58 lines
1.6 KiB
TOML
58 lines
1.6 KiB
TOML
# IAM Server Configuration Example
|
|
#
|
|
# Copy this file to iam.toml and adjust the settings.
|
|
#
|
|
# Admin API protection:
|
|
# Set environment variable IAM_ADMIN_TOKEN (or PHOTON_IAM_ADMIN_TOKEN) to
|
|
# require an admin token for all IamAdminService gRPC calls.
|
|
|
|
[server]
|
|
# Listen address
|
|
addr = "0.0.0.0:50051"
|
|
|
|
# TLS configuration (optional)
|
|
# [server.tls]
|
|
# cert_file = "/etc/iam/certs/server.crt"
|
|
# key_file = "/etc/iam/certs/server.key"
|
|
# ca_file = "/etc/iam/certs/ca.crt"
|
|
# require_client_cert = false
|
|
|
|
[store]
|
|
# Backend type: "flaredb", "postgres", "sqlite", or "memory" (memory is test/dev only)
|
|
backend = "flaredb"
|
|
|
|
# FlareDB backend configuration
|
|
flaredb_endpoint = "127.0.0.1:2479"
|
|
flaredb_namespace = "iam"
|
|
|
|
# SQL backend configuration (required when backend is "postgres" or "sqlite")
|
|
# database_url = "postgres://iam:secret@127.0.0.1:5432/iam"
|
|
# SQLite is supported only in single-node mode
|
|
# single_node = true
|
|
|
|
[cluster]
|
|
# ChainFire endpoint for cluster coordination only
|
|
# chainfire_endpoint = "http://localhost:2379"
|
|
|
|
[authn]
|
|
# JWT/OIDC configuration (optional)
|
|
# [authn.jwt]
|
|
# jwks_url = "https://auth.example.com/.well-known/jwks.json"
|
|
# issuer = "https://auth.example.com"
|
|
# audience = "iam"
|
|
# jwks_cache_ttl_seconds = 3600
|
|
|
|
# Internal token configuration
|
|
[authn.internal_token]
|
|
# Signing key for internal tokens
|
|
# IMPORTANT: Change this to a secure random value in production!
|
|
signing_key = "change-this-to-a-secure-random-value-in-production"
|
|
issuer = "iam"
|
|
default_ttl_seconds = 3600 # 1 hour
|
|
max_ttl_seconds = 604800 # 7 days
|
|
|
|
[logging]
|
|
# Log level: "trace", "debug", "info", "warn", "error"
|
|
level = "info"
|
|
# Log format: "text" or "json"
|
|
format = "text"
|