All Config

Configuration property fixed at build time - ️ Configuration property overridable at runtime

AWS Lambda

Type

Default

The handler name. Handler names are specified on handler classes using the @javax.inject.Named annotation. If this name is unspecified and there is exactly one unnamed implementation of com.amazonaws.services.lambda.runtime.RequestHandler then this unnamed handler will be used. If there is only a single named handler and the name is unspecified then the named handler will be used.

string

If true, this will enable the aws event poll loop within a Quarkus test run. This loop normally only runs in native image. This option is strictly for testing purposes.

boolean

false

Agroal - Database connection pool

Type

Default

The datasource driver class name

string

Whether we want to use regular JDBC transactions, XA, or disable all transactional capabilities. When enabling XA you will need a driver implementing javax.sql.XADataSource.

enabled, xa, disabled

enabled

Whether or not an healtcheck is published in case the smallrye-health extension is present (default to true).

boolean

true

The datasource URL

string

The datasource username

string

The datasource password

string

The credentials provider name

string

The credentials provider type. It is the @Named value of the credentials provider bean. It is used to discriminate if multiple CredentialsProvider beans are available. For Vault it is: vault-credentials-provider. Not necessary if there is only one credentials provider available.

string

The initial size of the pool. Usually you will want to set the initial size to match at least the minimal size, but this is not enforced so to allow for architectures which prefer a lazy initialization of the connections on boot, while being able to sustain a minimal pool size after boot.

int

The datasource pool minimum size

int

0

The datasource pool maximum size

int

20

The interval at which we validate idle connections in the background. Set to 0 to disable background validation.

Duration

2M

The timeout before cancelling the acquisition of a new connection

Duration

5

The interval at which we check for connection leaks.

Duration

The interval at which we try to remove idle connections.

Duration

5M

The max lifetime of a connection.

Duration

The transaction isolation level.

undefined, none, read-uncommitted, read-committed, repeatable-read, serializable

Enable datasource metrics collection.

boolean

false

When enabled Agroal will be able to produce a warning when a connection is returned to the pool without the application having closed all open statements. This is unrelated with tracking of open connections. Disable for peak performance, but only when there’s high confidence that no leaks are happening.

boolean

true

Query executed when first using a connection.

string

Additional named datasources

Type

Default

The datasource driver class name

string

Whether we want to use regular JDBC transactions, XA, or disable all transactional capabilities. When enabling XA you will need a driver implementing javax.sql.XADataSource.

enabled, xa, disabled

enabled

string

string

string

string

The credentials provider type. It is the @Named value of the credentials provider bean. It is used to discriminate if multiple CredentialsProvider beans are available. For Vault it is: vault-credentials-provider. Not necessary if there is only one credentials provider available.

string

The initial size of the pool. Usually you will want to set the initial size to match at least the minimal size, but this is not enforced so to allow for architectures which prefer a lazy initialization of the connections on boot, while being able to sustain a minimal pool size after boot.

int

The datasource pool minimum size

int

0

The datasource pool maximum size

int

20

The interval at which we validate idle connections in the background. Set to 0 to disable background validation.

Duration

2M

The timeout before cancelling the acquisition of a new connection

Duration

5

The interval at which we check for connection leaks.

Duration

The interval at which we try to remove idle connections.

Duration

5M

The max lifetime of a connection.

Duration

undefined, none, read-uncommitted, read-committed, repeatable-read, serializable

Enable datasource metrics collection.

boolean

false

When enabled Agroal will be able to produce a warning when a connection is returned to the pool without the application having closed all open statements. This is unrelated with tracking of open connections. Disable for peak performance, but only when there’s high confidence that no leaks are happening.

boolean

true

Query executed when first using a connection.

string

Amazon DynamoDB client

Type

Default

Enable DynamoDB service endpoint discovery.

boolean

false

The endpoint URI with which the SDK should communicate. If not specified, an appropriate endpoint to be used for DynamoDB service and region.

URI

The amount of time to allow the client to complete the execution of an API call. This timeout covers the entire client execution except for marshalling. This includes request handler execution, all HTTP requests including retries, unmarshalling, etc. This value should always be positive, if present.

Duration

The amount of time to wait for the HTTP request to complete before giving up and timing out. This value should always be positive, if present.

Duration

List of execution interceptors that will have access to read and modify the request and response objects as they are processed by the AWS SDK. The list should consists of class names which implements software.amazon.awssdk.core.interceptor.ExecutionInterceptor interface.

list of class name

required

An Amazon Web Services region that hosts DynamoDB.

It overrides region provider chain with static value of region with which the DynamoDB client should communicate.

If not set, region is retrieved via the default providers chain in the following order:

  • aws.region system property

  • region property from the profile file

  • Instance profile file

See software.amazon.awssdk.regions.Region for available regions.

Region

Configure the credentials provider that should be used to authenticate with AWS.

Available values:

  • default - the provider will attempt to identify the credentials automatically using the following checks:

    • Java System Properties - aws.accessKeyId and aws.secretKey

    • Environment Variables - AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY

    • Credential profiles file at the default location (~/.aws/credentials) shared by all AWS SDKs and the AWS CLI

    • Credentials delivered through the Amazon EC2 container service if AWS_CONTAINER_CREDENTIALS_RELATIVE_URI environment variable is set and security manager has permission to access the variable.

    • Instance profile credentials delivered through the Amazon EC2 metadata service

  • static - the provider that uses the access key and secret access key specified in the tatic-provider section of the config.

  • system-property - it loads credentials from the aws.accessKeyId, aws.secretAccessKey and aws.sessionToken system properties.

  • env-variable - it loads credentials from the AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY and AWS_SESSION_TOKEN environment variables.

  • profile - credentials are based on AWS configuration profiles. This loads credentials from a profile file, allowing you to share multiple sets of AWS security credentials between different tools like the AWS SDK for Java and the AWS CLI.

  • container - It loads credentials from a local metadata service. Containers currently supported by the AWS SDK are Amazon Elastic Container Service (ECS) and AWS Greengrass

  • instance-profile - It loads credentials from the Amazon EC2 Instance Metadata Service.

  • process - Credentials are loaded from an external process. This is used to support the credential_process setting in the profile credentials file. See Sourcing Credentials From External Processes for more information.

  • anonymous - It always returns anonymous AWS credentials. Anonymous AWS credentials result in un-authenticated requests and will fail unless the resource or API’s policy has been configured to specifically allow anonymous access.

default, static, system-property, env-variable, profile, container, instance-profile, process, anonymous

default

Whether this provider should fetch credentials asynchronously in the background. If this is true, threads are less likely to block, but additional resources are used to maintain the provider.

boolean

false

Whether the provider should reuse the last successful credentials provider in the chain. Reusing the last successful credentials provider will typically return credentials faster than searching through the chain.

boolean

true

string

required

string

required

The name of the profile that should be used by this credentials provider. If not specified, the value in AWS_PROFILE environment variable or aws.profile system property is used and defaults to default name.

string

Whether the provider should fetch credentials asynchronously in the background. If this is true, threads are less likely to block when credentials are loaded, but additional resources are used to maintain the provider.

boolean

false

The amount of time between when the credentials expire and when the credentials should start to be refreshed. This allows the credentials to be refreshed before they are reported to expire.

Duration

15S

The maximum size of the output that can be returned by the external process before an exception is raised.

MemorySize

1024

The command that should be executed to retrieve credentials.

string

required

Type of the sync HTTP client implementation

url, apache

url

The maximum amount of time to establish a connection before timing out.

Duration

2S

The amount of time to wait for data to be transferred over an established, open connection before the connection is timed out.

Duration

30S

The amount of time to wait when acquiring a connection from the pool before giving up and timing out.

Duration

10S

The maximum amount of time that a connection should be allowed to remain open while idle.

Duration

60S

The maximum amount of time that a connection should be allowed to remain open, regardless of usage frequency.

Duration

The maximum number of connections allowed in the connection pool. Each built HTTP client has its own private connection pool.

int

50

Whether the client should send an HTTP expect-continue handshake before each request.

boolean

true

Whether the idle connections in the connection pool should be closed asynchronously. When enabled, connections left idling for longer than quarkus.dynamodb.sync-client.connection-max-idle-time will be closed. This will not close connections currently in use.

boolean

true

boolean

false

The endpoint of the proxy server that the SDK should connect through. Currently, the endpoint is limited to a host and port. Any other URI components will result in an exception being raised.

URI

required

The username to use when connecting through a proxy.

string

The password to use when connecting through a proxy.

string

For NTLM proxies - the Windows domain name to use when authenticating with the proxy.

string

For NTLM proxies - the Windows workstation name to use when authenticating with the proxy.

string

Whether to attempt to authenticate preemptively against the proxy server using basic authentication.

boolean

The hosts that the client is allowed to access without going through the proxy.

list of string

required

TLS managers provider type.

Available providers:

  • none - Use this provider if you don’t want the client to present any certificates to the remote TLS host.

  • system-property - Provider checks the standard javax.net.ssl.keyStore, javax.net.ssl.keyStorePassword, and javax.net.ssl.keyStoreType properties defined by the JSSE.

  • file-store - Provider that loads a the key store from a file.

none, system-property, file-store

system-property

path

required

Key store type. See the KeyStore section in the Java Cryptography Architecture Standard Algorithm Name Documentation for information about standard keystore types.

string

required

string

required

The maximum number of allowed concurrent requests. For HTTP/1.1 this is the same as max connections. For HTTP/2 the number of connections that will be used depends on the max streams allowed per connection.

int

50

The maximum number of pending acquires allowed. Once this exceeds, acquire tries will be failed.

int

10000

The amount of time to wait for a read on a socket before an exception is thrown. Specify 0 to disable.

Duration

30S

The amount of time to wait for a write on a socket before an exception is thrown. Specify 0 to disable.

Duration

30S

The amount of time to wait when initially establishing a connection before giving up and timing out.

Duration

10S

The amount of time to wait when acquiring a connection from the pool before giving up and timing out.

Duration

2S

The maximum amount of time that a connection should be allowed to remain open, regardless of usage frequency.

Duration

The maximum amount of time that a connection should be allowed to remain open while idle. Currently has no effect if quarkus.dynamodb.async-client.use-idle-connection-reaper is false.

Duration

60S

Whether the idle connections in the connection pool should be closed. When enabled, connections left idling for longer than quarkus.dynamodb.async-client.connection-max-idle-time will be closed. This will not close connections currently in use.

boolean

true

The HTTP protocol to use.

http1-1, http2

http1-1

The maximum number of concurrent streams for an HTTP/2 connection. This setting is only respected when the HTTP/2 protocol is used. 0 means unlimited.

int

0

The SSL Provider to be used in the Netty client. Default is OPENSSL if available, JDK otherwise.

jdk, openssl, openssl-refcnt

boolean

false

The endpoint of the proxy server that the SDK should connect through. Currently, the endpoint is limited to a host and port. Any other URI components will result in an exception being raised.

URI

required

The hosts that the client is allowed to access without going through the proxy.

list of string

required

TLS managers provider type.

Available providers:

  • none - Use this provider if you don’t want the client to present any certificates to the remote TLS host.

  • system-property - Provider checks the standard javax.net.ssl.keyStore, javax.net.ssl.keyStorePassword, and javax.net.ssl.keyStoreType properties defined by the JSSE.

  • file-store - Provider that loads a the key store from a file.

none, system-property, file-store

system-property

path

required

Key store type. See the KeyStore section in the Java Cryptography Architecture Standard Algorithm Name Documentation for information about standard keystore types.

string

required

string

required

Enable the custom configuration of the Netty event loop group.

boolean

false

Number of threads to use for the event loop group. If not set, the default Netty thread count is used (which is double the number of available processors unless the io.netty.eventLoopThreads system property is set.

int

The thread name prefix for threads created by this thread factory used by event loop group. The prefix will be appended with a number unique to the thread factory and a number unique to the thread. If not specified it defaults to aws-java-sdk-NettyEventLoop

string

Apache Kafka Streams

Type

Default

A unique identifier for this Kafka Streams application.

string

required

A comma-separated list of host:port pairs identifying the Kafka bootstrap server(s)

list of host:port

localhost:9012

A unique identifier of this application instance, typically in the form host:port.

string

A comma-separated list of topic names. The pipeline will only be started once all these topics are present in the Kafka cluster.

list of string

required

Apache Tika

Type

Default

The resource path within the application artifact to the tika-config.xml file.

string

Comma separated list of the parsers which must be supported. Most of the document formats recognized by Apache Tika are supported by default but it affects the application memory and native executable sizes. One can list only the required parsers in tika-config.xml to minimize a number of parsers loaded into the memory, but using this property is recommended to achieve both optimizations. Either the abbreviated or full parser class names can be used. At the moment only PDF parser can be listed using a reserved 'pdf' abbreviation. Custom class name abbreviations have to be used for all other parsers. For example: // Only PDF parser is required: tika-parsers = pdf // Only PDF and Java class parsers are required: tika-parsers = pdf,classparser classparser = org.apache.tika.parser.asm.ClassParser This property will have no effect if the `tikaConfigPath' property has been set.

string

Controls how the content of the embedded documents is parsed. By default it is appended to the master document content. Setting this property to false makes the content of each of the embedded documents available separately.

boolean

true

ArC

Type

Default

  • If set to all (or true) the container will attempt to remove all unused beans.

  • If set to none (or false) no beans will ever be removed even if they are unused (according to the criteria set out below)

  • If set to fwk, then all unused beans will be removed, except the unused beans whose classes are declared in the application code

    An unused bean:
    - is not a built-in bean or interceptor,
    - is not eligible for injection to any injection point,
    - is not excluded by any extension,
    - does not have a name,
    - does not declare an observer,
    - does not declare any producer which is eligible for injection to any injection point,
    - is not directly eligible for injection into any `javax.enterprise.inject.Instance` injection point

string

all

If set to true @Inject is automatically added to all non-static fields that are annotated with one of the annotations defined by AutoInjectAnnotationBuildItem.

boolean

true

Artemis Core

Type

Default

Artemis connection url

string

required

Username for authentication, only used with JMS

string

Password for authentication, only used with JMS

string

Eclipse Vert.x - Core

Type

Default

Enables or disables the Vert.x cache.

boolean

true

Enables or disabled the Vert.x classpath resource resolver.

boolean

true

The number of event loops. 2 x the number of core by default.

int

The maximum amount of time the event loop can be blocked. Default is 2s.

Duration

The amount of time before a warning is displayed if the event loop is blocked.

Duration

2

The size of the worker thread pool.

int

20

The maximum amount of time the worker thread can be blocked. Default is 10s.

Duration

The size of the internal thread pool (used for the file system).

int

20

Enables the async DNS resolver.

boolean

false

Comma-separated list of the path to the key files (Pem format).

string

Comma-separated list of the path to the certificate files (Pem format).

string

Path of the key file (JKS format).

string

string

Path to the key file (PFX format)

string

string

Comma-separated list of the trust certificate files (Pem format).

string

Path of the key file (JKS format).

string

string

Path to the key file (PFX format)

string

string

int

The client authentication.

string

NONE

Duration

60

The idle timeout in milliseconds.

Duration

int

The number of reconnection attempts.

int

0

The reconnection interval in milliseconds.

Duration

1

Whether or not to reuse the address.

boolean

true

Whether or not to reuse the port.

boolean

false

int

int

Enables or Disabled SSL.

boolean

false

Whether or not to keep the TCP connection opened (keep-alive).

boolean

false

Configure the TCP no delay.

boolean

true

Configure the traffic class.

int

Enables or disables the trust all parameter.

boolean

false

string

localhost

int

The public host name.

string

int

Enables or disables the clustering.

boolean

false

Duration

20

Duration

20

Eclipse Vert.x - HTTP

Type

Default

The HTTP root path. All web content will be served relative to this root path.

string

/

If basic auth should be enabled. If both basic and form auth is enabled then basic auth will be enabled in silent mode. If no authentication mechanisms are configured basic auth is the default, unless an io.quarkus.security.identity.IdentityProvider is present that supports io.quarkus.security.identity.request.TokenAuthenticationRequest in which case form auth will be the default.

boolean

false

If form authentication is enabled

boolean

false

string

/login.html

string

/error.html

The landing page to redirect to if there is no saved page to redirect back to

string

required

The inactivity timeout

Duration

PT30M

How old a cookie can get before it will be replaced with a new cookie with an updated timeout. Not that smaller values will result in slightly more server load (as new encrypted cookies will be generated more often), however larger values affect the inactivity timeout as the timeout is set when a cookie is generated. For example if this is set to 10 minutes, and the inactivity timeout is 30m, if a users last request is when the cookie is 9m old then the actual timeout will happen 21m after the last request, as the timeout is only refreshed when a new cookie is generated.

Duration

PT1M

The cookie that is used to store the persistent session

string

quarkus-credential

The authentication realm

string

Quarkus

Enable the CORS filter.

boolean

false

The HTTP port

int

8080

The HTTP port used to run tests

int

8081

The HTTP host

string

0.0.0.0

The HTTPS port

int

8443

The HTTPS port used to run tests

int

8444

Origins allowed for CORS Comma separated list of valid URLs. ex: http://www.quarkus.io,http://localhost:3000 The filter allows any origin if this is not set. default: returns any requested origin as valid

list of string

required

HTTP methods allowed for CORS Comma separated list of valid methods. ex: GET,PUT,POST The filter allows any method if this is not set. default: returns any requested method as valid

list of options, get, head, post, put, delete, trace, connect, patch, other

required

HTTP headers allowed for CORS Comma separated list of valid headers. ex: X-Custom,Content-Disposition The filter allows any header if this is not set. default: returns any requested header as valid

list of string

required

HTTP headers exposed in CORS Comma separated list of valid headers. ex: X-Custom,Content-Disposition default: empty

list of string

required

The Access-Control-Max-Age response header value indicating how long the results of a pre-flight request can be cached.

Duration

The file path to a server certificate or certificate chain in PEM format.

path

The file path to the corresponding certificate private key file in PEM format.

path

An optional key store which holds the certificate information instead of specifying separate files.

path

An optional parameter to specify type of the key store file. If not given, the type is automatically detected based on the file name.

string

A parameter to specify the password of the key store file. If not given, the default ("password") is used.

string

password

The cipher suites to use. If none is given, a reasonable default is selected.

list of string

required

The list of protocols to explicitly enable.

list of string

TLSv1.3,TLSv1.2

The number if IO threads used to perform IO. This will be automatically set to a reasonable value based on the number of CPU cores if it is not provided. If this is set to a higher value than the number of Vert.x event loops then it will be capped at the number of event loops. In general this should be controlled by setting quarkus.vertx.event-loops-pool-size, this setting should only be used if you want to limit the number of HTTP io threads to a smaller number than the total number of IO threads.

int

If this is true then only a virtual channel will be set up for vertx web. We have this switch for testing purposes.

boolean

false

The the maximum length of all headers.

MemorySize

20K

The maximum size of a request body. Default: no limit.

MemorySize

Whether the files sent using multipart/form-data will be stored locally. If true, they will be stored in quarkus.http.body-handler.uploads-directory and will be made available via io.vertx.ext.web.RoutingContext.fileUploads(). Otherwise, the the files sent using multipart/form-data will not be stored locally, and io.vertx.ext.web.RoutingContext.fileUploads() will always return an empty collection. Note that even with this option being set to false, the multipart/form-data requests will be accepted.

boolean

true

The directory where the files sent using multipart/form-data should be stored. Either an absolute path or a path relative to the current directory of the application process.

string

file-uploads

Whether the form attributes should be added to the request parameters. If true, the form attributes will be added to the request parameters; otherwise the form parameters will not be added to the request parameters

boolean

true

Whether the uploaded files should be removed after serving the request. If true the uploaded files stored in quarkus.http.body-handler.uploads-directory will be removed after handling the request. Otherwise the files will be left there forever.

boolean

false

Whether the body buffer should pre-allocated based on the Content-Length header value. If true the body buffer is pre-allocated according to the size read from the Content-Length header. Otherwise the body buffer is pre-allocated to 1KB, and is resized dynamically

boolean

false

The encryption key that is used to store persistent logins (e.g. for form auth). Logins are stored in a persistent cookie that is encrypted with AES-256 using a key derived from a SHA-256 hash of the key that is provided here. If no key is provided then an in-memory one will be generated, this will change on every restart though so it is not suitable for production environments. This must be more than 16 characters long for security reasons

string

required

The HTTP policy that this permission set is linked to. There are 3 built in policies: permit, deny and authenticated. Role based policies can be defined, and extensions can add their own policies.

string

required

The methods that this permission set applies to. If this is not set then they apply to all methods. Note that if a request matches any path from any permission set, but does not match the constraint due to the method not being listed then the request will be denied. Method specific permissions take precedence over matches that do not have any methods set. This means that for example if Quarkus is configured to allow GET and POST requests to /admin to and no other permissions are configured PUT requests to /admin will be denied.

list of string

required

The paths that this permission check applies to. If the path ends in /* then this is treated as a path prefix, otherwise it is treated as an exact match. Matches are done on a length basis, so the most specific path match takes precedence. If multiple permission sets match the same path then explicit methods matches take precedence over over matches without methods set, otherwise the most restrictive permissions are applied.

list of string

required

The roles that are allowed to access resources protected by this policy

list of string

required

Elytron Security JDBC Realm

Type

Default

string

Quarkus

If the properties store is enabled.

boolean

false

The sql query to find the password

string

required

string

boolean

false

The index (1 based numbering) of the column containing the clear password

int

1

boolean

false

The index (1 based numbering) of the column containing the password hash

int

0

A string referencing the password hash encoding ("BASE64" or "HEX")

base64, hex

BASE64

The index (1 based numbering) of the column containing the Bcrypt salt

int

0

A string referencing the salt encoding ("BASE64" or "HEX")

base64, hex

BASE64

The index (1 based numbering) of the column containing the Bcrypt iteration count

int

0

int

0

string

required

string

required

string

int

0

string

required

boolean

false

The index (1 based numbering) of the column containing the clear password

int

1

boolean

false

The index (1 based numbering) of the column containing the password hash

int

0

A string referencing the password hash encoding ("BASE64" or "HEX")

base64, hex

BASE64

The index (1 based numbering) of the column containing the Bcrypt salt

int

0

base64, hex

BASE64

The index (1 based numbering) of the column containing the Bcrypt iteration count

int

0

Elytron Security OAuth 2.0

Type

Default

Determine if the OAuth2 extension is enabled. Enabled by default if you include the elytron-security-oauth2 dependency, so this would be used to disable it.

boolean

true

The OAuth2 client id used to validate the token.

string

required

The OAuth2 client secret used to validate the token.

string

required

The OAuth2 introspection endpoint URL used to validate the token and gather the authentication claims.

string

required

The OAuth2 server certificate file. Warning: this is not supported in native mode where the certificate must be included in the truststore used during the native image generation, see Using SSL With Native Executables.

string

The claim that is used in the introspection endpoint response to load the roles.

string

scope

Flyway

Type

Default

Comma-separated list of locations to scan recursively for migrations. The location type is determined by its prefix. Unprefixed locations or locations starting with classpath: point to a package on the classpath and may contain both SQL and Java-based migrations. Locations starting with filesystem: point to a directory on the filesystem, may only contain SQL migrations and are only scanned recursively down non-hidden directories.

list of string

required

The maximum number of retries when attempting to connect to the database. After each failed attempt, Flyway will wait 1 second before attempting to connect again, up to the maximum number of times specified by connectRetries.

int

Comma-separated case-sensitive list of schemas managed by Flyway. The first schema in the list will be automatically set as the default one during the migration. It will also be the one containing the schema history table.

list of string

required

The name of Flyway’s schema history table. By default (single-schema mode) the schema history table is placed in the default schema for the connection provided by the datasource. When the flyway.schemas property is set (multi-schema mode), the schema history table is placed in the first schema of the list.

string

The file name prefix for versioned SQL migrations. Versioned SQL migrations have the following file name structure: prefixVERSIONseparatorDESCRIPTIONsuffix , which using the defaults translates to V1.1__My_description.sql

string

The file name prefix for repeatable SQL migrations. Repeatable SQL migrations have the following file name structure: prefixSeparatorDESCRIPTIONsuffix , which using the defaults translates to R__My_description.sql

string

true to execute Flyway automatically when the application starts, false otherwise.

boolean

false

Enable the creation of the history table if it does not exist already.

boolean

false

The initial baseline version.

string

The description to tag an existing schema with when executing baseline.

string

Hibernate ORM

Type

Default

Class name of the Hibernate ORM dialect. The complete list of bundled dialects is available in the Hibernate ORM JavaDoc.

Not all the dialects are supported in GraalVM native executables: we currently provide driver extensions for PostgreSQL, MariaDB, Microsoft SQL Server and H2.

string

The storage engine to use when the dialect supports multiple storage engines.

E.g. MyISAM or InnoDB for MySQL.

string

Name of the file containing the SQL statements to execute when Hibernate ORM starts. Its default value differs depending on the Quarkus launch mode:

  • In dev and test modes, it defaults to import.sql. Simply add an import.sql file in the root of your resources directory and it will be picked up without having to set this property. Pass no-file to force Hibernate ORM to ignore the SQL import file.

  • In production mode, it defaults to no-file. It means Hibernate ORM won’t try to execute any SQL import file by default. Pass an explicit value to force Hibernate ORM to execute the SQL import file.

If you need different SQL statements between dev mode, test (@QuarkusTest) and in production, use Quarkus configuration profiles facility.

application.properties
%dev.quarkus.hibernate-orm.sql-load-script = import-dev.sql
%test.quarkus.hibernate-orm.sql-load-script = import-test.sql
%prod.quarkus.hibernate-orm.sql-load-script = no-file

Quarkus supports .sql file with SQL statements or comments spread over multiple lines. Each SQL statement must be terminated by a semicolon.

string

import.sql (DEV,TEST)

The size of the batches used when loading entities and collections.

-1 means batch loading is disabled. This is the default.

int

-1

Whether statistics collection is enabled.

boolean

false

Query related configuration

Type

Default

The maximum size of the query plan cache.

string

Default precedence of null values in ORDER BY clauses.

Valid values are: none, first, last.

string

Database related configuration

Type

Default

Select whether the database schema is generated or not. drop-and-create is awesome in development mode. Accepted values: none, create, drop-and-create, drop, update.

string

none

Whether we should stop on the first error when applying the schema.

boolean

false

The default catalog to use for the database objects.

string

The default schema to use for the database objects.

string

The charset of the database.

string

JDBC related configuration

Type

Default

The time zone pushed to the JDBC driver.

string

How many rows are fetched at a time by the JDBC driver.

int

The number of updates (inserts, updates and deletes) that are sent by the JDBC driver at one time for execution.

int

Logging configuration

Type

Default

Show SQL logs and format them nicely. Setting it to true is obviously not recommended in production.

boolean

false

Whether JDBC warnings should be collected and logged.

boolean

depends on dialect

Caching configuration

Type

Default

The maximum time before an object of the cache is considered expired.

Duration

The maximum number of objects kept in memory in the cache.

long

Hibernate Search + Elasticsearch

Type

Default

The version of Elasticsearch used in the cluster. As the schema is generated without a connection to the server, this item is mandatory. It doesn’t have to be the exact version (it can be 7 or 7.1 for instance) but it has to be sufficiently precise to choose a model dialect (the one used to generate the schema) compatible with the protocol dialect (the one used to communicate with Elasticsearch). There’s no rule of thumb here as it depends on the schema incompatibilities introduced by Elasticsearch versions. In any case, if there is a problem, you will have an error when Hibernate Search tries to connect to the cluster.

ElasticsearchVersion

The class or the name of the bean used to configure full text analysis (e.g. analyzers, normalizers).

class name

If not using the default backend configuration, the name of the default backend that is part of the additional-backends.

string

The class or the name of the bean that should be notified of any failure occurring in a background process (mainly index operations). Must implement org.hibernate.search.engine.reporting.FailureHandler.

class name

The list of hosts of the Elasticsearch servers.

list of string

required

The username used for authentication.

string

The password used for authentication.

string

Duration

The maximum number of connections to all the Elasticsearch servers.

int

The maximum number of connections per Elasticsearch server.

int

Defines if automatic discovery is enabled.

boolean

Duration

The scheme that should be used for the new nodes discovered.

string

The strategy used for index lifecycle. Must be one of: none, validate, update, create, drop-and-create or drop-and-create-and-drop.

none, validate, update, create, drop-and-create, drop-and-create-and-drop

The minimal cluster status required. Must be one of: green, yellow, red.

green, yellow, red

How long we should wait for the status before failing the bootstrap.

Duration

The strategy to use when loading entities during the execution of a search query. Can be either one of "skip", "persistence-context" or "persistence-context-then-second-level-cache". Defaults to "skip".

skip, persistence-context, persistence-context-then-second-level-cache

The fetch size to use when loading entities during the execution of a search query.

int

100

The synchronization strategy to use when indexing automatically. Defines the status for which you wait before considering the operation completed by Hibernate Search. Can be either one of "queued", "committed" or "searchable". Using "searchable" is recommended in unit tests. Defaults to "committed".

queued, committed, searchable

Whether to check if dirty properties are relevant to indexing before actually reindexing an entity. When enabled, re-indexing of an entity is skipped if the only changes are on properties that are not used when indexing.

boolean

The strategy used for index lifecycle. Must be one of: none, validate, update, create, drop-and-create or drop-and-create-and-drop.

none, validate, update, create, drop-and-create, drop-and-create-and-drop

The minimal cluster status required. Must be one of: green, yellow, red.

green, yellow, red

How long we should wait for the status before failing the bootstrap.

Duration

Additional backends

Type

Default

The version of Elasticsearch used in the cluster. As the schema is generated without a connection to the server, this item is mandatory. It doesn’t have to be the exact version (it can be 7 or 7.1 for instance) but it has to be sufficiently precise to choose a model dialect (the one used to generate the schema) compatible with the protocol dialect (the one used to communicate with Elasticsearch). There’s no rule of thumb here as it depends on the schema incompatibilities introduced by Elasticsearch versions. In any case, if there is a problem, you will have an error when Hibernate Search tries to connect to the cluster.

ElasticsearchVersion

The class or the name of the bean used to configure full text analysis (e.g. analyzers, normalizers).

class name

The list of hosts of the Elasticsearch servers.

list of string

required

string

string

Duration

The maximum number of connections to all the Elasticsearch servers.

int

The maximum number of connections per Elasticsearch server.

int

boolean

Duration

The scheme that should be used for the new nodes discovered.

string

The strategy used for index lifecycle. Must be one of: none, validate, update, create, drop-and-create or drop-and-create-and-drop.

none, validate, update, create, drop-and-create, drop-and-create-and-drop

The minimal cluster status required. Must be one of: green, yellow, red.

green, yellow, red

Duration

The strategy used for index lifecycle. Must be one of: none, validate, update, create, drop-and-create or drop-and-create-and-drop.

none, validate, update, create, drop-and-create, drop-and-create-and-drop

The minimal cluster status required. Must be one of: green, yellow, red.

green, yellow, red

Duration

Infinispan Client

Type

Default

Sets the bounded entry count for near cache. If this value is 0 or less near cache is disabled.

int

0

Sets the host name/port to connect to. Each one is separated by a semicolon (eg. host1:11222;host2:11222).

string

Sets client intelligence used by authentication

string

Enables or disables authentication

string

Sets user name used by authentication

string

Sets password used by authentication

string

Sets realm used by authentication

string

Sets server name used by authentication

string

Sets client subject used by authentication

string

Sets callback handler used by authentication

string

Sets SASL mechanism used by authentication

string

Infinispan Embedded

Type

Default

The configured Infinispan embeddex xml file which is used by the managed EmbeddedCacheManager and its Caches

string

Jaeger

Type

Default

Defines if the Jaeger extension is enabled.

boolean

true

The traces endpoint, in case the client should connect directly to the Collector, like http://jaeger-collector:14268/api/traces

URI

Authentication Token to send as "Bearer" to the endpoint

string

Username to send as part of "Basic" authentication to the endpoint

string

Password to send as part of "Basic" authentication to the endpoint

string

The hostname and port for communicating with agent via UDP

host:port

Whether the reporter should also log the spans

boolean

The reporter’s maximum queue size

int

The reporter’s flush interval

Duration

The sampler type (const, probabilistic, ratelimiting or remote)

string

The sampler parameter (number)

BigDecimal

The host name and port when using the remote controlled sampler

host:port

The service name

string

A comma separated list of name = value tracer level tags, which get added to all reported spans. The value can also refer to an environment variable using the format ${envVarName:default}, where the :default is optional, and identifies a value to be used if the environment variable cannot be found

string

Comma separated list of formats to use for propagating the trace context. Defaults to the standard Jaeger format. Valid values are jaeger and b3

string

The sender factory class name

string

Keycloak Authorization

Type

Default

Adapters will make separate HTTP invocations to the Keycloak server to turn an access code into an access token. This config option defines how many connections to the Keycloak server should be pooled

int

20

Enables policy enforcement.

boolean

false

Specifies how policies are enforced.

string

ENFORCING

Defines the time in milliseconds when the entry should be expired

int

1000

Defines the limit of entries that should be kept in the cache

long

30000

Specifies how the adapter should fetch the server for resources associated with paths in your application. If true, the policy enforcer is going to fetch resources on-demand accordingly with the path being requested

boolean

true

Specifies how scopes should be mapped to HTTP methods. If set to true, the policy enforcer will use the HTTP method from the current request to check whether or not access should be granted

boolean

false

The name of a resource on the server that is to be associated with a given path

string

A URI relative to the application’s context path that should be protected by the policy enforcer

string

string

required

An array of strings with the scopes associated with the method

list of string

required

A string referencing the enforcement mode for the scopes associated with a method

all, any, disabled

ALL

permissive, enforcing, disabled

ENFORCING

Map<String,Map<String,Map<String,String>>>

required

Map<String,Map<String,String>>

required

Map<String,Map<String,Map<String,String>>>

required

Map<String,Map<String,String>>

required

Kubernetes Client

Type

Default

Whether or not the client should trust a self signed certificate if so presented by the API server

boolean

false

URL of the Kubernetes API server

string

Default namespace to use

string

string

string

string

string

string

string

string

string

Kubernetes auth username

string

Kubernetes auth password

string

Duration

PT1S

Maximum reconnect attempts in case of watch failure By default there is no limit to the number of reconnect attempts

int

-1

Maximum amount of time to wait for a connection with the API server to be established

Duration

PT10S

Maximum amount of time to wait for a request to the API server to be completed

Duration

PT10S

Maximum amount of time in milliseconds to wait for a rollout to be completed

Duration

PT15M

HTTP proxy used to access the Kubernetes API server

string

HTTPS proxy used to access the Kubernetes API server

string

string

string

IP addresses or hosts to exclude from proxying

list of java.util.Optional<java.lang.String>

required

Mailer

Type

Default

Configure the default from attribute. It’s the sender email address.

string

Enables the mock mode, not sending emails. The content of the emails is printed on the console. Disabled by default on PROD, enabled by default on DEV and TEST modes.

boolean

Configures the default bounce email address.

string

The SMTP host name.

string

localhost

The SMTP port.

int

The username.

string

The password.

string

Enables or disables the SSL on connect. false by default.

boolean

false

Set whether to trust all certificates on ssl connect the option is also applied to STARTTLS operation. false by default.

boolean

false

Configures the maximum allowed number of open connections to the mail server If not set the default is 10.

int

The hostname to be used for HELO/EHLO and the Message-ID

string

Set if connection pool is enabled, true by default. If the connection pooling is disabled, the max number of sockets is enforced nevertheless.

boolean

true

Disable ESMTP. false by default. The RFC-1869 states that clients should always attempt EHLO as first command to determine if ESMTP is supported, if this returns an error code, HELO is tried to use the regular SMTP command.

boolean

false

Set the TLS security mode for the connection. Either DISABLED, OPTIONAL or REQUIRED.

string

Set the login mode for the connection. Either DISABLED, OPTIONAL or REQUIRED

string

Set the allowed auth methods. If defined, only these methods will be used, if the server supports them.

string

Set the key store.

string

Set the key store password.

string

MongoDB client

Type

Default

Configures the connection string. The format is: mongodb://[username:password@]host1[:port1][,host2[:port2],…​[,hostN[:portN]]][/[database.collection][?options]] mongodb:// is a required prefix to identify that this is a string in the standard connection format. username:password@ are optional. If given, the driver will attempt to login to a database after connecting to a database server. For some authentication mechanisms, only the username is specified and the password is not, in which case the ":" after the username is left off as well. host1 is the only required part of the connection string. It identifies a server address to connect to. :portX is optional and defaults to :27017 if not provided. /database is the name of the database to login to and thus is only relevant if the username:password@ syntax is used. If not specified the admin database will be used by default. ?options are connection options. Note that if database is absent there is still a / required between the last host and the ? introducing the options. Options are name=value pairs and the pairs are separated by "&". An alternative format, using the mongodb+srv protocol, is: mongodb+srv://[username:password@]host[/[database][?options]] - mongodb+srv:// is a required prefix for this format. - username:password@ are optional. If given, the driver will attempt to login to a database after connecting to a database server. For some authentication mechanisms, only the username is specified and the password is not, in which case the ":" after the username is left off as well - host is the only required part of the URI. It identifies a single host name for which SRV records are looked up from a Domain Name Server after prefixing the host name with "_mongodb._tcp". The host/port for each SRV record becomes the seed list used to connect, as if each one were provided as host/port pair in a URI using the normal mongodb protocol. - /database is the name of the database to login to and thus is only relevant if the username:password@ syntax is used. If not specified the "admin" database will be used by default. - ?options are connection options. Note that if database is absent there is still a / required between the last host and the ? introducing the options. Options are name=value pairs and the pairs are separated by "&". Additionally with the mongodb+srv protocol, TXT records are looked up from a Domain Name Server for the given host, and the text value of each one is prepended to any options on the URI itself. Because the last specified value for any option wins, that means that options provided on the URI will override any that are provided via TXT records.

string

Configures the Mongo server addressed (one if single mode). The addressed are passed as host:port.

list of string

required

Configure the database name.

string

Configures the application name.

string

Configures the maximum number of connections in the connection pool.

int

Configures the minimum number of connections in the connection pool.

int

Maximum idle time of a pooled connection. A connection that exceeds this limit will be closed.

Duration

Maximum life time of a pooled connection. A connection that exceeds this limit will be closed.

Duration

The maximum wait time that a thread may wait for a connection to become available.

Duration

Configures the time period between runs of the maintenance job.

Duration

Configures period of time to wait before running the first maintenance job on the connection pool.

Duration

This multiplier, multiplied with the maxPoolSize setting, gives the maximum number of threads that may be waiting for a connection to become available from the pool. All further threads will get an exception right away.

int

How long a connection can take to be opened before timing out.

Duration

How long a send or receive on a socket can take before timing out.

Duration

If connecting with TLS, this option enables insecure TLS connections.

boolean

false

Whether to connect using TLS.

boolean

false

Implies that the hosts given are a seed list, and the driver will attempt to find all members of the set.

string

How long the driver will wait for server selection to succeed before throwing an exception.

Duration

When choosing among multiple MongoDB servers to send a request, the driver will only send that request to a server whose ping time is less than or equal to the server with the fastest ping time plus the local threshold.

Duration

The frequency that the driver will attempt to determine the current state of each server in the cluster.

Duration

Configures the read preferences. Supported values are: primary|primaryPreferred|secondary|secondaryPreferred|nearest

string

Configures the maximum number of concurrent operations allowed to wait for a server to become available. All further operations will get an exception immediately.

int

Write concern

Type

Default

Configures the safety. If set to true: the driver ensures that all writes are acknowledged by the MongoDB server, or else throws an exception. (see also w and wtimeoutMS). If set fo - false: the driver does not ensure that all writes are acknowledged by the MongoDB server.

boolean

true

Configures the journal writing aspect. If set to true: the driver waits for the server to group commit to the journal file on disk. If set to false: the driver does not wait for the server to group commit to the journal file on disk.

boolean

true

When set, the driver adds w: wValue to all write commands. It requires safe to be true. The value is typically a number, but can also be the majority string.

string

If set to true, the driver will retry supported write operations if they fail due to a network error.

boolean

false

When set, the driver adds wtimeout : ms to all write commands. It requires safe to be true.

Duration

Credentials and authentication mechanism

Type

Default

Configures the username.

string

Configures the password.

string

Configures the authentication mechanism to use if a credential was supplied. The default is unspecified, in which case the client will pick the most secure mechanism available based on the sever version. For the GSSAPI and MONGODB-X509 mechanisms, no password is accepted, only the username. Supported values: MONGO-CR|GSSAPI|PLAIN|MONGODB-X509

string

Configures the source of the authentication credentials. This is typically the database that the credentials have been created. The value defaults to the database specified in the path portion of the connection string or in the 'database' configuration property.. If the database is specified in neither place, the default value is admin. This option is only respected when using the MONGO-CR mechanism (the default).

string

Allows passing authentication mechanism properties.

Map<String,String>

required

Narayana JTA - Transaction manager

Type

Default

The node name used by the transaction manager

string

quarkus

The XA node name used by the transaction manager

string

Duration

60

Neo4j client

Type

Default

The uri this driver should connect to. The driver supports bolt, bolt+routing or neo4j as schemes.

string

bolt://localhost:7687

Authentication

Type

Default

The login of the user connecting to the database.

string

neo4j

The password of the user connecting to the database.

string

neo4j

Set this to true to disable authentication.

boolean

false

Connection pool

Type

Default

Flag, if metrics are enabled.

boolean

false

Flag, if leaked sessions logging is enabled.

boolean

false

The maximum amount of connections in the connection pool towards a single database.

int

100

Pooled connections that have been idle in the pool for longer than this timeout will be tested before they are used again. The value 0 means connections will always be tested for validity and negative values mean connections will never be tested.

Duration

-0.001S

Pooled connections older than this threshold will be closed and removed from the pool.

Duration

1H

Acquisition of new connections will be attempted for at most configured timeout.

Duration

1M

OpenID Connect

Type

Default

If the OIDC extension is enabled.

boolean

true

The base URL of the OpenID Connect (OIDC) server, for example, 'https://host:port/auth'. All the other OIDC server page and service URLs are derived from this URL. Note if you work with Keycloak OIDC server, make sure the base URL is in the following format: 'https://host:port/auth/realms/{realm}' where '{realm}' has to be replaced by the name of the Keycloak realm.

string

required

Relative path of the RFC7662 introspection service.

string

Relative path of the OIDC service returning a JWK set.

string

Public key for the local JWT token verification.

string

The client-id of the application. Each application has a client-id that is used to identify the application

string

The maximum amount of time the adapter will try connecting to the currently unavailable OIDC server for. For example, setting it to '20S' will let the adapter keep requesting the connection for up to 20 seconds.

Duration

Path to the claim containing an array of groups. It starts from the top level JWT JSON object and can contain multiple segments where each segment represents a JSON object name only, example: "realm/groups". This property can be used if a token has no 'groups' claim but has the groups set in a different claim.

string

Separator for splitting a string which may contain multiple group values. It will only be used if the "role-claim-path" property points to a custom claim whose value is a string. A single space will be used by default because the standard 'scope' claim may contain a space separated sequence.

string

string

Defines a fixed list of scopes which should be added to authorization requests when authenticating users using the Authorization Code Grant Type.

list of string

required

The application type, which can be one of the following values from enum ApplicationType..

web-app, service

service

Properties File based Security

Type

Default

Property Files Realm Configuration

Type

Default

The realm name. This is used when generating a hashed password

string

Quarkus

Determine whether security via the file realm is enabled.

boolean

false

If the properties are stored in plain text. If this is false (the default) then it is expected that the passwords are of the form HEX( MD5( username ":" realm ":" password ) )

boolean

false

Classpath resource name of properties file containing user to password mappings. See Users.properties.

string

users.properties

Classpath resource name of properties file containing user to role mappings. See Roles.properties.

string

roles.properties

Embedded Realm Configuration

Type

Default

The realm name. This is used when generating a hashed password

string

Quarkus

If the properties are stored in plain text. If this is false (the default) then it is expected that the passwords are of the form HEX( MD5( username ":" realm ":" password ) )

boolean

false

Determine whether security via the embedded realm is enabled.

boolean

false

The realm users user1=password\nuser2=password2…​ mapping. See Embedded Users.

Map<String,String>

none

The realm roles user1=role1,role2,…​\nuser2=role1,role2,…​ mapping See Embedded Roles.

Map<String,String>

none

Quarkus - Core

Type

Default

The requested output type. The default built in types are jar and native

string

jar

If the java runner should be packed as an uberjar

boolean

false

If the Implementation information should be included in the runner jar’s MANIFEST.MF.

boolean

true

The entry point of the application. In most cases this should not be modified.

string

io.quarkus.runner.GeneratedMain

Files that should not be copied to the output artifact

list of string

required

The suffix that is applied to the runner jar and native images

string

-runner

The name of the application. If not set, defaults to the name of the project.

string

required

The version of the application. If not set, defaults to the version of the project

string

required

Enable native SSL support.

boolean

Additional arguments to pass to the build process

list of string

required

If the HTTP url handler should be enabled, allowing you to do URL.openConnection() for HTTP URLs

boolean

true

If the HTTPS url handler should be enabled, allowing you to do URL.openConnection() for HTTPS URLs

boolean

false

If all security services should be added to the native image

boolean

false

If JNI should be enabled

boolean

false

If all character sets should be added to the native image. This increases image size

boolean

false

The location of the Graal distribution

string

${GRAALVM_HOME:}

The location of the JDK

File

${java.home}

The default maximum old generation size of the native image

string

If debug symbols should be included

boolean

false

If the native image build should wait for a debugger to be attached before running. This is an advanced option and is generally only intended for those familiar with Substrate internals

boolean

false

If the debug port should be published when building with docker and debug-build-process is true

boolean

true

If the native image server should be restarted

boolean

false

This will report on the size of the retained heap after image build

boolean

false

This enables reporting of the code size of the native image

boolean

false

If isolates should be enabled

boolean

true

If a JVM based 'fallback image' should be created if native image fails. This is not recommended, as this is functionally the same as just running the application in a JVM

boolean

false

If the native image server should be used. This can speed up compilation but can result in changes not always being picked up due to cache invalidation not working 100%

boolean

false

If all META-INF/services entries should be automatically registered

boolean

false

If the bytecode of all proxies should be dumped for inspection

boolean

false

If this build should be done using a container runtime. If this is set docker will be used by default, unless container-runtime is also set.

boolean

false

The docker image to use to do the image build

string

quay.io/quarkus/ubi-quarkus-native-image:19.2.1

The container runtime (e.g. docker) that is used to do an image based build. If this is set then a container build is always done.

string

required

Options to pass to the container runtime

list of string

required

If the resulting image should allow VM introspection

boolean

false

If full stack traces are enabled in the resulting image

boolean

true

If reporting on call paths should be enabled

boolean

false

If exceptions should be reported with a full stack trace

boolean

true

If errors should be reported at runtime. This is a more relaxed setting, however it is not recommended as it means your application may fail at runtime if an unsupported feature is used by accident.

boolean

false

Paths of library to load.

list of string

required

Enable JNI support.

boolean

false

The default log level

Level

The default minimum log level

Level

INFO

The core thread pool size. This number of threads will always be kept alive.

int

1

The maximum number of threads. If this is not specified then it will be automatically sized to 8 * the number of available processors

int

The queue size. For most applications this should be unbounded

int

The executor growth resistance. A resistance factor applied after the core pool is full; values applied here will cause that fraction of submissions to create new threads when no idle thread is available. A value of 0.0f implies that threads beyond the core size should be created as aggressively as threads within it; a value of 1.0f implies that threads beyond the core size should never be created.

float

0

The shutdown timeout. If all pending work has not been completed by this time then additional threads will be spawned to attempt to finish any pending tasks, and the shutdown process will continue

Duration

1M

The amount of time to wait for thread pool shutdown before tasks should be interrupted. If this value is greater than or equal to the value for shutdown-timeout, then tasks will not be interrupted before the shutdown timeout occurs.

Duration

10

The frequency at which the status of the thread pool should be checked during shutdown. Information about waiting tasks and threads will be checked and possibly logged at this interval. Setting this key to an empty value disables the shutdown check interval.

Duration

5

The amount of time a thread will stay alive with no work.

Duration

30

The maven groupId of the artifact to index

string

required

The maven artifactId of the artifact to index

string

required

The maven classifier of the artifact to index

string

required

Logging categories

Type

Default

The minimum level that this category can be set to

string

inherit

The log level level for this category

string

inherit

Console logging

Type

Default

If console logging should be enabled

boolean

true

string

%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c{3.}] (%t) %s%e%n

The console log level

Level

ALL

If the console logging should be in color. If undefined quarkus takes best guess based on operating system and environment.

boolean

Specify how much the colors should be darkened

int

0

Indicates whether to log asynchronously

boolean

false

The queue length to use before flushing writing

int

512

Determine whether to block the publisher (rather than drop the message) when the queue is full

block, discard

block

File logging

Type

Default

If file logging should be enabled

boolean

false

The log format

string

%d{yyyy-MM-dd HH:mm:ss,SSS} %h %N[%i] %-5p [%c{3.}] (%t) %s%e%n

The level of logs to be written into the file.

Level

ALL

The name of the file in which logs will be written.

File

quarkus.log

Indicates whether to log asynchronously

boolean

false

The queue length to use before flushing writing

int

512

Determine whether to block the publisher (rather than drop the message) when the queue is full

block, discard

block

The maximum file size of the log file after which a rotation is executed.

MemorySize

The maximum number of backups to keep.

int

1

File handler rotation file suffix. Example fileSuffix: .yyyy-MM-dd

string

Indicates whether to rotate log files on server initialization.

boolean

true

Syslog logging

Type

Default

If syslog logging should be enabled

boolean

false

The IP address and port of the syslog server

host:port

localhost:514

The app name used when formatting the message in RFC5424 format

string

The name of the host the messages are being sent from

string

Sets the facility used when calculating the priority of the message as defined by RFC-5424 and RFC-3164

kernel, user-level, mail-system, system-daemons, security, syslogd, line-printer, network-news, uucp, clock-daemon, security2, ftp-daemon, ntp, log-audit, log-alert, clock-daemon2, local-use-0, local-use-1, local-use-2, local-use-3, local-use-4, local-use-5, local-use-6, local-use-7

user-level

Set the SyslogType syslog type this handler should use to format the message sent

rfc5424, rfc3164

rfc5424

Sets the protocol used to connect to the syslog server

tcp, udp, ssl-tcp

tcp

Set to true if the message being sent should be prefixed with the size of the message

boolean

false

Set to true if the message should be truncated

boolean

true

Enables or disables blocking when attempting to reconnect a org.jboss.logmanager.handlers.SyslogHandler.Protocol#TCP TCP or org.jboss.logmanager.handlers.SyslogHandler.Protocol#SSL_TCP SSL TCP protocol

boolean

false

The log message format

string

%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c{3.}] (%t) %s%e%n

The log level specifying, which message levels will be logged by syslog logger

Level

ALL

Indicates whether to log asynchronously

boolean

false

The queue length to use before flushing writing

int

512

Determine whether to block the publisher (rather than drop the message) when the queue is full

block, discard

block

Log cleanup filters - internal use

Type

Default

The message starts to match

list of string

inherit

RESTEasy JAX-RS

Type

Default

if set to true, access to all JAX-RS resources will be denied by default

boolean

false

RESTEasy JAX-RS Common

Type

Default

If gzip is enabled

boolean

false

Maximum deflated file bytes size If the limit is exceeded, Resteasy will return Response with status 413("Request Entity Too Large")

MemorySize

10M

RESTEasy Server Common

Type

Default

If this is true then JAX-RS will use only a single instance of a resource class to service all requests. If this is false then it will create a new instance of the resource per request. If the resource class has an explicit CDI scope annotation then the value of this annotation will always be used to control the lifecycle of the resource class. IMPLEMENTATION NOTE: javax.ws.rs.Path turns into a CDI stereotype with singleton scope. As a result, if a user annotates a JAX-RS resource with a stereotype which has a different default scope the deployment fails with IllegalStateException.

boolean

true

Set this to override the default path for JAX-RS resources if there are no annotated application classes.

string

/

Reactive MySQL client

Type

Default

The datasource URL.

string

The datasource username.

string

The datasource password.

string

The datasource pool maximum size.

int

Whether prepared statements should be cached on the client side.

boolean

Charset for connections.

string

Collation for connections.

string

Reactive PostgreSQL client

Type

Default

Whether prepared statements should be cached on the client side.

boolean

The maximum number of inflight database commands that can be pipelined.

int

The datasource URL.

string

The datasource username.

string

The datasource password.

string

The datasource pool maximum size.

int

Security

Type

Default

List of security providers to enable for reflection

list of string

required

If set to true, access to all methods of beans that have any security annotations on other members will be denied by default. E.g. if enabled, in the following bean, methodB will be denied. `@`ApplicationScoped public class A { `@`RolesAllowed("admin") public void methodA() { …​ } public void methodB() { …​ } }

boolean

false

SmallRye Health

Type

Default

Root path for health-checking servlets.

string

/health

The relative path of the liveness health-checking servlet.

string

/live

The relative path of the readiness health-checking servlet.

string

/ready

Whether or not extensions published health check should be enabled.

boolean

true

SmallRye JWT

Type

Default

The MP-JWT configuration object

boolean

true

The name of the java.security.Provider that supports SHA256withRSA signatures

string

SunRsaSign

SmallRye Metrics

Type

Default

The path to the metrics handler.

string

/metrics

SmallRye OpenAPI

Type

Default

The path at which to register the OpenAPI Servlet.

string

/openapi

Swagger UI

Type

Default

The path of the swagger-ui servlet. The value / is not allowed as it blocks the application from serving anything else.

string

/swagger-ui

If this should be included every time. By default this is only included when the application is running in dev mode.

boolean

false

Undertow Servlet

Type

Default

The context path to serve all Servlet context from. This will also affect any resources that run as a Servlet, e.g. JAX-RS. Note that this is relative to the HTTP root path set in quarkus.http.root-path, so if the context path is /bar and the http root is /foo then the actual Servlet path will be /foo/bar.

string

The buffer size to use for Servlet. If this is not specified the default will depend on the amount of available memory. If there is less than 64mb it will default to 512b heap buffer, less that 128mb 1k direct buffer and otherwise 16k direct buffers.

MemorySize

If Servlet should use direct buffers, this gives maximum performance but can be problematic in memory constrained environments

boolean

Undertow WebSockets

Type

Default

string

required

string

required

Vault

Type

Default

Vault server url. Example: https://localhost:8200

URL

Vault token, bypassing Vault authentication (kubernetes, userpass or approle). This is useful in development where an authentication mode might not have been set up. In production we will usually prefer some authentication such as userpass, or preferably kubernetes, where Vault tokens get generated with a TTL and some ability to revoke them.

string

Role Id for AppRole auth method. This property is required when selecting the app-role authentication type.

string

Secret Id for AppRole auth method. This property is required when selecting the app-role authentication type.

string

User for userpass auth method. This property is required when selecting the userpass authentication type.

string

Password for userpass auth method. This property is required when selecting the userpass authentication type.

string

Kubernetes authentication role that has been created in Vault to associate Vault policies, with Kubernetes service accounts and/or Kubernetes namespaces. This property is required when selecting the Kubernetes authentication type.

string

Location of the file containing the Kubernetes JWT token to authenticate against in Kubernetes authentication mode.

string

/var/run/secrets/kubernetes.io/serviceaccount/token

Renew grace period duration. This value if used to extend a lease before it expires its ttl, or recreate a new lease before the current lease reaches its max_ttl. By default Vault leaseDuration is equal to 7 days (ie: 168h or 604800s). If a connection pool maxLifetime is set, it is reasonable to set the renewGracePeriod to be greater than the maxLifetime, so that we are sure we get a chance to renew leases before we reach the ttl. In any case you need to make sure there will be attempts to fetch secrets within the renewGracePeriod, because that is when the renewals will happen. This particularly important for db dynamic secrets because if the lease reaches its ttl or max_ttl, the password of the db user will become invalid and it will be not longer possible to log in. This value should also be smaller than the ttl, otherwise that would mean that we would try to recreate leases all the time.

Duration

1H

Vault config source cache period. Properties fetched from vault as MP config will be kept in a cache, and will not be fetched from vault again until the expiration of that period. This property is ignored if secret-config-kv-path is not set.

Duration

10M

Vault path in kv store, where all properties will be available as MP config.

string

Used to hide confidential infos, for logging in particular. Possible values are: - low: display all secrets. medium: display only usernames and lease ids (ie: passwords and tokens are masked). high: hide lease ids and dynamic credentials username.

low, medium, high

medium

int

1

string

secret

Allows to bypass certificate validation on TLS communications. If true this will allow TLS communications with Vault, without checking the validity of the certificate presented by Vault. This is discouraged in production because it allows man in the middle type of attacks.

boolean

false

Certificate bundle used to validate TLS communications with Vault. The path to a pem bundle file, if TLS is required, and trusted certificates are not set through javax.net.ssl.trustStore system property.

string

If true and Vault authentication type is kubernetes, TLS will be active and the cacert path will be set to /var/run/secrets/kubernetes.io/serviceaccount/ca.crt. If set, this setting will take precedence over property quarkus.vault.tls.ca-cert. This means that if Vault authentication type is kubernetes and we want to use quarkus.vault.tls.ca-cert or system property javax.net.ssl.trustStore, then this property should be set to false.

boolean

true

Timeout to establish a connection with Vault.

Duration

5S

Request timeout on Vault.

Duration

1S

Database credentials role, as defined by https://www.vaultproject.io/docs/secrets/databases/index.html One of database-credentials-role or kv-path needs to be defined. not both.

string

A path in vault kv store, where we will find the kv-key. One of database-credentials-role or kv-path needs to be defined. not both. see https://www.vaultproject.io/docs/secrets/kv/index.html

string

Key name to search in vault path kv-path. The value for that key is the credential. kv-key should not be defined if kv-path is not. see https://www.vaultproject.io/docs/secrets/kv/index.html

string

password

About the Duration format

The format for durations uses the standard java.time.Duration format. You can learn more about it in the Duration#parse() javadoc.

You can also provide duration values starting with a number. In this case, if the value consists only of a number, the converter treats the value as seconds. Otherwise, PT is implicitly prepended to the value to obtain a standard java.time.Duration format.

About the MemorySize format

A size configuration option recognises string in this format (shown as a regular expression): [0-9]+[KkMmGgTtPpEeZzYy]?. If no suffix is given, assume bytes.