Solace Schema Registry Configuration Reference

This section provides a comprehensive reference for all configuration options available for Solace Schema Registry. These configuration options can be set as environment variables in your deployment.

Database Configuration

The following environment variables configure the database connection for Solace Schema Registry:

Environment Variable Kubernetes Configuration Key Type Description

Environment Variable	Kubernetes Configuration Key	Type	Description
`REGISTRY_DATASOURCE_URL`	N/A	String	JDBC URL for the PostgreSQL database connection. If you provide an override, Solace Schema Registry does not provision PostgreSQL or any related resources. For Kubernetes, this value is automatically configured.
`REGISTRY_DATASOURCE_USERNAME`	`bootstrap.initdb.user`	String	The username for database authentication. This is required for cloud deployments.
`REGISTRY_DATASOURCE_PASSWORD`	`bootstrap.initdb.secret`	String	The password for database authentication.

REGISTRY_DATASOURCE_URL

N/A

String

JDBC URL for the PostgreSQL database connection. If you provide an override, Solace Schema Registry does not provision PostgreSQL or any related resources.

For Kubernetes, this value is automatically configured.

REGISTRY_DATASOURCE_USERNAME

bootstrap.initdb.user

String

The username for database authentication. This is required for cloud deployments.

REGISTRY_DATASOURCE_PASSWORD

bootstrap.initdb.secret

String

The password for database authentication.

External Identity Provider (OIDC) Configuration

The following environment variables configure external OIDC authentication. These settings are mutually exclusive with internal IdP configuration:

Environment Variable	Kubernetes Configuration Key	Type	Description
`REGISTRY_OIDC_AUTH_SERVER_URL`	`externalIdp.oidcAuthServerUrl`	String	Base URL of the OIDC authentication server. If you provide an override, Solace Schema Registry does not provision PostgreSQL or any related resources.
`REGISTRY_OIDC_TOKEN_PATH`	N/A	String	Path to the OIDC token endpoint. This is mutually exclusive with any internal IdP configuration.
`REGISTRY_OIDC_CLIENT_ID`	`externalIdp.clientId`	String	OIDC client identifier. Required for external OIDC authentication.
`REGISTRY_OIDC_CLIENT_SECRET`	N/A	String	OIDC client secret for authentication. Keep this value secure.
`REGISTRY_OIDC_REDIRECT_URI`	N/A	String	URI where the OIDC provider redirects after authentication. This value must match the redirect URI configured in your OIDC provider. For Kubernetes deployments, this redirect URI is automatically generated. You must add it to your Azure AD application’s list of authorized redirect URIs.
`REGISTRY_OIDC_ROLE_CLAIM_KEY`	N/A	String	Claim key used for role-based authorization. The default value is typically `groups`.

Internal Identity Provider Configuration

The following environment variables configure the internal identity provider. These settings only apply when not using external OIDC authentication:

Environment Variable	Kubernetes Configuration Key	Type	Description	Default Value
`DEVELOPER_PASSWORD`	`idp.developerPassword`	String	Password for developer-level access to the registry.	`devPassword`
`READONLY_PASSWORD`	`idp.readonlyPassword`	String	Password for read-only access to the registry.	`roPassword`

The DEVELOPER_PASSWORD and READONLY_PASSWORD variables only apply for the internal IdP and are mutually exclusive with external OIDC configuration.

Deployment & Network Configuration

The following environment variables configure network settings, ports, and service addresses for Solace Schema Registry deployment:

Environment Variable	Kubernetes Configuration Key	Type	Description	Default Value
`PROTOCOL`	N/A	String	Protocol used for communication with the registry. For Kubernetes, this value is `https` by default.	`http`
`REGISTRY_UI_HOST_PORT`	`ui.service.port`	Integer	Port on which the web UI runs.	`8888`
`REGISTRY_UI_ADDRESS`	N/A	String	Full address to access the web interface. For Kubernetes, this value is automatically configured.	`localhost:8888`
`REGISTRY_API_HOST_HTTP_PORT`	`backend.service.port`	Integer	Port on which the registry API service runs.	`8081`
`REGISTRY_API_ADDRESS`	N/A	String	Full address for API calls to the registry. For Kubernetes, this value is automatically configured.	`localhost:8081`

Internal Identity Provider Configuration

The following environment variables configure the internal identity provider for internal authentication and API security:

Environment Variable	Kubernetes Configuration Key	Type	Description	Default Value
`API_SECRET`	`idp.apiSecret`	String	Secret key used to secure API communications with the registry.	`apiSecret`
`IDP_HOST_PORT`	`idp.service.port`	Integer	Port on which the identity provider service runs.	`3000`
`IDP_ADDRESS`	N/A	String	Full address of the identity provider service. For Kubernetes, this value is automatically configured.	`localhost:3000`
`IDP_KEY`	`idp.registryIdpKey`	String	Authentication key for the identity provider.	`<pre-generated key>`

Role-based Authorization Configuration

The following environment variables define role-based access control settings to manage user permissions within Solace Schema Registry:

Environment Variable	Kubernetes Configuration Key	Type	Description	Default Value
`ROLE_BASED_AUTHZ_ENABLED`	`externalIdp.enabled`	Boolean	Enables role-based authorization.	`true`
`ROLE_BASED_AUTHZ_SOURCE`	`backend.registryOidcRoleClaimKey`	String	Source of role information for authorization.	`token`
`REGISTRY_AUTH_ROLES_DEVELOPER`	`externalIdp.authRolesDeveloper`	String	Role name for developer access.	`sr-developer`
`REGISTRY_AUTH_ROLES_READONLY`	`externalIdp.authRolesReadonly`	String	Role name for read-only access.	`sr-readonly`

Provide feedback