forked from mindersec/minder
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathserver-config.yaml.example
123 lines (107 loc) · 3.18 KB
/
server-config.yaml.example
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
#
# Copyright 2023 Stacklok, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# HTTP, gRPC & metrics server configuration
http_server:
host: "127.0.0.1"
port: 8080
grpc_server:
host: "127.0.0.1"
port: 8090
metric_server:
host: "127.0.0.1"
port: 9090
logging:
level: "debug"
format: "json"
#logFile: "/var/log/minder.log"
tracing:
enabled: false
#sample_ratio: 0.1
metrics:
enabled: true
database:
dbhost: "localhost"
dbport: 5432
dbuser: postgres
dbpass: postgres
dbname: minder
sslmode: disable
identity:
server:
issuer_url: http://localhost:8081
issuer_claim: http://localhost:8081/realms/stacklok
client_id: minder-server
client_secret: secret
audience: minder
# Crypto (these should be ultimately stored in a secure vault)
# The token key can be generated with:
# openssl rand -base64 32 > .ssh/token_key_passphrase
auth:
nonce_period: 3600
# Webhook Configuration
# change example.com to an exposed IP / domain
# webhook_secret is set withing the webhook sent to github. Github then signs
# the payload sent to minder and minder verifies.
webhook-config:
external_webhook_url: "https://example.com/api/v1/webhook/github"
external_ping_url: "https://example.com/api/v1/health"
webhook_secret: "your-password"
# previous_webhook_secret_file: ./previous_secrets
# See https://minder-docs.stacklok.dev/run_minder_server/config_oauth for more information on setting these values
github-app:
client_id: "client-id"
client_secret: "client-secret"
redirect_uri: "http://localhost:8080/api/v1/auth/callback/github-app/app" # This needs to match the registered callback URL in the GitHub App
provider:
github-app:
app_name: "app-name"
app_id: 1234
user_id: 1234
private_key: ".secrets/github-app.pem"
events:
driver: go-channel
router_close_timeout: 10
go-channel: {}
authz:
api_url: http://openfga:8080 # Use http://localhost:8082 instead for running minder outside of docker compose
store_name: minder
auth:
# Set to token for production
method: none
# Configuration for the default profile functionality
# Defaults to disabled if not defined
#marketplace:
# enabled: true
# sources:
# - type: tgz
# location: ./bundles/healthcheck.tar.gz
#
#default_profiles:
# enabled: true
# profiles:
# - stacklok-health-check
# bundle:
# namespace: stacklok
# name: healthcheck
# Set key_dir path to /app/.ssh for docker compose and .ssh for running minder outside of docker compose
crypto:
keystore:
type: local
local:
key_dir: "./.ssh"
default:
key_id: token_key_passphrase
email:
minder_url_base: "http://localhost:6463" # Change to the URL of the frontend server