Solace Schema Registry Configuration Reference

This section provides a comprehensive reference for all configuration options available for Solace Schema Registry. These configuration options can be set as environment variables in your deployment.

Database Configuration

The following environment variables configure the database connection for Solace Schema Registry:

Environment Variable Kubernetes Configuration Key Type Description

REGISTRY_DATASOURCE_URL

N/A

String

JDBC URL for the PostgreSQL database connection. If you provide an override, Solace Schema Registry does not provision PostgreSQL or any related resources.

For Kubernetes, this value is automatically configured.

REGISTRY_DATASOURCE_USERNAME

bootstrap.initdb.user

String

The username for database authentication. This is required for cloud deployments.

REGISTRY_DATASOURCE_PASSWORD

bootstrap.initdb.secret

String

The password for database authentication.

External Identity Provider (OIDC) Configuration

The following environment variables configure external OIDC authentication. These settings are mutually exclusive with internal IdP configuration:

Environment Variable Kubernetes Configuration Key Type Description

REGISTRY_OIDC_AUTH_SERVER_URL

externalIdp.oidcAuthServerUrl

String

Base URL of the OIDC authentication server. If you provide an override, Solace Schema Registry does not provision PostgreSQL or any related resources.

REGISTRY_OIDC_TOKEN_PATH

N/A

String

Path to the OIDC token endpoint. This is mutually exclusive with any internal IdP configuration.

REGISTRY_OIDC_CLIENT_ID

externalIdp.clientId

String

OIDC client identifier. Required for external OIDC authentication.

REGISTRY_OIDC_CLIENT_SECRET

N/A

String

OIDC client secret for authentication. Keep this value secure.

REGISTRY_OIDC_REDIRECT_URI

N/A

String

URI where the OIDC provider redirects after authentication. This value must match the redirect URI configured in your OIDC provider.

For Kubernetes deployments, this redirect URI is automatically generated. You must add it to your Azure AD application’s list of authorized redirect URIs.

REGISTRY_OIDC_ROLE_CLAIM_KEY

N/A

String

Claim key used for role-based authorization. The default value is typically groups.

Internal Identity Provider Configuration

The following environment variables configure the internal identity provider. These settings only apply when not using external OIDC authentication:

Environment Variable Kubernetes Configuration Key Type Description Default Value

DEVELOPER_PASSWORD

idp.developerPassword

String

Password for developer-level access to the registry.

devPassword

READONLY_PASSWORD

idp.readonlyPassword

String

Password for read-only access to the registry.

roPassword

The DEVELOPER_PASSWORD and READONLY_PASSWORD variables only apply for the internal IdP and are mutually exclusive with external OIDC configuration.

Deployment & Network Configuration

The following environment variables configure network settings, ports, and service addresses for Solace Schema Registry deployment:

Environment Variable Kubernetes Configuration Key Type Description Default Value

PROTOCOL

N/A

String

Protocol used for communication with the registry.

For Kubernetes, this value is https by default.

http

REGISTRY_UI_HOST_PORT

ui.service.port

Integer

Port on which the web UI runs.

8888

REGISTRY_UI_ADDRESS

N/A

String

Full address to access the web interface.

For Kubernetes, this value is automatically configured.

localhost:8888

REGISTRY_API_HOST_HTTP_PORT

backend.service.port

Integer

Port on which the registry API service runs.

8081

REGISTRY_API_ADDRESS

N/A

String

Full address for API calls to the registry.

For Kubernetes, this value is automatically configured.

localhost:8081

Internal Identity Provider Configuration

The following environment variables configure the internal identity provider for internal authentication and API security:

Environment Variable Kubernetes Configuration Key Type Description Default Value

API_SECRET

idp.apiSecret

String

Secret key used to secure API communications with the registry.

apiSecret

IDP_HOST_PORT

idp.service.port

Integer

Port on which the identity provider service runs.

3000

IDP_ADDRESS

N/A

String

Full address of the identity provider service.

For Kubernetes, this value is automatically configured.

localhost:3000

IDP_KEY

idp.registryIdpKey

String

Authentication key for the identity provider.

<pre-generated key>

Role-based Authorization Configuration

The following environment variables define role-based access control settings to manage user permissions within Solace Schema Registry:

Environment Variable Kubernetes Configuration Key Type Description Default Value

ROLE_BASED_AUTHZ_ENABLED

externalIdp.enabled

Boolean

Enables role-based authorization.

true

ROLE_BASED_AUTHZ_SOURCE

backend.registryOidcRoleClaimKey

String

Source of role information for authorization.

token

REGISTRY_AUTH_ROLES_DEVELOPER

externalIdp.authRolesDeveloper

String

Role name for developer access.

sr-developer

REGISTRY_AUTH_ROLES_READONLY

externalIdp.authRolesReadonly

String

Role name for read-only access.

sr-readonly