Environment Variables
Environment variables for the auth-app service
| Name | Introduction Version | Type | Description | Default Value |
|---|---|---|---|---|
OC_TRACING_ENABLEDAUTH_APP_TRACING_ENABLED | 1.0.0 | bool | Activates tracing. | false |
OC_TRACING_TYPEAUTH_APP_TRACING_TYPE | 1.0.0 | string | The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now. | |
OC_TRACING_ENDPOINTAUTH_APP_TRACING_ENDPOINT | 1.0.0 | string | The endpoint of the tracing agent. | |
OC_TRACING_COLLECTORAUTH_APP_TRACING_COLLECTOR | 1.0.0 | string | The HTTP endpoint for sending spans directly to a collector, i.e. \http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset. | |
OC_LOG_LEVELAUTH_APP_LOG_LEVEL | 1.0.0 | string | The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'. | |
OC_LOG_PRETTYAUTH_APP_LOG_PRETTY | 1.0.0 | bool | Activates pretty log output. | false |
OC_LOG_COLORAUTH_APP_LOG_COLOR | 1.0.0 | bool | Activates colorized log output. | false |
OC_LOG_FILEAUTH_APP_LOG_FILE | 1.0.0 | string | The path to the log file. Activates logging to this file if set. | |
AUTH_APP_DEBUG_ADDR | 1.0.0 | string | Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed. | 127.0.0.1:9245 |
AUTH_APP_DEBUG_TOKEN | 1.0.0 | string | Token to secure the metrics endpoint. | |
AUTH_APP_DEBUG_PPROF | 1.0.0 | bool | Enables pprof, which can be used for profiling. | false |
AUTH_APP_DEBUG_ZPAGES | 1.0.0 | bool | Enables zpages, which can be used for collecting and viewing traces in-memory. | false |
AUTH_APP_GRPC_ADDR | 1.0.0 | string | The bind address of the GRPC service. | 127.0.0.1:9246 |
OC_GRPC_PROTOCOLAUTH_APP_GRPC_PROTOCOL | 1.0.0 | string | The transport protocol of the GRPC service. | tcp |
AUTH_APP_HTTP_ADDR | 1.0.0 | string | The bind address of the HTTP service. | 127.0.0.1:9247 |
AUTH_APP_HTTP_ROOT | 1.0.0 | string | Subdirectory that serves as the root for this HTTP service. | / |
OC_CORS_ALLOW_ORIGINSAUTH_APP_CORS_ALLOW_ORIGINS | 1.0.0 | []string | A list of allowed CORS origins. See following chapter for more details: Access-Control-Allow-Origin at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin. See the Environment Variable Types description for more details. | [*] |
OC_CORS_ALLOW_METHODSAUTH_APP_CORS_ALLOW_METHODS | 1.0.0 | []string | A list of allowed CORS methods. See following chapter for more details: Access-Control-Request-Method at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Method. See the Environment Variable Types description for more details. | [GET POST DELETE] |
OC_CORS_ALLOW_HEADERSAUTH_APP_CORS_ALLOW_HEADERS | 1.0.0 | []string | A list of allowed CORS headers. See following chapter for more details: Access-Control-Request-Headers at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Headers. See the Environment Variable Types description for more details. | [Authorization Origin Content-Type Accept X-Requested-With X-Request-Id Ocs-Apirequest] |
OC_CORS_ALLOW_CREDENTIALSAUTH_APP_CORS_ALLOW_CREDENTIALS | 1.0.0 | bool | Allow credentials for CORS.See following chapter for more details: Access-Control-Allow-Credentials at \https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials. | true |
OC_HTTP_TLS_ENABLED | 1.0.0 | bool | Activates TLS for the http based services using the server certifcate and key configured via OC_HTTP_TLS_CERTIFICATE and OC_HTTP_TLS_KEY. If OC_HTTP_TLS_CERTIFICATE is not set a temporary server certificate is generated - to be used with PROXY_INSECURE_BACKEND=true. | false |
OC_HTTP_TLS_CERTIFICATE | 1.0.0 | string | Path/File name of the TLS server certificate (in PEM format) for the http services. | |
OC_HTTP_TLS_KEY | 1.0.0 | string | Path/File name for the TLS certificate key (in PEM format) for the server certificate to use for the http services. | |
OC_JWT_SECRETAUTH_APP_JWT_SECRET | 1.0.0 | string | The secret to mint and validate jwt tokens. | |
OC_REVA_GATEWAY | 1.0.0 | string | The CS3 gateway endpoint. | eu.opencloud.api.gateway |
OC_GRPC_CLIENT_TLS_MODE | 1.0.0 | string | TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows using transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server certificate verification. | |
OC_GRPC_CLIENT_TLS_CACERT | 1.0.0 | string | Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the go-micro based grpc services. | |
AUTH_APP_SKIP_USER_GROUPS_IN_TOKEN | 1.0.0 | bool | Disables the encoding of the user's group memberships in the access token. This reduces the token size, especially when users are members of a large number of groups. | false |
OC_MACHINE_AUTH_API_KEYAUTH_APP_MACHINE_AUTH_API_KEY | 1.0.0 | string | The machine auth API key used to validate internal requests necessary to access resources from other services. | |
AUTH_APP_ENABLE_IMPERSONATION | 1.0.0 | bool | Allows admins to create app tokens for other users. Used for migration. Do NOT use in productive deployments. | false |
AUTH_APP_STORAGE_DRIVER | next | string | Driver to be used to persist the app tokes . Supported values are 'jsoncs3', 'json'. | jsoncs3 |
AUTH_APP_JSONCS3_PROVIDER_ADDR | next | string | GRPC address of the STORAGE-SYSTEM service. | eu.opencloud.api.storage-system |
OC_SYSTEM_USER_IDAUTH_APP_JSONCS3_SYSTEM_USER_ID | next | string | ID of the OpenCloud STORAGE-SYSTEM system user. Admins need to set the ID for the STORAGE-SYSTEM system user in this config option which is then used to reference the user. Any reasonable long string is possible, preferably this would be an UUIDv4 format. | |
OC_SYSTEM_USER_IDPAUTH_APP_JSONCS3_SYSTEM_USER_IDP | next | string | IDP of the OpenCloud STORAGE-SYSTEM system user. | internal |
OC_SYSTEM_USER_API_KEYAUTH_APP_JSONCS3_SYSTEM_USER_API_KEY | next | string | API key for the STORAGE-SYSTEM system user. | |
AUTH_APP_JSONCS3_PASSWORD_GENERATOR | next | string | The password generator that should be used for generating app tokens. Supported values are: 'diceware' and 'random'. | diceware |
AUTH_APP_JSONCS3_DICEWARE_NUMBER_OF_WORDS | next | int | The number of words the generated passphrase will have. | 6 |
AUTH_APP_JSONCS3_RANDOM_PASSWORD_LENGTH | next | int | The number of charactors the generated passwords will have. | 0 |