Configuration Properties
View product
develop
You can set the following configurations to the PowerAuth Cloud components:
PowerAuth Server
Environment Variable | Default Value | Description |
---|---|---|
POWERAUTH_SERVER_JPA_CHARSET | utf8 |
|
POWERAUTH_SERVER_JPA_CHARACTER_ENCODING | utf8 |
|
POWERAUTH_SERVER_JPA_USE_UNICODE | true | |
POWERAUTH_SERVER_JPA_LOCK_TIMEOUT | 10000 | Database lock timeout configuration |
POWERAUTH_SERVER_DATASOURCE_JNDI_NAME | false | |
POWERAUTH_SERVER_SPRING_JMX_ENABLED | false | |
POWERAUTH_SERVER_SPRING_JMX_DEFAULT_DOMAIN | powerauth-server |
|
POWERAUTH_SERVER_HTTP_PROXY_ENABLED | false | |
POWERAUTH_SERVER_HTTP_PROXY_HOST | 127.0.0.1 |
Proxy host |
POWERAUTH_SERVER_HTTP_PROXY_PORT | 8080 | Proxy port |
POWERAUTH_SERVER_HTTP_PROXY_USERNAME | Proxy username | |
POWERAUTH_SERVER_HTTP_PROXY_PASSWORD | Proxy password | |
POWERAUTH_SERVER_HTTP_CONNECTION_TIMEOUT | 5000 | Service connect timeout in milliseconds |
POWERAUTH_SERVER_TOKEN_TIMESTAMP_VALIDITY | 7200000 | Token timestamp validity in milliseconds |
POWERAUTH_SERVER_RESTRICT_ACCESS | false | Whether access to the REST API is restricted |
POWERAUTH_SERVER_ACTIVATION_VALIDITY_MILLIS | 120000 | Default expiration period for activations |
POWERAUTH_SERVER_RECOVERY_MAX_FAILED_ATTEMPTS | 5 | Maximum failed attempts for activation recovery |
POWERAUTH_SERVER_DB_MASTER_ENCRYPTION_KEY | Master DB encryption key | |
POWERAUTH_SERVER_SECURE_VAULT_ENABLE_BIOMETRY | false | Whether biometry is enabled in Secure Vault |
POWERAUTH_SERVER_APPLICATION_NAME | powerauth-server |
|
POWERAUTH_SERVER_APPLICATION_DISPLAY_NAME | PowerAuth Server |
|
POWERAUTH_SERVER_APPLICATION_ENVIRONMENT | Application environment exposed in status endpoint | |
POWERAUTH_SERVER_LOGGING | ||
POWERAUTH_SERVER_SIGNATURE_MAX_FAILED_ATTEMPTS | 5 | Maximum failed attempts for signature verification |
POWERAUTH_SERVER_PROXIMITY_CHECK_OTP_LENGTH | 8 | Length of OTP generated for proximity check |
POWERAUTH_SERVER_PROXIMITY_CHECK_OTP_STEP_DURATION | 30s |
Time-step duration used for generating and validating TOTP for the proximity check |
POWERAUTH_SERVER_PROXIMITY_CHECK_OTP_STEP_COUNT | 1 | Number of past time-steps used for validating TOTP for the proximity check |
POWERAUTH_SERVER_CALLBACKS_DEFAULT_MAX_ATTEMPTS | 1 | Default maximum number of dispatch attempts for a callback event |
POWERAUTH_SERVER_CALLBACKS_DEFAULT_RETENTION_PERIOD | 30d |
Default retention period of a completed callback event before deleting its record from the database table |
POWERAUTH_SERVER_CALLBACKS_DEFAULT_INITIAL_BACKOFF | 2s |
Default initial backoff after an unsuccessful attempt to dispatch a callback event |
POWERAUTH_SERVER_CALLBACKS_MAX_BACKOFF | 32s |
The maximum allowable backoff period between successive attempts to dispatch a callback event |
POWERAUTH_SERVER_CALLBACKS_BACKOFF_MULTIPLIER | 1.5 | The multiplier used to calculate the backoff period |
POWERAUTH_SERVER_CALLBACKS_PENDING_CALLBACK_URL_EVENTS_DISPATCH_LIMIT | 100 | Maximum number of pending callback events that will be dispatched in a single scheduled job run |
POWERAUTH_SERVER_CALLBACKS_THREAD_POOL_CORE_SIZE | 1 | Number of core threads in the thread pool used by the executor |
POWERAUTH_SERVER_CALLBACKS_THREAD_POOL_MAX_SIZE | 2 | Maximum number of threads in the thread pool used by the executor |
POWERAUTH_SERVER_CALLBACKS_THREAD_POOL_QUEUE_CAPACITY | 1000 | Queue capacity of the thread pool used by the executor |
POWERAUTH_SERVER_CALLBACKS_FORCE_RERUN_PERIOD | Time period after which a currently processed callback event is considered stale and should be scheduled to rerun | |
POWERAUTH_SERVER_CALLBACKS_FAILURE_THRESHOLD | 200 | The number of consecutive failures allowed for callback events with the same configuration. If set to -1, unlimited number of failures is allowed |
POWERAUTH_SERVER_CALLBACKS_FAILURE_RESET_TIMEOUT | 60s |
Time period after which a Callback URL Event will be dispatched, even if failure threshold has been reached |
POWERAUTH_SERVER_CALLBACKS_CLIENTS_CACHE_REFRESH_AFTER_WRITE | 5m |
Callback REST clients are cached and automatically evicted if updated through the Callback Management API on a single node. Time-based refreshing mechanism is a fallback in clustered environments |
Push Server
Environment Variable | Default Value | Description |
---|---|---|
PUSH_SERVER_POWERAUTH_SERVICE_RESPONSE_TIMEOUT | 60s |
PowerAuth REST API response timeout |
PUSH_SERVER_POWERAUTH_SERVICE_MAX_IDLE_TIME | 200s |
PowerAuth REST API max idle time |
PUSH_SERVER_SECURITY_CLIENT_TOKEN | PowerAuth REST API authentication token | |
PUSH_SERVER_SECURITY_CLIENT_SECRET | PowerAuth REST API authentication secret / password | |
PUSH_SERVER_ACCEPT_INVALID_SSL_CERTIFICATE | false | Whether to accept invalid SSL certificate. |
PUSH_SERVER_JPA_CHARSET | utf8 |
|
PUSH_SERVER_JPA_CHARACTER_ENCODING | utf8 |
|
PUSH_SERVER_JPA_USE_UNICODE | true | |
PUSH_SERVER_APNS_DEVELOPMENT | true | Flag indicating that the development instance of APNS service should be used |
PUSH_SERVER_APNS_PROXY_ENABLED | false | Flag indicating if the communication needs to go through proxy |
PUSH_SERVER_APNS_PROXY_HOST | 127.0.0.1 |
Proxy host |
PUSH_SERVER_APNS_PROXY_PORT | 8080 | Proxy port |
PUSH_SERVER_APNS_PROXY_USERNAME | Proxy username | |
PUSH_SERVER_APNS_PROXY_PASSWORD | Proxy password | |
PUSH_SERVER_FCM_PROXY_ENABLED | false | Flag indicating if the communication needs to go through proxy |
PUSH_SERVER_FCM_PROXY_HOST | 127.0.0.1 |
Proxy host |
PUSH_SERVER_FCM_PROXY_PORT | 8080 | Proxy port |
PUSH_SERVER_FCM_PROXY_USERNAME | Proxy username | |
PUSH_SERVER_FCM_PROXY_PASSWORD | Proxy password | |
PUSH_SERVER_FCM_DATA_NOTIFICATION_ONLY | false | Flag indicating that FCM service should never use “notification” format, only a data format with extra payload representing the notification |
PUSH_SERVER_HMS_PROXY_ENABLED | false | Flag indicating if the communication needs to go through proxy |
PUSH_SERVER_HMS_PROXY_HOST | 127.0.0.1 |
Proxy host |
PUSH_SERVER_HMS_PROXY_PORT | 8080 | Proxy port |
PUSH_SERVER_HMS_PROXY_USERNAME | Proxy username | |
PUSH_SERVER_HMS_PROXY_PASSWORD | Proxy password | |
PUSH_SERVER_HMS_DATA_NOTIFICATION_ONLY | false | Flag indicating that HMS service should never use “notification” format, only a data format with extra payload representing the notification |
PUSH_SERVER_DATASOURCE_JNDI_NAME | false | |
PUSH_SERVER_CAMPAIGN_BATCH_SIZE | 100000 | |
PUSH_SERVER_MESSAGE_STORAGE_ENABLED | false | Whether persistent storing of sent messages is enabled |
PUSH_SERVER_REGISTRATION_MULTIPLE_ACTIVATIONS_ENABLED | false | Whether push registration supports “associated activations” |
PUSH_SERVER_SPRING_BATCH_JOB_ENABLED | false | |
PUSH_SERVER_SPRING_JMX_ENABLED | false | |
PUSH_SERVER_SPRING_JMX_DEFAULT_DOMAIN | powerauth-push-server |
|
PUSH_SERVER_FCM_CONNECT_TIMEOUT | 5000 | Push message gateway connect timeout in milliseconds |
PUSH_SERVER_APNS_CONNECT_TIMEOUT | 5000 | Push message gateway connect timeout in milliseconds |
PUSH_SERVER_HMS_CONNECT_TIMEOUT | 5000 | Push message gateway connect timeout in milliseconds |
PUSH_SERVER_APPLICATION_NAME | powerauth-push-server |
|
PUSH_SERVER_APPLICATION_DISPLAY_NAME | PowerAuth Push Server |
|
PUSH_SERVER_APPLICATION_ENVIRONMENT | Environment identifier | |
PUSH_SERVER_LOGGING |
PowerAuth Cloud
Environment Variable | Default Value | Description |
---|---|---|
POWERAUTH_CLOUD_POWERAUTH_SERVICE_SECURITY_CLIENT_SECRET | PowerAuth REST API authentication secret / password | |
POWERAUTH_CLOUD_POWERAUTH_SERVICE_SECURITY_CLIENT_TOKEN | PowerAuth REST API authentication token | |
POWERAUTH_CLOUD_POWERAUTH_SERVICE_RESPONSE_TIMEOUT | 60s |
PowerAuth REST API response timeout |
POWERAUTH_CLOUD_POWERAUTH_SERVICE_MAX_IDLE_TIME | 200s |
PowerAuth REST API max idle time |
POWERAUTH_CLOUD_FIDO2_SERVICE_SECURITY_CLIENT_SECRET | PowerAuth FIDO2 API authentication secret / password | |
POWERAUTH_CLOUD_FIDO2_SERVICE_SECURITY_CLIENT_TOKEN | PowerAuth FIDO2 API authentication token | |
POWERAUTH_CLOUD_FIDO2_SERVICE_RESPONSE_TIMEOUT | 60s |
PowerAuth FIDO2 API response timeout |
POWERAUTH_CLOUD_FIDO2_SERVICE_MAX_IDLE_TIME | 200s |
PowerAuth FIDO2 API max idle time |
POWERAUTH_CLOUD_PUSH_SERVER_RESPONSE_TIMEOUT | 60s |
Push Server API response timeout |
POWERAUTH_CLOUD_PUSH_SERVER_MAX_IDLE_TIME | 200s |
Push Server API max idle time |
POWERAUTH_CLOUD_DATASOURCE_JNDI_NAME | false | |
POWERAUTH_CLOUD_DATASOURCE_URL | jdbc:postgresql://host.docker.internal:5432/powerauth |
|
POWERAUTH_CLOUD_DATASOURCE_USERNAME | $USERNAME$ |
|
POWERAUTH_CLOUD_DATASOURCE_PASSWORD | $PASSWORD$ |
|
POWERAUTH_CLOUD_JPA_CHARSET | utf8 |
|
POWERAUTH_CLOUD_JPA_CHARACTER_ENCODING | utf8 |
|
POWERAUTH_CLOUD_JPA_USE_UNICODE | true | |
POWERAUTH_CLOUD_JPA_LOCK_TIMEOUT | 10000 | Database lock timeout configuration |
POWERAUTH_CLOUD_LOGGING | ||
POWERAUTH_CLOUD_SECURITY_AUTH_TYPE | BASIC_HTTP |
BASIC_HTTP for basic HTTP authentication or OIDC for OpenID Connect. If OIDC is enabled, the properties below must be configured. |
POWERAUTH_CLOUD_SECURITY_AUTH_OIDC_ROLES_CLAIM | A name of the claim in the JWT that contains the user roles. | |
POWERAUTH_CLOUD_SECURITY_AUTH_OIDC_ISSUER_URI | URL of the provider, e.g. https://sts.windows.net/example/ |
|
POWERAUTH_CLOUD_SECURITY_AUTH_OIDC_AUDIENCES | A comma-separated list of allowed aud JWT claim values to be validated. |
Enrollment Server
Environment Variable | Default Value | Description |
---|---|---|
ENROLLMENT_SERVER_POWERAUTH_SERVICE_RESPONSE_TIMEOUT | 60s |
PowerAuth REST API response timeout |
ENROLLMENT_SERVER_POWERAUTH_SERVICE_MAX_IDLE_TIME | 200s |
PowerAuth REST API max idle time |
ENROLLMENT_SERVER_POWERAUTH_SERVICE_SECURITY_CLIENT_SECRET | PowerAuth REST API authentication secret / password | |
ENROLLMENT_SERVER_POWERAUTH_SERVICE_SECURITY_CLIENT_TOKEN | PowerAuth REST API authentication token | |
ENROLLMENT_SERVER_PUSH_SERVER_RESPONSE_TIMEOUT | 60s |
Push Server response timeout |
ENROLLMENT_SERVER_PUSH_SERVER_MAX_IDLE_TIME | 200s |
Push Server max idle time |
ENROLLMENT_SERVER_MTOKEN_ENABLED | true | Publishing of Mobile Token endpoints can be enabled or disabled using this property |
ENROLLMENT_SERVER_ACTIVATION_SPAWN_ENABLED | false | The activation spawn functionality can be enabled or disabled using this property |
ENROLLMENT_SERVER_DATASOURCE_JNDI_NAME | false | |
ENROLLMENT_SERVER_ADMIN_ENABLED | true | The admin API can be enabled or disabled using this property |
ENROLLMENT_SERVER_JPA_CHARSET | utf8 |
|
ENROLLMENT_SERVER_JPA_CHARACTER_ENCODING | utf8 |
|
ENROLLMENT_SERVER_JPA_USE_UNICODE | true | |
ENROLLMENT_SERVER_JPA_LOCK_TIMEOUT | 10000 | Database lock timeout configuration |
ENROLLMENT_SERVER_USER_INFO_PROVIDER | Whether to register minimal claims provider (value MINIMAL ) or REST provider (value REST ) |
|
ENROLLMENT_SERVER_USER_INFO_REST_URL | Base URL of user-info storage. Must be specified if the provider is type of REST |
|
ENROLLMENT_SERVER_USER_INFO_REST_BASIC_ENABLED | false | Whether Basic authentication enabled |
ENROLLMENT_SERVER_USER_INFO_REST_BASIC_USERNAME | Basic authentication username | |
ENROLLMENT_SERVER_USER_INFO_REST_BASIC_PASSWORD | Basic authentication password | |
ENROLLMENT_SERVER_LOGGING |
Please note that under normal circumstanced you are supposed to define only:
POWERAUTH_CLOUD_DATASOURCE_URL=jdbc:postgresql://host.docker.internal:5432/powerauth
POWERAUTH_CLOUD_DATASOURCE_USERNAME=$USERNAME$
POWERAUTH_CLOUD_DATASOURCE_PASSWORD=$PASSWORD$
Consult support if you have some specific request.
Last updated on Jun 12, 2025 (11:34)
View product