: create keys * cli: create keys * read encryptionkey from db * merge v2 * file names * cleanup defaults.yaml * remove custom errors * load encryptionKeys on start * cleanup * fix merge * update system defaults * fix error message
185 lines
4.0 KiB
YAML
185 lines
4.0 KiB
YAML
Log:
|
|
Level: debug
|
|
Formatter:
|
|
Format: text
|
|
|
|
Port: 8080
|
|
ExternalPort: 8080
|
|
ExternalDomain: localhost
|
|
ExternalSecure: true
|
|
|
|
Database:
|
|
Host: localhost
|
|
Port: 26257
|
|
Database: zitadel
|
|
MaxOpenConns: 20
|
|
MaxConnLifetime: 30m
|
|
MaxConnIdleTime: 30m
|
|
Options: ""
|
|
User:
|
|
Username: zitadel
|
|
Password: ""
|
|
SSL:
|
|
Mode: disable
|
|
RootCert: ""
|
|
Cert: ""
|
|
Key: ""
|
|
|
|
AdminUser:
|
|
Username: root
|
|
Password: ""
|
|
SSL:
|
|
Mode: disable
|
|
RootCert: ""
|
|
Cert: ""
|
|
Key: ""
|
|
|
|
Projections:
|
|
Config:
|
|
RequeueEvery: 10s
|
|
RetryFailedAfter: 1s
|
|
MaxFailureCount: 5
|
|
BulkLimit: 200
|
|
MaxIterators: 1
|
|
Customizations:
|
|
projects:
|
|
BulkLimit: 2000
|
|
|
|
AuthZ:
|
|
Repository:
|
|
Spooler:
|
|
ConcurrentWorkers: 1
|
|
BulkLimit: 10000
|
|
FailureCountUntilSkip: 5
|
|
|
|
Auth:
|
|
SearchLimit: 1000
|
|
Spooler:
|
|
ConcurrentWorkers: 1
|
|
BulkLimit: 10000
|
|
FailureCountUntilSkip: 5
|
|
|
|
Admin:
|
|
SearchLimit: 1000
|
|
Spooler:
|
|
ConcurrentWorkers: 1
|
|
BulkLimit: 10000
|
|
FailureCountUntilSkip: 5
|
|
|
|
UserAgentCookie:
|
|
Name: zitadel.useragent
|
|
MaxAge: 8760h #365*24h (1 year)
|
|
|
|
OIDC:
|
|
CodeMethodS256: true
|
|
AuthMethodPost: true
|
|
AuthMethodPrivateKeyJWT: true
|
|
GrantTypeRefreshToken: true
|
|
RequestObjectSupported: true
|
|
SigningKeyAlgorithm: RS256
|
|
DefaultAccessTokenLifetime: 12h
|
|
DefaultIdTokenLifetime: 12h
|
|
DefaultRefreshTokenIdleExpiration: 720h #30d
|
|
DefaultRefreshTokenExpiration: 2160h #90d
|
|
Cache:
|
|
MaxAge: 12h
|
|
SharedMaxAge: 168h #7d
|
|
CustomEndpoints:
|
|
|
|
Login:
|
|
LanguageCookieName: zitadel.login.lang
|
|
CSRFCookieName: zitadel.login.csrf
|
|
Cache:
|
|
MaxAge: 12h
|
|
SharedMaxAge: 168h #7d
|
|
|
|
Console:
|
|
ConsoleOverwriteDir: ""
|
|
ShortCache:
|
|
MaxAge: 5m
|
|
SharedMaxAge: 15m
|
|
LongCache:
|
|
MaxAge: 12h
|
|
SharedMaxAge: 168h
|
|
|
|
Notification:
|
|
Repository:
|
|
Spooler:
|
|
ConcurrentWorkers: 1
|
|
BulkLimit: 10000
|
|
FailureCountUntilSkip: 5
|
|
Handlers:
|
|
|
|
EncryptionKeys:
|
|
DomainVerification:
|
|
EncryptionKeyID: "domainVerificationKey"
|
|
DecryptionKeyIDs:
|
|
IDPConfig:
|
|
EncryptionKeyID: "idpConfigKey"
|
|
DecryptionKeyIDs:
|
|
OIDC:
|
|
EncryptionKeyID: "oidcKey"
|
|
DecryptionKeyIDs:
|
|
OTP:
|
|
EncryptionKeyID: "otpKey"
|
|
DecryptionKeyIDs:
|
|
SMS:
|
|
EncryptionKeyID: "smsKey"
|
|
DecryptionKeyIDs:
|
|
SMTP:
|
|
EncryptionKeyID: "smtpKey"
|
|
DecryptionKeyIDs:
|
|
User:
|
|
EncryptionKeyID: "userKey"
|
|
DecryptionKeyIDs:
|
|
CSRFCookieKeyID: "csrfCookieKey"
|
|
UserAgentCookieKeyID: "userAgentCookieKey"
|
|
|
|
#TODO: configure as soon as possible
|
|
#AssetStorage:
|
|
# Type: $ZITADEL_ASSET_STORAGE_TYPE
|
|
# Config:
|
|
# Endpoint: $ZITADEL_ASSET_STORAGE_ENDPOINT
|
|
# AccessKeyID: $ZITADEL_ASSET_STORAGE_ACCESS_KEY_ID
|
|
# SecretAccessKey: $ZITADEL_ASSET_STORAGE_SECRET_ACCESS_KEY
|
|
# SSL: $ZITADEL_ASSET_STORAGE_SSL
|
|
# Location: $ZITADEL_ASSET_STORAGE_LOCATION
|
|
# BucketPrefix: $ZITADEL_ASSET_STORAGE_BUCKET_PREFIX
|
|
# MultiDelete: $ZITADEL_ASSET_STORAGE_MULTI_DELETE
|
|
|
|
#TODO: remove as soon as possible
|
|
SystemDefaults:
|
|
# DefaultLanguage: 'en'
|
|
Domain: $ZITADEL_DEFAULT_DOMAIN
|
|
ZitadelDocs:
|
|
Issuer: $ZITADEL_ISSUER
|
|
DiscoveryEndpoint: '$ZITADEL_ISSUER/.well-known/openid-configuration'
|
|
SecretGenerators:
|
|
PasswordSaltCost: 14
|
|
MachineKeySize: 2048
|
|
ApplicationKeySize: 2048
|
|
Multifactors:
|
|
OTP:
|
|
Issuer: 'ZITADEL'
|
|
DomainVerification:
|
|
VerificationGenerator:
|
|
Length: 32
|
|
IncludeLowerLetters: true
|
|
IncludeUpperLetters: true
|
|
IncludeDigits: true
|
|
IncludeSymbols: false
|
|
Notifications:
|
|
Endpoints:
|
|
InitCode: '$ZITADEL_ACCOUNTS/user/init?userID={{.UserID}}&code={{.Code}}&passwordset={{.PasswordSet}}'
|
|
PasswordReset: '$ZITADEL_ACCOUNTS/password/init?userID={{.UserID}}&code={{.Code}}'
|
|
VerifyEmail: '$ZITADEL_ACCOUNTS/mail/verification?userID={{.UserID}}&code={{.Code}}'
|
|
DomainClaimed: '$ZITADEL_ACCOUNTS/login'
|
|
PasswordlessRegistration: '$ZITADEL_ACCOUNTS/login/passwordless/init'
|
|
FileSystemPath: '.notifications/'
|
|
KeyConfig:
|
|
Size: 2048
|
|
PrivateKeyLifetime: 6h
|
|
PublicKeyLifetime: 30h
|
|
SigningKeyRotationCheck: 10s
|
|
SigningKeyGracefulPeriod: 10m
|