Configuration Properties

You can set the following configurations to the PowerAuth Cloud components:

PowerAuth Server

Environment Variable Default Value Description
POWERAUTH_SERVER_JPA_CHARSET utf8  
POWERAUTH_SERVER_JPA_CHARACTER_ENCODING utf8  
POWERAUTH_SERVER_JPA_USE_UNICODE true  
POWERAUTH_SERVER_JPA_LOCK_TIMEOUT 10000 Database lock timeout configuration
POWERAUTH_SERVER_DATASOURCE_JNDI_NAME false  
POWERAUTH_SERVER_SPRING_JMX_ENABLED false  
POWERAUTH_SERVER_SPRING_JMX_DEFAULT_DOMAIN powerauth-server  
POWERAUTH_SERVER_HTTP_PROXY_ENABLED false  
POWERAUTH_SERVER_HTTP_PROXY_HOST 127.0.0.1 Proxy host
POWERAUTH_SERVER_HTTP_PROXY_PORT 8080 Proxy port
POWERAUTH_SERVER_HTTP_PROXY_USERNAME   Proxy username
POWERAUTH_SERVER_HTTP_PROXY_PASSWORD   Proxy password
POWERAUTH_SERVER_HTTP_CONNECTION_TIMEOUT 5000 Service connect timeout in milliseconds
POWERAUTH_SERVER_TOKEN_TIMESTAMP_VALIDITY 7200000 Token timestamp validity in milliseconds
POWERAUTH_SERVER_RESTRICT_ACCESS false Whether access to the REST API is restricted
POWERAUTH_SERVER_ACTIVATION_VALIDITY_MILLIS 120000 Default expiration period for activations
POWERAUTH_SERVER_RECOVERY_MAX_FAILED_ATTEMPTS 5 Maximum failed attempts for activation recovery
POWERAUTH_SERVER_DB_MASTER_ENCRYPTION_KEY   Master DB encryption key
POWERAUTH_SERVER_SECURE_VAULT_ENABLE_BIOMETRY false Whether biometry is enabled in Secure Vault
POWERAUTH_SERVER_APPLICATION_NAME powerauth-server  
POWERAUTH_SERVER_APPLICATION_DISPLAY_NAME PowerAuth Server  
POWERAUTH_SERVER_APPLICATION_ENVIRONMENT   Application environment exposed in status endpoint
POWERAUTH_SERVER_LOGGING    
POWERAUTH_SERVER_SIGNATURE_MAX_FAILED_ATTEMPTS 5 Maximum failed attempts for signature verification
POWERAUTH_SERVER_PROXIMITY_CHECK_OTP_LENGTH 8 Length of OTP generated for proximity check
POWERAUTH_SERVER_PROXIMITY_CHECK_OTP_STEP_DURATION 30s Time-step duration used for generating and validating TOTP for the proximity check
POWERAUTH_SERVER_PROXIMITY_CHECK_OTP_STEP_COUNT 1 Number of past time-steps used for validating TOTP for the proximity check
POWERAUTH_SERVER_CALLBACKS_DEFAULT_MAX_ATTEMPTS 1 Default maximum number of dispatch attempts for a callback event
POWERAUTH_SERVER_CALLBACKS_DEFAULT_RETENTION_PERIOD 30d Default retention period of a completed callback event before deleting its record from the database table
POWERAUTH_SERVER_CALLBACKS_DEFAULT_INITIAL_BACKOFF 2s Default initial backoff after an unsuccessful attempt to dispatch a callback event
POWERAUTH_SERVER_CALLBACKS_MAX_BACKOFF 32s The maximum allowable backoff period between successive attempts to dispatch a callback event
POWERAUTH_SERVER_CALLBACKS_BACKOFF_MULTIPLIER 1.5 The multiplier used to calculate the backoff period
POWERAUTH_SERVER_CALLBACKS_PENDING_CALLBACK_URL_EVENTS_DISPATCH_LIMIT 100 Maximum number of pending callback events that will be dispatched in a single scheduled job run
POWERAUTH_SERVER_CALLBACKS_THREAD_POOL_CORE_SIZE 1 Number of core threads in the thread pool used by the executor
POWERAUTH_SERVER_CALLBACKS_THREAD_POOL_MAX_SIZE 2 Maximum number of threads in the thread pool used by the executor
POWERAUTH_SERVER_CALLBACKS_THREAD_POOL_QUEUE_CAPACITY 1000 Queue capacity of the thread pool used by the executor
POWERAUTH_SERVER_CALLBACKS_FORCE_RERUN_PERIOD   Time period after which a currently processed callback event is considered stale and should be scheduled to rerun
POWERAUTH_SERVER_CALLBACKS_FAILURE_THRESHOLD 200 The number of consecutive failures allowed for callback events with the same configuration. If set to -1, unlimited number of failures is allowed
POWERAUTH_SERVER_CALLBACKS_FAILURE_RESET_TIMEOUT 60s Time period after which a Callback URL Event will be dispatched, even if failure threshold has been reached
POWERAUTH_SERVER_CALLBACKS_CLIENTS_CACHE_REFRESH_AFTER_WRITE 5m Callback REST clients are cached and automatically evicted if updated through the Callback Management API on a single node. Time-based refreshing mechanism is a fallback in clustered environments

Push Server

Environment Variable Default Value Description
PUSH_SERVER_POWERAUTH_SERVICE_RESPONSE_TIMEOUT 60s PowerAuth REST API response timeout
PUSH_SERVER_POWERAUTH_SERVICE_MAX_IDLE_TIME 200s PowerAuth REST API max idle time
PUSH_SERVER_SECURITY_CLIENT_TOKEN   PowerAuth REST API authentication token
PUSH_SERVER_SECURITY_CLIENT_SECRET   PowerAuth REST API authentication secret / password
PUSH_SERVER_ACCEPT_INVALID_SSL_CERTIFICATE false Whether to accept invalid SSL certificate.
PUSH_SERVER_JPA_CHARSET utf8  
PUSH_SERVER_JPA_CHARACTER_ENCODING utf8  
PUSH_SERVER_JPA_USE_UNICODE true  
PUSH_SERVER_APNS_DEVELOPMENT true Flag indicating that the development instance of APNS service should be used
PUSH_SERVER_APNS_PROXY_ENABLED false Flag indicating if the communication needs to go through proxy
PUSH_SERVER_APNS_PROXY_HOST 127.0.0.1 Proxy host
PUSH_SERVER_APNS_PROXY_PORT 8080 Proxy port
PUSH_SERVER_APNS_PROXY_USERNAME   Proxy username
PUSH_SERVER_APNS_PROXY_PASSWORD   Proxy password
PUSH_SERVER_FCM_PROXY_ENABLED false Flag indicating if the communication needs to go through proxy
PUSH_SERVER_FCM_PROXY_HOST 127.0.0.1 Proxy host
PUSH_SERVER_FCM_PROXY_PORT 8080 Proxy port
PUSH_SERVER_FCM_PROXY_USERNAME   Proxy username
PUSH_SERVER_FCM_PROXY_PASSWORD   Proxy password
PUSH_SERVER_FCM_DATA_NOTIFICATION_ONLY false Flag indicating that FCM service should never use “notification” format, only a data format with extra payload representing the notification
PUSH_SERVER_HMS_PROXY_ENABLED false Flag indicating if the communication needs to go through proxy
PUSH_SERVER_HMS_PROXY_HOST 127.0.0.1 Proxy host
PUSH_SERVER_HMS_PROXY_PORT 8080 Proxy port
PUSH_SERVER_HMS_PROXY_USERNAME   Proxy username
PUSH_SERVER_HMS_PROXY_PASSWORD   Proxy password
PUSH_SERVER_HMS_DATA_NOTIFICATION_ONLY false Flag indicating that HMS service should never use “notification” format, only a data format with extra payload representing the notification
PUSH_SERVER_DATASOURCE_JNDI_NAME false  
PUSH_SERVER_CAMPAIGN_BATCH_SIZE 100000  
PUSH_SERVER_MESSAGE_STORAGE_ENABLED false Whether persistent storing of sent messages is enabled
PUSH_SERVER_REGISTRATION_MULTIPLE_ACTIVATIONS_ENABLED false Whether push registration supports “associated activations”
PUSH_SERVER_SPRING_BATCH_JOB_ENABLED false  
PUSH_SERVER_SPRING_JMX_ENABLED false  
PUSH_SERVER_SPRING_JMX_DEFAULT_DOMAIN powerauth-push-server  
PUSH_SERVER_FCM_CONNECT_TIMEOUT 5000 Push message gateway connect timeout in milliseconds
PUSH_SERVER_APNS_CONNECT_TIMEOUT 5000 Push message gateway connect timeout in milliseconds
PUSH_SERVER_HMS_CONNECT_TIMEOUT 5000 Push message gateway connect timeout in milliseconds
PUSH_SERVER_APPLICATION_NAME powerauth-push-server  
PUSH_SERVER_APPLICATION_DISPLAY_NAME PowerAuth Push Server  
PUSH_SERVER_APPLICATION_ENVIRONMENT   Environment identifier
PUSH_SERVER_LOGGING    

PowerAuth Cloud

Environment Variable Default Value Description
POWERAUTH_CLOUD_POWERAUTH_SERVICE_SECURITY_CLIENT_SECRET   PowerAuth REST API authentication secret / password
POWERAUTH_CLOUD_POWERAUTH_SERVICE_SECURITY_CLIENT_TOKEN   PowerAuth REST API authentication token
POWERAUTH_CLOUD_POWERAUTH_SERVICE_RESPONSE_TIMEOUT 60s PowerAuth REST API response timeout
POWERAUTH_CLOUD_POWERAUTH_SERVICE_MAX_IDLE_TIME 200s PowerAuth REST API max idle time
POWERAUTH_CLOUD_FIDO2_SERVICE_SECURITY_CLIENT_SECRET   PowerAuth FIDO2 API authentication secret / password
POWERAUTH_CLOUD_FIDO2_SERVICE_SECURITY_CLIENT_TOKEN   PowerAuth FIDO2 API authentication token
POWERAUTH_CLOUD_FIDO2_SERVICE_RESPONSE_TIMEOUT 60s PowerAuth FIDO2 API response timeout
POWERAUTH_CLOUD_FIDO2_SERVICE_MAX_IDLE_TIME 200s PowerAuth FIDO2 API max idle time
POWERAUTH_CLOUD_PUSH_SERVER_RESPONSE_TIMEOUT 60s Push Server API response timeout
POWERAUTH_CLOUD_PUSH_SERVER_MAX_IDLE_TIME 200s Push Server API max idle time
POWERAUTH_CLOUD_DATASOURCE_JNDI_NAME false  
POWERAUTH_CLOUD_DATASOURCE_URL jdbc:postgresql://host.docker.internal:5432/powerauth  
POWERAUTH_CLOUD_DATASOURCE_USERNAME $USERNAME$  
POWERAUTH_CLOUD_DATASOURCE_PASSWORD $PASSWORD$  
POWERAUTH_CLOUD_JPA_CHARSET utf8  
POWERAUTH_CLOUD_JPA_CHARACTER_ENCODING utf8  
POWERAUTH_CLOUD_JPA_USE_UNICODE true  
POWERAUTH_CLOUD_JPA_LOCK_TIMEOUT 10000 Database lock timeout configuration
POWERAUTH_CLOUD_LOGGING    
POWERAUTH_CLOUD_SECURITY_AUTH_TYPE BASIC_HTTP BASIC_HTTP for basic HTTP authentication or OIDC for OpenID Connect. If OIDC is enabled, the properties below must be configured.
POWERAUTH_CLOUD_SECURITY_AUTH_OIDC_ROLES_CLAIM   A name of the claim in the JWT that contains the user roles.
POWERAUTH_CLOUD_SECURITY_AUTH_OIDC_ISSUER_URI   URL of the provider, e.g. https://sts.windows.net/example/
POWERAUTH_CLOUD_SECURITY_AUTH_OIDC_AUDIENCES   A comma-separated list of allowed aud JWT claim values to be validated.

Enrollment Server

Environment Variable Default Value Description
ENROLLMENT_SERVER_POWERAUTH_SERVICE_RESPONSE_TIMEOUT 60s PowerAuth REST API response timeout
ENROLLMENT_SERVER_POWERAUTH_SERVICE_MAX_IDLE_TIME 200s PowerAuth REST API max idle time
ENROLLMENT_SERVER_POWERAUTH_SERVICE_SECURITY_CLIENT_SECRET   PowerAuth REST API authentication secret / password
ENROLLMENT_SERVER_POWERAUTH_SERVICE_SECURITY_CLIENT_TOKEN   PowerAuth REST API authentication token
ENROLLMENT_SERVER_PUSH_SERVER_RESPONSE_TIMEOUT 60s Push Server response timeout
ENROLLMENT_SERVER_PUSH_SERVER_MAX_IDLE_TIME 200s Push Server max idle time
ENROLLMENT_SERVER_MTOKEN_ENABLED true Publishing of Mobile Token endpoints can be enabled or disabled using this property
ENROLLMENT_SERVER_ACTIVATION_SPAWN_ENABLED false The activation spawn functionality can be enabled or disabled using this property
ENROLLMENT_SERVER_DATASOURCE_JNDI_NAME false  
ENROLLMENT_SERVER_ADMIN_ENABLED true The admin API can be enabled or disabled using this property
ENROLLMENT_SERVER_JPA_CHARSET utf8  
ENROLLMENT_SERVER_JPA_CHARACTER_ENCODING utf8  
ENROLLMENT_SERVER_JPA_USE_UNICODE true  
ENROLLMENT_SERVER_JPA_LOCK_TIMEOUT 10000 Database lock timeout configuration
ENROLLMENT_SERVER_USER_INFO_PROVIDER   Whether to register minimal claims provider (value MINIMAL) or REST provider (value REST)
ENROLLMENT_SERVER_USER_INFO_REST_URL   Base URL of user-info storage. Must be specified if the provider is type of REST
ENROLLMENT_SERVER_USER_INFO_REST_BASIC_ENABLED false Whether Basic authentication enabled
ENROLLMENT_SERVER_USER_INFO_REST_BASIC_USERNAME   Basic authentication username
ENROLLMENT_SERVER_USER_INFO_REST_BASIC_PASSWORD   Basic authentication password
ENROLLMENT_SERVER_LOGGING    

Please note that under normal circumstanced you are supposed to define only:

POWERAUTH_CLOUD_DATASOURCE_URL=jdbc:postgresql://host.docker.internal:5432/powerauth
POWERAUTH_CLOUD_DATASOURCE_USERNAME=$USERNAME$
POWERAUTH_CLOUD_DATASOURCE_PASSWORD=$PASSWORD$

Consult support if you have some specific request.

Last updated on Jun 12, 2025 (11:34) View product
Search

develop

PowerAuth Cloud