Quarkus - All configuration options

Configuration property fixed at build time - All other configuration properties are overridable at runtime

AWS Lambda

Type

Default

The handler name. Handler names are specified on handler classes using the @javax.inject.Named annotation. If this name is unspecified and there is exactly one unnamed implementation of com.amazonaws.services.lambda.runtime.RequestHandler then this unnamed handler will be used. If there is only a single named handler and the name is unspecified then the named handler will be used.

string

Agroal - Database connection pool

Type

Default

If we create a JDBC datasource for this datasource.

boolean

true

The datasource driver class name

string

Whether we want to use regular JDBC transactions, XA, or disable all transactional capabilities. When enabling XA you will need a driver implementing javax.sql.XADataSource.

enabled, xa, disabled

enabled

Enable datasource metrics collection. If unspecified, collecting metrics will be enabled by default if the smallrye-metrics extension is active.

boolean

The datasource URL

string

The initial size of the pool. Usually you will want to set the initial size to match at least the minimal size, but this is not enforced so to allow for architectures which prefer a lazy initialization of the connections on boot, while being able to sustain a minimal pool size after boot.

int

The datasource pool minimum size

int

0

The datasource pool maximum size

int

20

The interval at which we validate idle connections in the background. Set to 0 to disable background validation.

Duration

2M

The timeout before cancelling the acquisition of a new connection

Duration

5

The interval at which we check for connection leaks.

Duration

The interval at which we try to remove idle connections.

Duration

5M

The max lifetime of a connection.

Duration

The transaction isolation level.

undefined, none, read-uncommitted, read-committed, repeatable-read, serializable

When enabled Agroal will be able to produce a warning when a connection is returned to the pool without the application having closed all open statements. This is unrelated with tracking of open connections. Disable for peak performance, but only when there’s high confidence that no leaks are happening.

boolean

true

Query executed when first using a connection.

string

Query executed to validate a connection.

string

Disable pooling to prevent reuse of Connections. Use this with when an external pool manages the life-cycle of Connections.

boolean

true

Additional named datasources

Type

Default

If we create a JDBC datasource for this datasource.

boolean

true

The datasource driver class name

string

Whether we want to use regular JDBC transactions, XA, or disable all transactional capabilities. When enabling XA you will need a driver implementing javax.sql.XADataSource.

enabled, xa, disabled

enabled

Enable datasource metrics collection. If unspecified, collecting metrics will be enabled by default if the smallrye-metrics extension is active.

boolean

string

The initial size of the pool. Usually you will want to set the initial size to match at least the minimal size, but this is not enforced so to allow for architectures which prefer a lazy initialization of the connections on boot, while being able to sustain a minimal pool size after boot.

int

The datasource pool minimum size

int

0

The datasource pool maximum size

int

20

The interval at which we validate idle connections in the background. Set to 0 to disable background validation.

Duration

2M

The timeout before cancelling the acquisition of a new connection

Duration

5

The interval at which we check for connection leaks.

Duration

The interval at which we try to remove idle connections.

Duration

5M

The max lifetime of a connection.

Duration

undefined, none, read-uncommitted, read-committed, repeatable-read, serializable

When enabled Agroal will be able to produce a warning when a connection is returned to the pool without the application having closed all open statements. This is unrelated with tracking of open connections. Disable for peak performance, but only when there’s high confidence that no leaks are happening.

boolean

true

Query executed when first using a connection.

string

Query executed to validate a connection.

string

Disable pooling to prevent reuse of Connections. Use this with when an external pool manages the life-cycle of Connections.

boolean

true

Amazon DynamoDB

Type

Default

List of execution interceptors that will have access to read and modify the request and response objects as they are processed by the AWS SDK. The list should consists of class names which implements software.amazon.awssdk.core.interceptor.ExecutionInterceptor interface.

list of class name

Type of the sync HTTP client implementation

url, apache

url

Enable DynamoDB service endpoint discovery.

boolean

false

AWS SDK client configurations

Type

Default

The endpoint URI with which the SDK should communicate. If not specified, an appropriate endpoint to be used for the given service and region.

URI

The amount of time to allow the client to complete the execution of an API call. This timeout covers the entire client execution except for marshalling. This includes request handler execution, all HTTP requests including retries, unmarshalling, etc. This value should always be positive, if present.

Duration

The amount of time to wait for the HTTP request to complete before giving up and timing out. This value should always be positive, if present.

Duration

AWS services configurations

Type

Default

An Amazon Web Services region that hosts the given service.

It overrides region provider chain with static value of region with which the service client should communicate.

If not set, region is retrieved via the default providers chain in the following order:

  • aws.region system property

  • region property from the profile file

  • Instance profile file

See software.amazon.awssdk.regions.Region for available regions.

Region

Configure the credentials provider that should be used to authenticate with AWS.

Available values:

  • default - the provider will attempt to identify the credentials automatically using the following checks:

    • Java System Properties - aws.accessKeyId and aws.secretKey

    • Environment Variables - AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY

    • Credential profiles file at the default location (~/.aws/credentials) shared by all AWS SDKs and the AWS CLI

    • Credentials delivered through the Amazon EC2 container service if AWS_CONTAINER_CREDENTIALS_RELATIVE_URI environment variable is set and security manager has permission to access the variable.

    • Instance profile credentials delivered through the Amazon EC2 metadata service

  • static - the provider that uses the access key and secret access key specified in the static-provider section of the config.

  • system-property - it loads credentials from the aws.accessKeyId, aws.secretAccessKey and aws.sessionToken system properties.

  • env-variable - it loads credentials from the AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY and AWS_SESSION_TOKEN environment variables.

  • profile - credentials are based on AWS configuration profiles. This loads credentials from a profile file, allowing you to share multiple sets of AWS security credentials between different tools like the AWS SDK for Java and the AWS CLI.

  • container - It loads credentials from a local metadata service. Containers currently supported by the AWS SDK are Amazon Elastic Container Service (ECS) and AWS Greengrass

  • instance-profile - It loads credentials from the Amazon EC2 Instance Metadata Service.

  • process - Credentials are loaded from an external process. This is used to support the credential_process setting in the profile credentials file. See Sourcing Credentials From External Processes for more information.

  • anonymous - It always returns anonymous AWS credentials. Anonymous AWS credentials result in un-authenticated requests and will fail unless the resource or API’s policy has been configured to specifically allow anonymous access.

default, static, system-property, env-variable, profile, container, instance-profile, process, anonymous

default

Default credentials provider configuration

Type

Default

Whether this provider should fetch credentials asynchronously in the background. If this is true, threads are less likely to block, but additional resources are used to maintain the provider.

boolean

false

Whether the provider should reuse the last successful credentials provider in the chain. Reusing the last successful credentials provider will typically return credentials faster than searching through the chain.

boolean

true

Static credentials provider configuration

Type

Default

string

string

AWS Profile credentials provider configuration

Type

Default

The name of the profile that should be used by this credentials provider. If not specified, the value in AWS_PROFILE environment variable or aws.profile system property is used and defaults to default name.

string

Process credentials provider configuration

Type

Default

Whether the provider should fetch credentials asynchronously in the background. If this is true, threads are less likely to block when credentials are loaded, but additional resources are used to maintain the provider.

boolean

false

The amount of time between when the credentials expire and when the credentials should start to be refreshed. This allows the credentials to be refreshed *before* they are reported to expire.

Duration

15S

The maximum size of the output that can be returned by the external process before an exception is raised.

MemorySize

1024

The command that should be executed to retrieve credentials.

string

Sync HTTP transport configurations

Type

Default

The maximum amount of time to establish a connection before timing out.

Duration

2S

The amount of time to wait for data to be transferred over an established, open connection before the connection is timed out.

Duration

30S

TLS managers provider type.

Available providers:

  • none - Use this provider if you don’t want the client to present any certificates to the remote TLS host.

  • system-property - Provider checks the standard javax.net.ssl.keyStore, javax.net.ssl.keyStorePassword, and javax.net.ssl.keyStoreType properties defined by the JSSE.

  • file-store - Provider that loads a the key store from a file.

none, system-property, file-store

system-property

path

Key store type. See the KeyStore section in the https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#KeyStore[Java Cryptography Architecture Standard Algorithm Name Documentation] for information about standard keystore types.

string

string

Apache HTTP client specific configurations

Type

Default

The amount of time to wait when acquiring a connection from the pool before giving up and timing out.

Duration

10S

The maximum amount of time that a connection should be allowed to remain open while idle.

Duration

60S

The maximum amount of time that a connection should be allowed to remain open, regardless of usage frequency.

Duration

The maximum number of connections allowed in the connection pool. Each built HTTP client has its own private connection pool.

int

50

Whether the client should send an HTTP expect-continue handshake before each request.

boolean

true

Whether the idle connections in the connection pool should be closed asynchronously. When enabled, connections left idling for longer than quarkus..sync-client.connection-max-idle-time will be closed. This will not close connections currently in use.

boolean

true

boolean

false

The endpoint of the proxy server that the SDK should connect through. Currently, the endpoint is limited to a host and port. Any other URI components will result in an exception being raised.

URI

The username to use when connecting through a proxy.

string

The password to use when connecting through a proxy.

string

For NTLM proxies - the Windows domain name to use when authenticating with the proxy.

string

For NTLM proxies - the Windows workstation name to use when authenticating with the proxy.

string

Whether to attempt to authenticate preemptively against the proxy server using basic authentication.

boolean

The hosts that the client is allowed to access without going through the proxy.

list of string

Netty HTTP transport configurations

Type

Default

The maximum number of allowed concurrent requests. For HTTP/1.1 this is the same as max connections. For HTTP/2 the number of connections that will be used depends on the max streams allowed per connection.

int

50

The maximum number of pending acquires allowed. Once this exceeds, acquire tries will be failed.

int

10000

The amount of time to wait for a read on a socket before an exception is thrown. Specify 0 to disable.

Duration

30S

The amount of time to wait for a write on a socket before an exception is thrown. Specify 0 to disable.

Duration

30S

The amount of time to wait when initially establishing a connection before giving up and timing out.

Duration

10S

The amount of time to wait when acquiring a connection from the pool before giving up and timing out.

Duration

2S

The maximum amount of time that a connection should be allowed to remain open, regardless of usage frequency.

Duration

The maximum amount of time that a connection should be allowed to remain open while idle. Currently has no effect if quarkus..async-client.use-idle-connection-reaper is false.

Duration

60S

Whether the idle connections in the connection pool should be closed. When enabled, connections left idling for longer than quarkus..async-client.connection-max-idle-time will be closed. This will not close connections currently in use.

boolean

true

The HTTP protocol to use.

http1-1, http2

http1-1

The SSL Provider to be used in the Netty client. Default is OPENSSL if available, JDK otherwise.

jdk, openssl, openssl-refcnt

The maximum number of concurrent streams for an HTTP/2 connection. This setting is only respected when the HTTP/2 protocol is used.

long

4294967295

The initial window size for an HTTP/2 stream. This setting is only respected when the HTTP/2 protocol is used.

int

1048576

Sets the period that the Netty client will send PING frames to the remote endpoint to check the health of the connection. To disable this feature, set a duration of 0. This setting is only respected when the HTTP/2 protocol is used.

Duration

5

boolean

false

The endpoint of the proxy server that the SDK should connect through. Currently, the endpoint is limited to a host and port. Any other URI components will result in an exception being raised.

URI

The hosts that the client is allowed to access without going through the proxy.

list of string

TLS managers provider type.

Available providers:

  • none - Use this provider if you don’t want the client to present any certificates to the remote TLS host.

  • system-property - Provider checks the standard javax.net.ssl.keyStore, javax.net.ssl.keyStorePassword, and javax.net.ssl.keyStoreType properties defined by the JSSE.

  • file-store - Provider that loads a the key store from a file.

none, system-property, file-store

system-property

path

Key store type. See the KeyStore section in the https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#KeyStore[Java Cryptography Architecture Standard Algorithm Name Documentation] for information about standard keystore types.

string

string

Enable the custom configuration of the Netty event loop group.

boolean

false

Number of threads to use for the event loop group. If not set, the default Netty thread count is used (which is double the number of available processors unless the io.netty.eventLoopThreads system property is set.

int

The thread name prefix for threads created by this thread factory used by event loop group. The prefix will be appended with a number unique to the thread factory and a number unique to the thread. If not specified it defaults to aws-java-sdk-NettyEventLoop

string

Amazon KMS

Type

Default

List of execution interceptors that will have access to read and modify the request and response objects as they are processed by the AWS SDK. The list should consists of class names which implements software.amazon.awssdk.core.interceptor.ExecutionInterceptor interface.

list of class name

Type of the sync HTTP client implementation

url, apache

url

AWS SDK client configurations

Type

Default

The endpoint URI with which the SDK should communicate. If not specified, an appropriate endpoint to be used for the given service and region.

URI

The amount of time to allow the client to complete the execution of an API call. This timeout covers the entire client execution except for marshalling. This includes request handler execution, all HTTP requests including retries, unmarshalling, etc. This value should always be positive, if present.

Duration

The amount of time to wait for the HTTP request to complete before giving up and timing out. This value should always be positive, if present.

Duration

AWS services configurations

Type

Default

An Amazon Web Services region that hosts the given service.

It overrides region provider chain with static value of region with which the service client should communicate.

If not set, region is retrieved via the default providers chain in the following order:

  • aws.region system property

  • region property from the profile file

  • Instance profile file

See software.amazon.awssdk.regions.Region for available regions.

Region

Configure the credentials provider that should be used to authenticate with AWS.

Available values:

  • default - the provider will attempt to identify the credentials automatically using the following checks:

    • Java System Properties - aws.accessKeyId and aws.secretKey

    • Environment Variables - AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY

    • Credential profiles file at the default location (~/.aws/credentials) shared by all AWS SDKs and the AWS CLI

    • Credentials delivered through the Amazon EC2 container service if AWS_CONTAINER_CREDENTIALS_RELATIVE_URI environment variable is set and security manager has permission to access the variable.

    • Instance profile credentials delivered through the Amazon EC2 metadata service

  • static - the provider that uses the access key and secret access key specified in the static-provider section of the config.

  • system-property - it loads credentials from the aws.accessKeyId, aws.secretAccessKey and aws.sessionToken system properties.

  • env-variable - it loads credentials from the AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY and AWS_SESSION_TOKEN environment variables.

  • profile - credentials are based on AWS configuration profiles. This loads credentials from a profile file, allowing you to share multiple sets of AWS security credentials between different tools like the AWS SDK for Java and the AWS CLI.

  • container - It loads credentials from a local metadata service. Containers currently supported by the AWS SDK are Amazon Elastic Container Service (ECS) and AWS Greengrass

  • instance-profile - It loads credentials from the Amazon EC2 Instance Metadata Service.

  • process - Credentials are loaded from an external process. This is used to support the credential_process setting in the profile credentials file. See Sourcing Credentials From External Processes for more information.

  • anonymous - It always returns anonymous AWS credentials. Anonymous AWS credentials result in un-authenticated requests and will fail unless the resource or API’s policy has been configured to specifically allow anonymous access.

default, static, system-property, env-variable, profile, container, instance-profile, process, anonymous

default

Default credentials provider configuration

Type

Default

Whether this provider should fetch credentials asynchronously in the background. If this is true, threads are less likely to block, but additional resources are used to maintain the provider.

boolean

false

Whether the provider should reuse the last successful credentials provider in the chain. Reusing the last successful credentials provider will typically return credentials faster than searching through the chain.

boolean

true

Static credentials provider configuration

Type

Default

string

string

AWS Profile credentials provider configuration

Type

Default

The name of the profile that should be used by this credentials provider. If not specified, the value in AWS_PROFILE environment variable or aws.profile system property is used and defaults to default name.

string

Process credentials provider configuration

Type

Default

Whether the provider should fetch credentials asynchronously in the background. If this is true, threads are less likely to block when credentials are loaded, but additional resources are used to maintain the provider.

boolean

false

The amount of time between when the credentials expire and when the credentials should start to be refreshed. This allows the credentials to be refreshed *before* they are reported to expire.

Duration

15S

The maximum size of the output that can be returned by the external process before an exception is raised.

MemorySize

1024

The command that should be executed to retrieve credentials.

string

Sync HTTP transport configurations

Type

Default

The maximum amount of time to establish a connection before timing out.

Duration

2S

The amount of time to wait for data to be transferred over an established, open connection before the connection is timed out.

Duration

30S

TLS managers provider type.

Available providers:

  • none - Use this provider if you don’t want the client to present any certificates to the remote TLS host.

  • system-property - Provider checks the standard javax.net.ssl.keyStore, javax.net.ssl.keyStorePassword, and javax.net.ssl.keyStoreType properties defined by the JSSE.

  • file-store - Provider that loads a the key store from a file.

none, system-property, file-store

system-property

path

Key store type. See the KeyStore section in the https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#KeyStore[Java Cryptography Architecture Standard Algorithm Name Documentation] for information about standard keystore types.

string

string

Apache HTTP client specific configurations

Type

Default

The amount of time to wait when acquiring a connection from the pool before giving up and timing out.

Duration

10S

The maximum amount of time that a connection should be allowed to remain open while idle.

Duration

60S

The maximum amount of time that a connection should be allowed to remain open, regardless of usage frequency.

Duration

The maximum number of connections allowed in the connection pool. Each built HTTP client has its own private connection pool.

int

50

Whether the client should send an HTTP expect-continue handshake before each request.

boolean

true

Whether the idle connections in the connection pool should be closed asynchronously. When enabled, connections left idling for longer than quarkus..sync-client.connection-max-idle-time will be closed. This will not close connections currently in use.

boolean

true

boolean

false

The endpoint of the proxy server that the SDK should connect through. Currently, the endpoint is limited to a host and port. Any other URI components will result in an exception being raised.

URI

The username to use when connecting through a proxy.

string

The password to use when connecting through a proxy.

string

For NTLM proxies - the Windows domain name to use when authenticating with the proxy.

string

For NTLM proxies - the Windows workstation name to use when authenticating with the proxy.

string

Whether to attempt to authenticate preemptively against the proxy server using basic authentication.

boolean

The hosts that the client is allowed to access without going through the proxy.

list of string

Netty HTTP transport configurations

Type

Default

The maximum number of allowed concurrent requests. For HTTP/1.1 this is the same as max connections. For HTTP/2 the number of connections that will be used depends on the max streams allowed per connection.

int

50

The maximum number of pending acquires allowed. Once this exceeds, acquire tries will be failed.

int

10000

The amount of time to wait for a read on a socket before an exception is thrown. Specify 0 to disable.

Duration

30S

The amount of time to wait for a write on a socket before an exception is thrown. Specify 0 to disable.

Duration

30S

The amount of time to wait when initially establishing a connection before giving up and timing out.

Duration

10S

The amount of time to wait when acquiring a connection from the pool before giving up and timing out.

Duration

2S

The maximum amount of time that a connection should be allowed to remain open, regardless of usage frequency.

Duration

The maximum amount of time that a connection should be allowed to remain open while idle. Currently has no effect if quarkus..async-client.use-idle-connection-reaper is false.

Duration

60S

Whether the idle connections in the connection pool should be closed. When enabled, connections left idling for longer than quarkus..async-client.connection-max-idle-time will be closed. This will not close connections currently in use.

boolean

true

The HTTP protocol to use.

http1-1, http2

http1-1

The SSL Provider to be used in the Netty client. Default is OPENSSL if available, JDK otherwise.

jdk, openssl, openssl-refcnt

The maximum number of concurrent streams for an HTTP/2 connection. This setting is only respected when the HTTP/2 protocol is used.

long

4294967295

The initial window size for an HTTP/2 stream. This setting is only respected when the HTTP/2 protocol is used.

int

1048576

Sets the period that the Netty client will send PING frames to the remote endpoint to check the health of the connection. To disable this feature, set a duration of 0. This setting is only respected when the HTTP/2 protocol is used.

Duration

5

boolean

false

The endpoint of the proxy server that the SDK should connect through. Currently, the endpoint is limited to a host and port. Any other URI components will result in an exception being raised.

URI

The hosts that the client is allowed to access without going through the proxy.

list of string

TLS managers provider type.

Available providers:

  • none - Use this provider if you don’t want the client to present any certificates to the remote TLS host.

  • system-property - Provider checks the standard javax.net.ssl.keyStore, javax.net.ssl.keyStorePassword, and javax.net.ssl.keyStoreType properties defined by the JSSE.

  • file-store - Provider that loads a the key store from a file.

none, system-property, file-store

system-property

path

Key store type. See the KeyStore section in the https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#KeyStore[Java Cryptography Architecture Standard Algorithm Name Documentation] for information about standard keystore types.

string

string

Enable the custom configuration of the Netty event loop group.

boolean

false

Number of threads to use for the event loop group. If not set, the default Netty thread count is used (which is double the number of available processors unless the io.netty.eventLoopThreads system property is set.

int

The thread name prefix for threads created by this thread factory used by event loop group. The prefix will be appended with a number unique to the thread factory and a number unique to the thread. If not specified it defaults to aws-java-sdk-NettyEventLoop

string

Amazon S3

Type

Default

List of execution interceptors that will have access to read and modify the request and response objects as they are processed by the AWS SDK. The list should consists of class names which implements software.amazon.awssdk.core.interceptor.ExecutionInterceptor interface.

list of class name

Type of the sync HTTP client implementation

url, apache

url

Enable using the accelerate endpoint when accessing S3. Accelerate endpoints allow faster transfer of objects by using Amazon CloudFront’s globally distributed edge locations.

boolean

false

Enable doing a validation of the checksum of an object stored in S3.

boolean

true

Enable using chunked encoding when signing the request payload for software.amazon.awssdk.services.s3.model.PutObjectRequest and software.amazon.awssdk.services.s3.model.UploadPartRequest.

boolean

true

Enable dualstack mode for accessing S3. If you want to use IPv6 when accessing S3, dualstack must be enabled.

boolean

false

Enable using path style access for accessing S3 objects instead of DNS style access. DNS style access is preferred as it will result in better load balancing when accessing S3.

boolean

false

Enable cross-region call to the region specified in the S3 resource ARN different than the region the client was configured with. If this flag is not set to 'true', the cross-region call will throw an exception.

boolean

false

Define the profile name that should be consulted to determine the default value of use-arn-region-enabled. This is not used, if the use-arn-region-enabled is configured to 'true'. If not specified, the value in AWS_PROFILE environment variable or aws.profile system property is used and defaults to default name.

string

AWS SDK client configurations

Type

Default

The endpoint URI with which the SDK should communicate. If not specified, an appropriate endpoint to be used for the given service and region.

URI

The amount of time to allow the client to complete the execution of an API call. This timeout covers the entire client execution except for marshalling. This includes request handler execution, all HTTP requests including retries, unmarshalling, etc. This value should always be positive, if present.

Duration

The amount of time to wait for the HTTP request to complete before giving up and timing out. This value should always be positive, if present.

Duration

AWS services configurations

Type

Default

An Amazon Web Services region that hosts the given service.

It overrides region provider chain with static value of region with which the service client should communicate.

If not set, region is retrieved via the default providers chain in the following order:

  • aws.region system property

  • region property from the profile file

  • Instance profile file

See software.amazon.awssdk.regions.Region for available regions.

Region

Configure the credentials provider that should be used to authenticate with AWS.

Available values:

  • default - the provider will attempt to identify the credentials automatically using the following checks:

    • Java System Properties - aws.accessKeyId and aws.secretKey

    • Environment Variables - AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY

    • Credential profiles file at the default location (~/.aws/credentials) shared by all AWS SDKs and the AWS CLI

    • Credentials delivered through the Amazon EC2 container service if AWS_CONTAINER_CREDENTIALS_RELATIVE_URI environment variable is set and security manager has permission to access the variable.

    • Instance profile credentials delivered through the Amazon EC2 metadata service

  • static - the provider that uses the access key and secret access key specified in the static-provider section of the config.

  • system-property - it loads credentials from the aws.accessKeyId, aws.secretAccessKey and aws.sessionToken system properties.

  • env-variable - it loads credentials from the AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY and AWS_SESSION_TOKEN environment variables.

  • profile - credentials are based on AWS configuration profiles. This loads credentials from a profile file, allowing you to share multiple sets of AWS security credentials between different tools like the AWS SDK for Java and the AWS CLI.

  • container - It loads credentials from a local metadata service. Containers currently supported by the AWS SDK are Amazon Elastic Container Service (ECS) and AWS Greengrass

  • instance-profile - It loads credentials from the Amazon EC2 Instance Metadata Service.

  • process - Credentials are loaded from an external process. This is used to support the credential_process setting in the profile credentials file. See Sourcing Credentials From External Processes for more information.

  • anonymous - It always returns anonymous AWS credentials. Anonymous AWS credentials result in un-authenticated requests and will fail unless the resource or API’s policy has been configured to specifically allow anonymous access.

default, static, system-property, env-variable, profile, container, instance-profile, process, anonymous

default

Default credentials provider configuration

Type

Default

Whether this provider should fetch credentials asynchronously in the background. If this is true, threads are less likely to block, but additional resources are used to maintain the provider.

boolean

false

Whether the provider should reuse the last successful credentials provider in the chain. Reusing the last successful credentials provider will typically return credentials faster than searching through the chain.

boolean

true

Static credentials provider configuration

Type

Default

string

string

AWS Profile credentials provider configuration

Type

Default

The name of the profile that should be used by this credentials provider. If not specified, the value in AWS_PROFILE environment variable or aws.profile system property is used and defaults to default name.

string

Process credentials provider configuration

Type

Default

Whether the provider should fetch credentials asynchronously in the background. If this is true, threads are less likely to block when credentials are loaded, but additional resources are used to maintain the provider.

boolean

false

The amount of time between when the credentials expire and when the credentials should start to be refreshed. This allows the credentials to be refreshed *before* they are reported to expire.

Duration

15S

The maximum size of the output that can be returned by the external process before an exception is raised.

MemorySize

1024

The command that should be executed to retrieve credentials.

string

Sync HTTP transport configurations

Type

Default

The maximum amount of time to establish a connection before timing out.

Duration

2S

The amount of time to wait for data to be transferred over an established, open connection before the connection is timed out.

Duration

30S

TLS managers provider type.

Available providers:

  • none - Use this provider if you don’t want the client to present any certificates to the remote TLS host.

  • system-property - Provider checks the standard javax.net.ssl.keyStore, javax.net.ssl.keyStorePassword, and javax.net.ssl.keyStoreType properties defined by the JSSE.

  • file-store - Provider that loads a the key store from a file.

none, system-property, file-store

system-property

path

Key store type. See the KeyStore section in the https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#KeyStore[Java Cryptography Architecture Standard Algorithm Name Documentation] for information about standard keystore types.

string

string

Apache HTTP client specific configurations

Type

Default

The amount of time to wait when acquiring a connection from the pool before giving up and timing out.

Duration

10S

The maximum amount of time that a connection should be allowed to remain open while idle.

Duration

60S

The maximum amount of time that a connection should be allowed to remain open, regardless of usage frequency.

Duration

The maximum number of connections allowed in the connection pool. Each built HTTP client has its own private connection pool.

int

50

Whether the client should send an HTTP expect-continue handshake before each request.

boolean

true

Whether the idle connections in the connection pool should be closed asynchronously. When enabled, connections left idling for longer than quarkus..sync-client.connection-max-idle-time will be closed. This will not close connections currently in use.

boolean

true

boolean

false

The endpoint of the proxy server that the SDK should connect through. Currently, the endpoint is limited to a host and port. Any other URI components will result in an exception being raised.

URI

The username to use when connecting through a proxy.

string

The password to use when connecting through a proxy.

string

For NTLM proxies - the Windows domain name to use when authenticating with the proxy.

string

For NTLM proxies - the Windows workstation name to use when authenticating with the proxy.

string

Whether to attempt to authenticate preemptively against the proxy server using basic authentication.

boolean

The hosts that the client is allowed to access without going through the proxy.

list of string

Netty HTTP transport configurations

Type

Default

The maximum number of allowed concurrent requests. For HTTP/1.1 this is the same as max connections. For HTTP/2 the number of connections that will be used depends on the max streams allowed per connection.

int

50

The maximum number of pending acquires allowed. Once this exceeds, acquire tries will be failed.

int

10000

The amount of time to wait for a read on a socket before an exception is thrown. Specify 0 to disable.

Duration

30S

The amount of time to wait for a write on a socket before an exception is thrown. Specify 0 to disable.

Duration

30S

The amount of time to wait when initially establishing a connection before giving up and timing out.

Duration

10S

The amount of time to wait when acquiring a connection from the pool before giving up and timing out.

Duration

2S

The maximum amount of time that a connection should be allowed to remain open, regardless of usage frequency.

Duration

The maximum amount of time that a connection should be allowed to remain open while idle. Currently has no effect if quarkus..async-client.use-idle-connection-reaper is false.

Duration

60S

Whether the idle connections in the connection pool should be closed. When enabled, connections left idling for longer than quarkus..async-client.connection-max-idle-time will be closed. This will not close connections currently in use.

boolean

true

The HTTP protocol to use.

http1-1, http2

http1-1

The SSL Provider to be used in the Netty client. Default is OPENSSL if available, JDK otherwise.

jdk, openssl, openssl-refcnt

The maximum number of concurrent streams for an HTTP/2 connection. This setting is only respected when the HTTP/2 protocol is used.

long

4294967295

The initial window size for an HTTP/2 stream. This setting is only respected when the HTTP/2 protocol is used.

int

1048576

Sets the period that the Netty client will send PING frames to the remote endpoint to check the health of the connection. To disable this feature, set a duration of 0. This setting is only respected when the HTTP/2 protocol is used.

Duration

5

boolean

false

The endpoint of the proxy server that the SDK should connect through. Currently, the endpoint is limited to a host and port. Any other URI components will result in an exception being raised.

URI

The hosts that the client is allowed to access without going through the proxy.

list of string

TLS managers provider type.

Available providers:

  • none - Use this provider if you don’t want the client to present any certificates to the remote TLS host.

  • system-property - Provider checks the standard javax.net.ssl.keyStore, javax.net.ssl.keyStorePassword, and javax.net.ssl.keyStoreType properties defined by the JSSE.

  • file-store - Provider that loads a the key store from a file.

none, system-property, file-store

system-property

path

Key store type. See the KeyStore section in the https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#KeyStore[Java Cryptography Architecture Standard Algorithm Name Documentation] for information about standard keystore types.

string

string

Enable the custom configuration of the Netty event loop group.

boolean

false

Number of threads to use for the event loop group. If not set, the default Netty thread count is used (which is double the number of available processors unless the io.netty.eventLoopThreads system property is set.

int

The thread name prefix for threads created by this thread factory used by event loop group. The prefix will be appended with a number unique to the thread factory and a number unique to the thread. If not specified it defaults to aws-java-sdk-NettyEventLoop

string

Amazon SES

Type

Default

List of execution interceptors that will have access to read and modify the request and response objects as they are processed by the AWS SDK. The list should consists of class names which implements software.amazon.awssdk.core.interceptor.ExecutionInterceptor interface.

list of class name

Type of the sync HTTP client implementation

url, apache

url

AWS SDK client configurations

Type

Default

The endpoint URI with which the SDK should communicate. If not specified, an appropriate endpoint to be used for the given service and region.

URI

The amount of time to allow the client to complete the execution of an API call. This timeout covers the entire client execution except for marshalling. This includes request handler execution, all HTTP requests including retries, unmarshalling, etc. This value should always be positive, if present.

Duration

The amount of time to wait for the HTTP request to complete before giving up and timing out. This value should always be positive, if present.

Duration

AWS services configurations

Type

Default

An Amazon Web Services region that hosts the given service.

It overrides region provider chain with static value of region with which the service client should communicate.

If not set, region is retrieved via the default providers chain in the following order:

  • aws.region system property

  • region property from the profile file

  • Instance profile file

See software.amazon.awssdk.regions.Region for available regions.

Region

Configure the credentials provider that should be used to authenticate with AWS.

Available values:

  • default - the provider will attempt to identify the credentials automatically using the following checks:

    • Java System Properties - aws.accessKeyId and aws.secretKey

    • Environment Variables - AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY

    • Credential profiles file at the default location (~/.aws/credentials) shared by all AWS SDKs and the AWS CLI

    • Credentials delivered through the Amazon EC2 container service if AWS_CONTAINER_CREDENTIALS_RELATIVE_URI environment variable is set and security manager has permission to access the variable.

    • Instance profile credentials delivered through the Amazon EC2 metadata service

  • static - the provider that uses the access key and secret access key specified in the static-provider section of the config.

  • system-property - it loads credentials from the aws.accessKeyId, aws.secretAccessKey and aws.sessionToken system properties.

  • env-variable - it loads credentials from the AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY and AWS_SESSION_TOKEN environment variables.

  • profile - credentials are based on AWS configuration profiles. This loads credentials from a profile file, allowing you to share multiple sets of AWS security credentials between different tools like the AWS SDK for Java and the AWS CLI.

  • container - It loads credentials from a local metadata service. Containers currently supported by the AWS SDK are Amazon Elastic Container Service (ECS) and AWS Greengrass

  • instance-profile - It loads credentials from the Amazon EC2 Instance Metadata Service.

  • process - Credentials are loaded from an external process. This is used to support the credential_process setting in the profile credentials file. See Sourcing Credentials From External Processes for more information.

  • anonymous - It always returns anonymous AWS credentials. Anonymous AWS credentials result in un-authenticated requests and will fail unless the resource or API’s policy has been configured to specifically allow anonymous access.

default, static, system-property, env-variable, profile, container, instance-profile, process, anonymous

default

Default credentials provider configuration

Type

Default

Whether this provider should fetch credentials asynchronously in the background. If this is true, threads are less likely to block, but additional resources are used to maintain the provider.

boolean

false

Whether the provider should reuse the last successful credentials provider in the chain. Reusing the last successful credentials provider will typically return credentials faster than searching through the chain.

boolean

true

Static credentials provider configuration

Type

Default

string

string

AWS Profile credentials provider configuration

Type

Default

The name of the profile that should be used by this credentials provider. If not specified, the value in AWS_PROFILE environment variable or aws.profile system property is used and defaults to default name.

string

Process credentials provider configuration

Type

Default

Whether the provider should fetch credentials asynchronously in the background. If this is true, threads are less likely to block when credentials are loaded, but additional resources are used to maintain the provider.

boolean

false

The amount of time between when the credentials expire and when the credentials should start to be refreshed. This allows the credentials to be refreshed *before* they are reported to expire.

Duration

15S

The maximum size of the output that can be returned by the external process before an exception is raised.

MemorySize

1024

The command that should be executed to retrieve credentials.

string

Sync HTTP transport configurations

Type

Default

The maximum amount of time to establish a connection before timing out.

Duration

2S

The amount of time to wait for data to be transferred over an established, open connection before the connection is timed out.

Duration

30S

TLS managers provider type.

Available providers:

  • none - Use this provider if you don’t want the client to present any certificates to the remote TLS host.

  • system-property - Provider checks the standard javax.net.ssl.keyStore, javax.net.ssl.keyStorePassword, and javax.net.ssl.keyStoreType properties defined by the JSSE.

  • file-store - Provider that loads a the key store from a file.

none, system-property, file-store

system-property

path

Key store type. See the KeyStore section in the https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#KeyStore[Java Cryptography Architecture Standard Algorithm Name Documentation] for information about standard keystore types.

string

string

Apache HTTP client specific configurations

Type

Default

The amount of time to wait when acquiring a connection from the pool before giving up and timing out.

Duration

10S

The maximum amount of time that a connection should be allowed to remain open while idle.

Duration

60S

The maximum amount of time that a connection should be allowed to remain open, regardless of usage frequency.

Duration

The maximum number of connections allowed in the connection pool. Each built HTTP client has its own private connection pool.

int

50

Whether the client should send an HTTP expect-continue handshake before each request.

boolean

true

Whether the idle connections in the connection pool should be closed asynchronously. When enabled, connections left idling for longer than quarkus..sync-client.connection-max-idle-time will be closed. This will not close connections currently in use.

boolean

true

boolean

false

The endpoint of the proxy server that the SDK should connect through. Currently, the endpoint is limited to a host and port. Any other URI components will result in an exception being raised.

URI

The username to use when connecting through a proxy.

string

The password to use when connecting through a proxy.

string

For NTLM proxies - the Windows domain name to use when authenticating with the proxy.

string

For NTLM proxies - the Windows workstation name to use when authenticating with the proxy.

string

Whether to attempt to authenticate preemptively against the proxy server using basic authentication.

boolean

The hosts that the client is allowed to access without going through the proxy.

list of string

Netty HTTP transport configurations

Type

Default

The maximum number of allowed concurrent requests. For HTTP/1.1 this is the same as max connections. For HTTP/2 the number of connections that will be used depends on the max streams allowed per connection.

int

50

The maximum number of pending acquires allowed. Once this exceeds, acquire tries will be failed.

int

10000

The amount of time to wait for a read on a socket before an exception is thrown. Specify 0 to disable.

Duration

30S

The amount of time to wait for a write on a socket before an exception is thrown. Specify 0 to disable.

Duration

30S

The amount of time to wait when initially establishing a connection before giving up and timing out.

Duration

10S

The amount of time to wait when acquiring a connection from the pool before giving up and timing out.

Duration

2S

The maximum amount of time that a connection should be allowed to remain open, regardless of usage frequency.

Duration

The maximum amount of time that a connection should be allowed to remain open while idle. Currently has no effect if quarkus..async-client.use-idle-connection-reaper is false.

Duration

60S

Whether the idle connections in the connection pool should be closed. When enabled, connections left idling for longer than quarkus..async-client.connection-max-idle-time will be closed. This will not close connections currently in use.

boolean

true

The HTTP protocol to use.

http1-1, http2

http1-1

The SSL Provider to be used in the Netty client. Default is OPENSSL if available, JDK otherwise.

jdk, openssl, openssl-refcnt

The maximum number of concurrent streams for an HTTP/2 connection. This setting is only respected when the HTTP/2 protocol is used.

long

4294967295

The initial window size for an HTTP/2 stream. This setting is only respected when the HTTP/2 protocol is used.

int

1048576

Sets the period that the Netty client will send PING frames to the remote endpoint to check the health of the connection. To disable this feature, set a duration of 0. This setting is only respected when the HTTP/2 protocol is used.

Duration

5

boolean

false

The endpoint of the proxy server that the SDK should connect through. Currently, the endpoint is limited to a host and port. Any other URI components will result in an exception being raised.

URI

The hosts that the client is allowed to access without going through the proxy.

list of string

TLS managers provider type.

Available providers:

  • none - Use this provider if you don’t want the client to present any certificates to the remote TLS host.

  • system-property - Provider checks the standard javax.net.ssl.keyStore, javax.net.ssl.keyStorePassword, and javax.net.ssl.keyStoreType properties defined by the JSSE.

  • file-store - Provider that loads a the key store from a file.

none, system-property, file-store

system-property

path

Key store type. See the KeyStore section in the https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#KeyStore[Java Cryptography Architecture Standard Algorithm Name Documentation] for information about standard keystore types.

string

string

Enable the custom configuration of the Netty event loop group.

boolean

false

Number of threads to use for the event loop group. If not set, the default Netty thread count is used (which is double the number of available processors unless the io.netty.eventLoopThreads system property is set.

int

The thread name prefix for threads created by this thread factory used by event loop group. The prefix will be appended with a number unique to the thread factory and a number unique to the thread. If not specified it defaults to aws-java-sdk-NettyEventLoop

string

Amazon SNS

Type

Default

List of execution interceptors that will have access to read and modify the request and response objects as they are processed by the AWS SDK. The list should consists of class names which implements software.amazon.awssdk.core.interceptor.ExecutionInterceptor interface.

list of class name

Type of the sync HTTP client implementation

url, apache

url

AWS SDK client configurations

Type

Default

The endpoint URI with which the SDK should communicate. If not specified, an appropriate endpoint to be used for the given service and region.

URI

The amount of time to allow the client to complete the execution of an API call. This timeout covers the entire client execution except for marshalling. This includes request handler execution, all HTTP requests including retries, unmarshalling, etc. This value should always be positive, if present.

Duration

The amount of time to wait for the HTTP request to complete before giving up and timing out. This value should always be positive, if present.

Duration

AWS services configurations

Type

Default

An Amazon Web Services region that hosts the given service.

It overrides region provider chain with static value of region with which the service client should communicate.

If not set, region is retrieved via the default providers chain in the following order:

  • aws.region system property

  • region property from the profile file

  • Instance profile file

See software.amazon.awssdk.regions.Region for available regions.

Region

Configure the credentials provider that should be used to authenticate with AWS.

Available values:

  • default - the provider will attempt to identify the credentials automatically using the following checks:

    • Java System Properties - aws.accessKeyId and aws.secretKey

    • Environment Variables - AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY

    • Credential profiles file at the default location (~/.aws/credentials) shared by all AWS SDKs and the AWS CLI

    • Credentials delivered through the Amazon EC2 container service if AWS_CONTAINER_CREDENTIALS_RELATIVE_URI environment variable is set and security manager has permission to access the variable.

    • Instance profile credentials delivered through the Amazon EC2 metadata service

  • static - the provider that uses the access key and secret access key specified in the static-provider section of the config.

  • system-property - it loads credentials from the aws.accessKeyId, aws.secretAccessKey and aws.sessionToken system properties.

  • env-variable - it loads credentials from the AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY and AWS_SESSION_TOKEN environment variables.

  • profile - credentials are based on AWS configuration profiles. This loads credentials from a profile file, allowing you to share multiple sets of AWS security credentials between different tools like the AWS SDK for Java and the AWS CLI.

  • container - It loads credentials from a local metadata service. Containers currently supported by the AWS SDK are Amazon Elastic Container Service (ECS) and AWS Greengrass

  • instance-profile - It loads credentials from the Amazon EC2 Instance Metadata Service.

  • process - Credentials are loaded from an external process. This is used to support the credential_process setting in the profile credentials file. See Sourcing Credentials From External Processes for more information.

  • anonymous - It always returns anonymous AWS credentials. Anonymous AWS credentials result in un-authenticated requests and will fail unless the resource or API’s policy has been configured to specifically allow anonymous access.

default, static, system-property, env-variable, profile, container, instance-profile, process, anonymous

default

Default credentials provider configuration

Type

Default

Whether this provider should fetch credentials asynchronously in the background. If this is true, threads are less likely to block, but additional resources are used to maintain the provider.

boolean

false

Whether the provider should reuse the last successful credentials provider in the chain. Reusing the last successful credentials provider will typically return credentials faster than searching through the chain.

boolean

true

Static credentials provider configuration

Type

Default

string

string

AWS Profile credentials provider configuration

Type

Default

The name of the profile that should be used by this credentials provider. If not specified, the value in AWS_PROFILE environment variable or aws.profile system property is used and defaults to default name.

string

Process credentials provider configuration

Type

Default

Whether the provider should fetch credentials asynchronously in the background. If this is true, threads are less likely to block when credentials are loaded, but additional resources are used to maintain the provider.

boolean

false

The amount of time between when the credentials expire and when the credentials should start to be refreshed. This allows the credentials to be refreshed *before* they are reported to expire.

Duration

15S

The maximum size of the output that can be returned by the external process before an exception is raised.

MemorySize

1024

The command that should be executed to retrieve credentials.

string

Sync HTTP transport configurations

Type

Default

The maximum amount of time to establish a connection before timing out.

Duration

2S

The amount of time to wait for data to be transferred over an established, open connection before the connection is timed out.

Duration

30S

TLS managers provider type.

Available providers:

  • none - Use this provider if you don’t want the client to present any certificates to the remote TLS host.

  • system-property - Provider checks the standard javax.net.ssl.keyStore, javax.net.ssl.keyStorePassword, and javax.net.ssl.keyStoreType properties defined by the JSSE.

  • file-store - Provider that loads a the key store from a file.

none, system-property, file-store

system-property

path

Key store type. See the KeyStore section in the https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#KeyStore[Java Cryptography Architecture Standard Algorithm Name Documentation] for information about standard keystore types.

string

string

Apache HTTP client specific configurations

Type

Default

The amount of time to wait when acquiring a connection from the pool before giving up and timing out.

Duration

10S

The maximum amount of time that a connection should be allowed to remain open while idle.

Duration

60S

The maximum amount of time that a connection should be allowed to remain open, regardless of usage frequency.

Duration

The maximum number of connections allowed in the connection pool. Each built HTTP client has its own private connection pool.

int

50

Whether the client should send an HTTP expect-continue handshake before each request.

boolean

true

Whether the idle connections in the connection pool should be closed asynchronously. When enabled, connections left idling for longer than quarkus..sync-client.connection-max-idle-time will be closed. This will not close connections currently in use.

boolean

true

boolean

false

The endpoint of the proxy server that the SDK should connect through. Currently, the endpoint is limited to a host and port. Any other URI components will result in an exception being raised.

URI

The username to use when connecting through a proxy.

string

The password to use when connecting through a proxy.

string

For NTLM proxies - the Windows domain name to use when authenticating with the proxy.

string

For NTLM proxies - the Windows workstation name to use when authenticating with the proxy.

string

Whether to attempt to authenticate preemptively against the proxy server using basic authentication.

boolean

The hosts that the client is allowed to access without going through the proxy.

list of string

Netty HTTP transport configurations

Type

Default

The maximum number of allowed concurrent requests. For HTTP/1.1 this is the same as max connections. For HTTP/2 the number of connections that will be used depends on the max streams allowed per connection.

int

50

The maximum number of pending acquires allowed. Once this exceeds, acquire tries will be failed.

int

10000

The amount of time to wait for a read on a socket before an exception is thrown. Specify 0 to disable.

Duration

30S

The amount of time to wait for a write on a socket before an exception is thrown. Specify 0 to disable.

Duration

30S

The amount of time to wait when initially establishing a connection before giving up and timing out.

Duration

10S

The amount of time to wait when acquiring a connection from the pool before giving up and timing out.

Duration

2S

The maximum amount of time that a connection should be allowed to remain open, regardless of usage frequency.

Duration

The maximum amount of time that a connection should be allowed to remain open while idle. Currently has no effect if quarkus..async-client.use-idle-connection-reaper is false.

Duration

60S

Whether the idle connections in the connection pool should be closed. When enabled, connections left idling for longer than quarkus..async-client.connection-max-idle-time will be closed. This will not close connections currently in use.

boolean

true

The HTTP protocol to use.

http1-1, http2

http1-1

The SSL Provider to be used in the Netty client. Default is OPENSSL if available, JDK otherwise.

jdk, openssl, openssl-refcnt

The maximum number of concurrent streams for an HTTP/2 connection. This setting is only respected when the HTTP/2 protocol is used.

long

4294967295

The initial window size for an HTTP/2 stream. This setting is only respected when the HTTP/2 protocol is used.

int

1048576

Sets the period that the Netty client will send PING frames to the remote endpoint to check the health of the connection. To disable this feature, set a duration of 0. This setting is only respected when the HTTP/2 protocol is used.

Duration

5

boolean

false

The endpoint of the proxy server that the SDK should connect through. Currently, the endpoint is limited to a host and port. Any other URI components will result in an exception being raised.

URI

The hosts that the client is allowed to access without going through the proxy.

list of string

TLS managers provider type.

Available providers:

  • none - Use this provider if you don’t want the client to present any certificates to the remote TLS host.

  • system-property - Provider checks the standard javax.net.ssl.keyStore, javax.net.ssl.keyStorePassword, and javax.net.ssl.keyStoreType properties defined by the JSSE.

  • file-store - Provider that loads a the key store from a file.

none, system-property, file-store

system-property

path

Key store type. See the KeyStore section in the https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#KeyStore[Java Cryptography Architecture Standard Algorithm Name Documentation] for information about standard keystore types.

string

string

Enable the custom configuration of the Netty event loop group.

boolean

false

Number of threads to use for the event loop group. If not set, the default Netty thread count is used (which is double the number of available processors unless the io.netty.eventLoopThreads system property is set.

int

The thread name prefix for threads created by this thread factory used by event loop group. The prefix will be appended with a number unique to the thread factory and a number unique to the thread. If not specified it defaults to aws-java-sdk-NettyEventLoop

string

Amazon SQS

Type

Default

List of execution interceptors that will have access to read and modify the request and response objects as they are processed by the AWS SDK. The list should consists of class names which implements software.amazon.awssdk.core.interceptor.ExecutionInterceptor interface.

list of class name

Type of the sync HTTP client implementation

url, apache

url

AWS SDK client configurations

Type

Default

The endpoint URI with which the SDK should communicate. If not specified, an appropriate endpoint to be used for the given service and region.

URI

The amount of time to allow the client to complete the execution of an API call. This timeout covers the entire client execution except for marshalling. This includes request handler execution, all HTTP requests including retries, unmarshalling, etc. This value should always be positive, if present.

Duration

The amount of time to wait for the HTTP request to complete before giving up and timing out. This value should always be positive, if present.

Duration

AWS services configurations

Type

Default

An Amazon Web Services region that hosts the given service.

It overrides region provider chain with static value of region with which the service client should communicate.

If not set, region is retrieved via the default providers chain in the following order:

  • aws.region system property

  • region property from the profile file

  • Instance profile file

See software.amazon.awssdk.regions.Region for available regions.

Region

Configure the credentials provider that should be used to authenticate with AWS.

Available values:

  • default - the provider will attempt to identify the credentials automatically using the following checks:

    • Java System Properties - aws.accessKeyId and aws.secretKey

    • Environment Variables - AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY

    • Credential profiles file at the default location (~/.aws/credentials) shared by all AWS SDKs and the AWS CLI

    • Credentials delivered through the Amazon EC2 container service if AWS_CONTAINER_CREDENTIALS_RELATIVE_URI environment variable is set and security manager has permission to access the variable.

    • Instance profile credentials delivered through the Amazon EC2 metadata service

  • static - the provider that uses the access key and secret access key specified in the static-provider section of the config.

  • system-property - it loads credentials from the aws.accessKeyId, aws.secretAccessKey and aws.sessionToken system properties.

  • env-variable - it loads credentials from the AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY and AWS_SESSION_TOKEN environment variables.

  • profile - credentials are based on AWS configuration profiles. This loads credentials from a profile file, allowing you to share multiple sets of AWS security credentials between different tools like the AWS SDK for Java and the AWS CLI.

  • container - It loads credentials from a local metadata service. Containers currently supported by the AWS SDK are Amazon Elastic Container Service (ECS) and AWS Greengrass

  • instance-profile - It loads credentials from the Amazon EC2 Instance Metadata Service.

  • process - Credentials are loaded from an external process. This is used to support the credential_process setting in the profile credentials file. See Sourcing Credentials From External Processes for more information.

  • anonymous - It always returns anonymous AWS credentials. Anonymous AWS credentials result in un-authenticated requests and will fail unless the resource or API’s policy has been configured to specifically allow anonymous access.

default, static, system-property, env-variable, profile, container, instance-profile, process, anonymous

default

Default credentials provider configuration

Type

Default

Whether this provider should fetch credentials asynchronously in the background. If this is true, threads are less likely to block, but additional resources are used to maintain the provider.

boolean

false

Whether the provider should reuse the last successful credentials provider in the chain. Reusing the last successful credentials provider will typically return credentials faster than searching through the chain.

boolean

true

Static credentials provider configuration

Type

Default

string

string

AWS Profile credentials provider configuration

Type

Default

The name of the profile that should be used by this credentials provider. If not specified, the value in AWS_PROFILE environment variable or aws.profile system property is used and defaults to default name.

string

Process credentials provider configuration

Type

Default

Whether the provider should fetch credentials asynchronously in the background. If this is true, threads are less likely to block when credentials are loaded, but additional resources are used to maintain the provider.

boolean

false

The amount of time between when the credentials expire and when the credentials should start to be refreshed. This allows the credentials to be refreshed *before* they are reported to expire.

Duration

15S

The maximum size of the output that can be returned by the external process before an exception is raised.

MemorySize

1024

The command that should be executed to retrieve credentials.

string

Sync HTTP transport configurations

Type

Default

The maximum amount of time to establish a connection before timing out.

Duration

2S

The amount of time to wait for data to be transferred over an established, open connection before the connection is timed out.

Duration

30S

TLS managers provider type.

Available providers:

  • none - Use this provider if you don’t want the client to present any certificates to the remote TLS host.

  • system-property - Provider checks the standard javax.net.ssl.keyStore, javax.net.ssl.keyStorePassword, and javax.net.ssl.keyStoreType properties defined by the JSSE.

  • file-store - Provider that loads a the key store from a file.

none, system-property, file-store

system-property

path

Key store type. See the KeyStore section in the https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#KeyStore[Java Cryptography Architecture Standard Algorithm Name Documentation] for information about standard keystore types.

string

string

Apache HTTP client specific configurations

Type

Default

The amount of time to wait when acquiring a connection from the pool before giving up and timing out.

Duration

10S

The maximum amount of time that a connection should be allowed to remain open while idle.

Duration

60S

The maximum amount of time that a connection should be allowed to remain open, regardless of usage frequency.

Duration

The maximum number of connections allowed in the connection pool. Each built HTTP client has its own private connection pool.

int

50

Whether the client should send an HTTP expect-continue handshake before each request.

boolean

true

Whether the idle connections in the connection pool should be closed asynchronously. When enabled, connections left idling for longer than quarkus..sync-client.connection-max-idle-time will be closed. This will not close connections currently in use.

boolean

true

boolean

false

The endpoint of the proxy server that the SDK should connect through. Currently, the endpoint is limited to a host and port. Any other URI components will result in an exception being raised.

URI

The username to use when connecting through a proxy.

string

The password to use when connecting through a proxy.

string

For NTLM proxies - the Windows domain name to use when authenticating with the proxy.

string

For NTLM proxies - the Windows workstation name to use when authenticating with the proxy.

string

Whether to attempt to authenticate preemptively against the proxy server using basic authentication.

boolean

The hosts that the client is allowed to access without going through the proxy.

list of string

Netty HTTP transport configurations

Type

Default

The maximum number of allowed concurrent requests. For HTTP/1.1 this is the same as max connections. For HTTP/2 the number of connections that will be used depends on the max streams allowed per connection.

int

50

The maximum number of pending acquires allowed. Once this exceeds, acquire tries will be failed.

int

10000

The amount of time to wait for a read on a socket before an exception is thrown. Specify 0 to disable.

Duration

30S

The amount of time to wait for a write on a socket before an exception is thrown. Specify 0 to disable.

Duration

30S

The amount of time to wait when initially establishing a connection before giving up and timing out.

Duration

10S

The amount of time to wait when acquiring a connection from the pool before giving up and timing out.

Duration

2S

The maximum amount of time that a connection should be allowed to remain open, regardless of usage frequency.

Duration

The maximum amount of time that a connection should be allowed to remain open while idle. Currently has no effect if quarkus..async-client.use-idle-connection-reaper is false.

Duration

60S

Whether the idle connections in the connection pool should be closed. When enabled, connections left idling for longer than quarkus..async-client.connection-max-idle-time will be closed. This will not close connections currently in use.

boolean

true

The HTTP protocol to use.

http1-1, http2

http1-1

The SSL Provider to be used in the Netty client. Default is OPENSSL if available, JDK otherwise.

jdk, openssl, openssl-refcnt

The maximum number of concurrent streams for an HTTP/2 connection. This setting is only respected when the HTTP/2 protocol is used.

long

4294967295

The initial window size for an HTTP/2 stream. This setting is only respected when the HTTP/2 protocol is used.

int

1048576

Sets the period that the Netty client will send PING frames to the remote endpoint to check the health of the connection. To disable this feature, set a duration of 0. This setting is only respected when the HTTP/2 protocol is used.

Duration

5

boolean

false

The endpoint of the proxy server that the SDK should connect through. Currently, the endpoint is limited to a host and port. Any other URI components will result in an exception being raised.

URI

The hosts that the client is allowed to access without going through the proxy.

list of string

TLS managers provider type.

Available providers:

  • none - Use this provider if you don’t want the client to present any certificates to the remote TLS host.

  • system-property - Provider checks the standard javax.net.ssl.keyStore, javax.net.ssl.keyStorePassword, and javax.net.ssl.keyStoreType properties defined by the JSSE.

  • file-store - Provider that loads a the key store from a file.

none, system-property, file-store

system-property

path

Key store type. See the KeyStore section in the https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#KeyStore[Java Cryptography Architecture Standard Algorithm Name Documentation] for information about standard keystore types.

string

string

Enable the custom configuration of the Netty event loop group.

boolean

false

Number of threads to use for the event loop group. If not set, the default Netty thread count is used (which is double the number of available processors unless the io.netty.eventLoopThreads system property is set.

int

The thread name prefix for threads created by this thread factory used by event loop group. The prefix will be appended with a number unique to the thread factory and a number unique to the thread. If not specified it defaults to aws-java-sdk-NettyEventLoop

string

Apache Kafka Client

Type

Default

Whether or not an health check is published in case the smallrye-health extension is present. If you enable the health check, you must specify the kafka.bootstrap.servers property.

boolean

false

Apache Kafka Streams

Type

Default

Whether or not a health check is published in case the smallrye-health extension is present (defaults to true).

boolean

true

A unique identifier for this Kafka Streams application. If not set, defaults to quarkus.application.name.

string

${quarkus.application.name}

A comma-separated list of host:port pairs identifying the Kafka bootstrap server(s)

list of host:port

localhost:9012

A unique identifier of this application instance, typically in the form host:port.

string

A comma-separated list of topic names. The pipeline will only be started once all these topics are present in the Kafka cluster.

list of string

required

The schema registry key. e.g. to diff between different registry impls / instances as they have this registry url under different property key. Red Hat / Apicurio - apicurio.registry.url Confluent - schema.registry.url

string

schema.registry.url

string

string

JAAS login context parameters for SASL connections in the format used by JAAS configuration files

string

The fully qualified name of a SASL client callback handler class

string

The fully qualified name of a SASL login callback handler class

string

The fully qualified name of a class that implements the Login interface

string

The Kerberos principal name that Kafka runs as

string

Kerberos kinit command path

string

Login thread will sleep until the specified window factor of time from last refresh

double

Percentage of random jitter added to the renewal time

double

Percentage of random jitter added to the renewal time

long

Login refresh thread will sleep until the specified window factor relative to the credential’s lifetime has been reached-

double

The maximum amount of random jitter relative to the credential’s lifetime

double

The desired minimum duration for the login refresh thread to wait before refreshing a credential

Duration

The amount of buffer duration before credential expiration to maintain when refreshing a credential

Duration

The SSL protocol used to generate the SSLContext

string

The name of the security provider used for SSL connections

string

A list of cipher suites

string

The list of protocols enabled for SSL connections

string

string

string

string

string

string

string

string

string

string

The algorithm used by key manager factory for SSL connections

string

The algorithm used by trust manager factory for SSL connections

string

The endpoint identification algorithm to validate server hostname using server certificate

string

https

The SecureRandom PRNG implementation to use for SSL cryptography operations

string

Apache Tika

Type

Default

The resource path within the application artifact to the tika-config.xml file.

string

Comma separated list of the parsers which must be supported. Most of the document formats recognized by Apache Tika are supported by default but it affects the application memory and native executable sizes. One can list only the required parsers in tika-config.xml to minimize a number of parsers loaded into the memory, but using this property is recommended to achieve both optimizations. Either the abbreviated or full parser class names can be used. Only PDF and OpenDocument format parsers can be listed using the reserved 'pdf' and 'odf' abbreviations. Custom class name abbreviations have to be used for all other parsers. For example: // Only PDF parser is required: quarkus.tika.parsers = pdf // Only PDF and OpenDocument parsers are required: quarkus.tika.parsers = pdf,odf This property will have no effect if the `tikaConfigPath' property has been set.

string

Controls how the content of the embedded documents is parsed. By default it is appended to the master document content. Setting this property to false makes the content of each of the embedded documents available separately.

boolean

true

Configuration of the individual parsers. For example: quarkus.tika.parsers = pdf,odf quarkus.tika.parser-options.pdf.sort-by-position = true

Map<String,Map<String,String>>

Full parser class name for a given parser abbreviation. For example: quarkus.tika.parsers = classparser quarkus.tika.parser.classparser = org.apache.tika.parser.asm.ClassParser

Map<String,String>

ArC

Type

Default

  • If set to all (or true) the container will attempt to remove all unused beans.

  • If set to none (or false) no beans will ever be removed even if they are unused (according to the criteria set out below)

  • If set to fwk, then all unused beans will be removed, except the unused beans whose classes are declared in the application code An unused bean:

  • is not a built-in bean or interceptor,

  • is not eligible for injection to any injection point,

  • is not excluded by any extension,

  • does not have a name,

  • does not declare an observer,

  • does not declare any producer which is eligible for injection to any injection point,

  • is not directly eligible for injection into any javax.enterprise.inject.Instance injection point

string

all

If set to true @Inject is automatically added to all non-static fields that are annotated with one of the annotations defined by AutoInjectAnnotationBuildItem.

boolean

true

If set to true, the bytecode of unproxyable beans will be transformed. This ensures that a proxy/subclass can be created properly. If the value is set to false, then an exception is thrown at build time indicating that a subclass/proxy could not be created. Quarkus performs the following transformations when this setting is enabled: - Remove 'final' modifier from classes and methods when a proxy is required. - Create a no-args constructor if needed. - Makes private no-args constructors package-private if necessary.

boolean

true

The default naming strategy for ConfigProperties.NamingStrategy. The allowed values are determined by that enum

from-config, verbatim, kebab-case

kebab-case

The list of selected alternatives for an application. An element value can be: - a fully qualified class name, i.e. org.acme.Foo - a simple class name as defined by Class#getSimpleName(), i.e. Foo - a package name with suffix .*, i.e. org.acme.*, matches a package - a package name with suffix .**, i.e. org.acme.**, matches a package that starts with the value Each element value is used to match an alternative bean class, an alternative stereotype annotation type or a bean class that declares an alternative producer. If any value matches then the priority of Integer#MAX_VALUE is used for the relevant bean. The priority declared via javax.annotation.Priority or io.quarkus.arc.AlternativePriority is overriden.

list of string

If set to true then javax.enterprise.inject.Produces is automatically added to all methods that are annotated with a scope annotation, a stereotype or a qualifier, and are not annotated with Inject or Produces, and no parameter is annotated with Disposes, Observes or ObservesAsync.

boolean

true

The list of types that should be excluded from discovery. An element value can be: - a fully qualified class name, i.e. org.acme.Foo - a simple class name as defined by Class#getSimpleName(), i.e. Foo - a package name with suffix .*, i.e. org.acme.*, matches a package - a package name with suffix .**, i.e. org.acme.**, matches a package that starts with the value If any element value matches a discovered type then the type is excluded from discovery, i.e. no beans and observer methods are created from this type.

list of string

List of types that should be considered unremovable regardless of whether they are directly used or not. This is a configuration option equivalent to using io.quarkus.arc.Unremovable annotation. An element value can be: - a fully qualified class name, i.e. org.acme.Foo - a simple class name as defined by Class#getSimpleName(), i.e. Foo - a package name with suffix .*, i.e. org.acme.*, matches a package - a package name with suffix .**, i.e. org.acme.**, matches a package that starts with the value If any element value matches a discovered bean, then such a bean is considered unremovable.

list of string

Artifacts that should be excluded from discovery

Type

Default

string

required

The maven artifactId of the artifact.

string

required

The maven classifier of the artifact.

string

Artemis Core

Type

Default

Whether or not an health check is published in case the smallrye-health extension is present

boolean

true

Artemis connection url

string

required

Username for authentication, only used with JMS

string

Password for authentication, only used with JMS

string

Cache

Type

Default

Whether or not the cache extension is enabled. If the extension is disabled, the caching annotations will have no effect at run time.

boolean

true

Cache type.

string

caffeine

Minimum total size for the internal data structures. Providing a large enough estimate at construction time avoids the need for expensive resizing operations later, but setting this value unnecessarily high wastes memory.

int

Maximum number of entries the cache may contain. Note that the cache may evict an entry before this limit is exceeded or temporarily exceed the threshold while evicting. As the cache size grows close to the maximum, the cache evicts entries that are less likely to be used again. For example, the cache may evict an entry because it hasn’t been used recently or very often.

long

Specifies that each entry should be automatically removed from the cache once a fixed duration has elapsed after the entry’s creation, or the most recent replacement of its value.

Duration

Specifies that each entry should be automatically removed from the cache once a fixed duration has elapsed after the entry’s creation, the most recent replacement of its value, or its last read.

Duration

Consul Config

Type

Default

If set to true, the application will attempt to look up the configuration from Consul

boolean

false

host:port

localhost:8500

Whether or not to use HTTPS when communicating with the agent

boolean

false

Consul token to be provided when authentication is enabled

string

TrustStore to be used containing the SSL certificate used by Consul agent Can be either a classpath resource or a file system path

path

Password of TrustStore to be used containing the SSL certificate used by Consul agent

string

KeyStore to be used containing the SSL certificate for authentication with Consul agent Can be either a classpath resource or a file system path

path

Password of KeyStore to be used containing the SSL certificate for authentication with Consul agent

string

Password to recover key from KeyStore for SSL client authentication with Consul agent If no value is provided, the key-store-password will be used

string

When using HTTPS and no keyStore has been specified, whether or not to trust all certificates

boolean

false

The amount of time to wait when initially establishing a connection before giving up and timing out. Specify 0 to wait indefinitely.

Duration

10S

The amount of time to wait for a read on a socket before an exception is thrown. Specify 0 to wait indefinitely.

Duration

60S

Common prefix that all keys share when looking up the keys from Consul. The prefix is not included in the keys of the user configuration

string

Keys whose value is a raw string. When this is used, the keys that end up in the user configuration are the keys specified her with '/' replaced by '.'

list of string

Keys whose value represents a properties file. When this is used, the keys that end up in the user configuration are the keys of the properties file, not these keys

list of string

If set to true, the application will not start if any of the configured config sources cannot be located

boolean

true

Container Image Docker

Type

Default

Path to the the JVM Dockerfile. If not set ${project.root}/src/main/docker/Dockerfile.jvm will be used If set to an absolute path then the absolute path will be used, otherwise the path will be considered relative to the project root

string

Path to the the JVM Dockerfile. If not set ${project.root}/src/main/docker/Dockerfile.native will be used If set to an absolute path then the absolute path will be used, otherwise the path will be considered relative to the project root

string

Images to consider as cache sources. Values are passed to docker build via the cache-from option

list of string

Build args passed to docker via --build-arg

Map<String,String>

Container Image Jib

Type

Default

The base image to be used when a container image is being produced for the jar build

string

fabric8/java-alpine-openjdk11-jre

The base image to be used when a container image is being produced for the native binary build

string

registry.access.redhat.com/ubi8/ubi-minimal

Additional JVM arguments to pass to the JVM when starting the application

list of string

-Djava.util.logging.manager=org.jboss.logmanager.LogManager

Additional arguments to pass when starting the native application

list of string

If this is set, then it will be used as the entry point of the container image. There are a few things to be aware of when creating an entry point - A valid entrypoint is jar package specific (see quarkus.package.type) - A valid entrypoint depends on the location of both the launching scripts and the application jar file. To that end it’s helpful to remember that when fast-jar packaging is used, all necessary application jars are added to the /work directory and that the same directory is also used as the working directory. When legacy or uber-jar are used, the application jars are unpacked under the /app directory and that directory is used as the working directory. - Even if the jvmArguments field is set, it is ignored completely When this is not set, a proper default entrypoint will be constructed. As a final note, a very useful tool for inspecting container image layers that can greatly aid when debugging problems with endpoints is dive

list of string

If this is set, then it will be used as the entry point of the container image. There are a few things to be aware of when creating an entry point - A valid entrypoint depends on the location of both the launching scripts and the native binary file. To that end it’s helpful to remember that the native application is added to the /work directory and that and the same directory is also used as the working directory - Even if the nativeArguments field is set, it is ignored completely When this is not set, a proper default entrypoint will be constructed. As a final note, a very useful tool for inspecting container image layers that can greatly aid when debugging problems with endpoints is dive

list of string

The username to use to authenticate with the registry used to pull the base JVM image

string

The password to use to authenticate with the registry used to pull the base JVM image

string

Environment variables to add to the container image

Map<String,String>

Custom labels to add to the generated image

Map<String,String>

Container Image S2I

Type

Default

The base image to be used when a container image is being produced for the jar build

string

registry.access.redhat.com/ubi8/openjdk-11

The base image to be used when a container image is being produced for the native binary build

string

quay.io/quarkus/ubi-quarkus-native-binary-s2i:1.0

Additional JVM arguments to pass to the JVM when starting the application

list of string

-Djava.util.logging.manager=org.jboss.logmanager.LogManager

Additional arguments to pass when starting the native application

list of string

The directory where the jar is added during the assemble phase. This is dependent on the S2I image and should be supplied if a non default image is used.

string

/deployments/

The resulting filename of the jar in the S2I image. This option may be used if the selected S2I image uses a fixed name for the jar.

string

The directory where the native binary is added during the assemble phase. This is dependent on the S2I image and should be supplied if a non-default image is used.

string

/home/quarkus/

The resulting filename of the native binary in the S2I image. This option may be used if the selected S2I image uses a fixed name for the native binary.

string

The build timeout.

Duration

PT5M

Datasource configuration

Type

Default

The kind of database we will connect to (e.g. h2, postgresql…​).

string

Whether or not an health check is published in case the smallrye-health extension is present. This is a global setting and is not specific to a datasource.

boolean

true

Whether or not datasource metrics are published in case the smallrye-metrics extension is present. This is a global setting and is not specific to a datasource. NOTE: This is different from the "jdbc.enable-metrics" property that needs to be set on the JDBC datasource level to enable collection of metrics for that datasource.

boolean

false

int

20

The datasource username

string

The datasource password

string

The credentials provider name

string

The credentials provider bean name. It is the &#64;Named value of the credentials provider bean. It is used to discriminate if multiple CredentialsProvider beans are available. For Vault it is: vault-credentials-provider. Not necessary if there is only one credentials provider available.

string

Additional named datasources

Type

Default

The kind of database we will connect to (e.g. h2, postgresql…​).

string

int

20

string

string

string

The credentials provider bean name. It is the &#64;Named value of the credentials provider bean. It is used to discriminate if multiple CredentialsProvider beans are available. For Vault it is: vault-credentials-provider. Not necessary if there is only one credentials provider available.

string

Eclipse Vert.x - Core

Type

Default

Enables or disables the Vert.x cache.

boolean

true

Enables or disabled the Vert.x classpath resource resolver.

boolean

true

The number of event loops. 2 x the number of core by default.

int

The maximum amount of time the event loop can be blocked.

Duration

2S

The amount of time before a warning is displayed if the event loop is blocked.

Duration

2S

The size of the worker thread pool.

int

20

The maximum amount of time the worker thread can be blocked.

Duration

60S

The size of the internal thread pool (used for the file system).

int

20

Enables the async DNS resolver.

boolean

false

PEM Key/cert config is disabled by default.

boolean

false

Comma-separated list of the path to the key files (Pem format).

list of string

Comma-separated list of the path to the certificate files (Pem format).

list of string

JKS config is disabled by default.

boolean

false

Path of the key file (JKS format).

string

string

PFX config is disabled by default.

boolean

false

Path to the key file (PFX format).

string

string

PEM Trust config is disabled by default.

boolean

false

Comma-separated list of the trust certificate files (Pem format).

list of string

JKS config is disabled by default.

boolean

false

Path of the key file (JKS format).

string

string

PFX config is disabled by default.

boolean

false

Path to the key file (PFX format).

string

string

int

The client authentication.

string

NONE

Duration

60S

The idle timeout in milliseconds.

Duration

int

The number of reconnection attempts.

int

0

The reconnection interval in milliseconds.

Duration

1S

Whether or not to reuse the address.

boolean

true

Whether or not to reuse the port.

boolean

false

int

int

Enables or Disabled SSL.

boolean

false

Whether or not to keep the TCP connection opened (keep-alive).

boolean

false

Configure the TCP no delay.

boolean

true

Configure the traffic class.

int

Enables or disables the trust all parameter.

boolean

false

string

localhost

int

The public host name.

string

int

Enables or disables the clustering.

boolean

false

Duration

20S

Duration

20S

Enable or disable native transport

boolean

false

Eclipse Vert.x - HTTP

Type

Default

The HTTP root path. All web content will be served relative to this root path.

string

/

If basic auth should be enabled. If both basic and form auth is enabled then basic auth will be enabled in silent mode. If no authentication mechanisms are configured basic auth is the default.

boolean

false

If form authentication is enabled

boolean

false

string

/login.html

string

/error.html

The landing page to redirect to if there is no saved page to redirect back to

string

/index.html

Option to disable redirect to landingPage if there is no saved page to redirect back to. Form Auth POST is followed by redirect to landingPage by default.

boolean

true

The inactivity (idle) timeout When inactivity timeout is reached, cookie is not renewed and a new login is enforced.

Duration

PT30M

How old a cookie can get before it will be replaced with a new cookie with an updated timeout, also referred to as "renewal-timeout". Note that smaller values will result in slightly more server load (as new encrypted cookies will be generated more often), however larger values affect the inactivity timeout as the timeout is set when a cookie is generated. For example if this is set to 10 minutes, and the inactivity timeout is 30m, if a users last request is when the cookie is 9m old then the actual timeout will happen 21m after the last request, as the timeout is only refreshed when a new cookie is generated. In other words no timeout is tracked on the server side; the timestamp is encoded and encrypted in the cookie itself and it is decrypted and parsed with each request.

Duration

PT1M

The cookie that is used to store the persistent session

string

quarkus-credential

The authentication realm

string

Quarkus

If this is true and credentials are present then a user will always be authenticated before the request progresses. If this is false then an attempt will only be made to authenticate the user if a permission check is performed or the current user is required for some other reason.

boolean

true

Configures the engine to require/request client authentication. NONE, REQUEST, REQUIRED

none, request, required

none

If this is true then only a virtual channel will be set up for vertx web. We have this switch for testing purposes.

boolean

false

The HTTP console path. Various debug/development endpoints are deployed under this path.

string

/quarkus

Enable the CORS filter.

boolean

false

The HTTP port

int

8080

The HTTP port used to run tests

int

8081

The HTTP host

string

0.0.0.0

Enable listening to host:port

boolean

true

The HTTPS port

int

8443

The HTTPS port used to run tests

int

8444

If insecure (i.e. http rather than https) requests are allowed. If this is enabled then http works as normal. redirect will still open the http port, but all requests will be redirected to the HTTPS port. disabled will prevent the HTTP port from opening at all.

enabled, redirect, disabled

enabled

If this is true (the default) then HTTP/2 will be enabled. Note that for browsers to be able to use it HTTPS must be enabled, and you must be running on JDK11 or above, as JDK8 does not support ALPN.

boolean

true

Origins allowed for CORS Comma separated list of valid URLs. ex: http://www.quarkus.io,http://localhost:3000 The filter allows any origin if this is not set. default: returns any requested origin as valid

list of string

HTTP methods allowed for CORS Comma separated list of valid methods. ex: GET,PUT,POST The filter allows any method if this is not set. default: returns any requested method as valid

list of HttpMethod

HTTP headers allowed for CORS Comma separated list of valid headers. ex: X-Custom,Content-Disposition The filter allows any header if this is not set. default: returns any requested header as valid

list of string

HTTP headers exposed in CORS Comma separated list of valid headers. ex: X-Custom,Content-Disposition default: empty

list of string

The Access-Control-Max-Age response header value indicating how long the results of a pre-flight request can be cached.

Duration

The Access-Control-Allow-Credentials header is used to tell the browsers to expose the response to front-end JavaScript code when the request’s credentials mode Request.credentials is “include”. The value of this header will default to true if quarkus.http.cors.origins property is set and there is a match with the precise Origin header and that header is not '*'.

boolean

The file path to a server certificate or certificate chain in PEM format.

path

The file path to the corresponding certificate private key file in PEM format.

path

An optional key store which holds the certificate information instead of specifying separate files.

path

An optional parameter to specify type of the key store file. If not given, the type is automatically detected based on the file name.

string

A parameter to specify the password of the key store file. If not given, the default ("password") is used.

string

password

An optional trust store which holds the certificate information of the certificates to trust

path

An optional parameter to specify type of the trust store file. If not given, the type is automatically detected based on the file name.

string

A parameter to specify the password of the trust store file.

string

The cipher suites to use. If none is given, a reasonable default is selected.

list of string

The list of protocols to explicitly enable.

list of string

TLSv1.3,TLSv1.2

The number if IO threads used to perform IO. This will be automatically set to a reasonable value based on the number of CPU cores if it is not provided. If this is set to a higher value than the number of Vert.x event loops then it will be capped at the number of event loops. In general this should be controlled by setting quarkus.vertx.event-loops-pool-size, this setting should only be used if you want to limit the number of HTTP io threads to a smaller number than the total number of IO threads.

int

The maximum length of all headers.

MemorySize

20K

The maximum size of a request body.

MemorySize

10240K

The max HTTP chunk size

MemorySize

8192

The maximum length of the initial line (e.g. "GET / HTTP/1.0").

int

4096

Http connection idle timeout

Duration

30M

Http connection read timeout for blocking IO. This is the maximum amount of time a thread will wait for data, before an IOException will be thrown and the connection closed.

Duration

60S

Whether the files sent using multipart/form-data will be stored locally. If true, they will be stored in quarkus.http.body-handler.uploads-directory and will be made available via io.vertx.ext.web.RoutingContext.fileUploads(). Otherwise, the the files sent using multipart/form-data will not be stored locally, and io.vertx.ext.web.RoutingContext.fileUploads() will always return an empty collection. Note that even with this option being set to false, the multipart/form-data requests will be accepted.

boolean

true

The directory where the files sent using multipart/form-data should be stored. Either an absolute path or a path relative to the current directory of the application process.

string

file-uploads

Whether the form attributes should be added to the request parameters. If true, the form attributes will be added to the request parameters; otherwise the form parameters will not be added to the request parameters

boolean

true

Whether the uploaded files should be removed after serving the request. If true the uploaded files stored in quarkus.http.body-handler.uploads-directory will be removed after handling the request. Otherwise the files will be left there forever.

boolean

false

Whether the body buffer should pre-allocated based on the Content-Length header value. If true the body buffer is pre-allocated according to the size read from the Content-Length header. Otherwise the body buffer is pre-allocated to 1KB, and is resized dynamically

boolean

false

The encryption key that is used to store persistent logins (e.g. for form auth). Logins are stored in a persistent cookie that is encrypted with AES-256 using a key derived from a SHA-256 hash of the key that is provided here. If no key is provided then an in-memory one will be generated, this will change on every restart though so it is not suitable for production environments. This must be more than 16 characters long for security reasons

string

Enable socket reuse port (linux/macOs native transport only)

boolean

false

Enable tcp quick ack (linux native transport only)

boolean

false

Enable tcp cork (linux native transport only)

boolean

false

Enable tcp fast open (linux native transport only)

boolean

false

Path to a unix domain socket

string

/var/run/io.quarkus.app.socket

Enable listening to host:port

boolean

false

If this is true then the request start time will be recorded to enable logging of total request time. This has a small performance penalty, so is disabled by default.

boolean

false

If access logging is enabled. By default this will log via the standard logging facility

boolean

false

The access log pattern: If this is the string 'common', 'combined' or 'long' then this will use one of the specified named formats: - common: %h %l %u %t "%r" %s %b - combined: %h %l %u %t "%r" %s %b "%{i,Referer}" "%{i,User-Agent}" - long: %r %{ALL_REQUEST_HEADERS} Otherwise consult the Quarkus documentation for the full list of variables that can be used.

string

common

If logging should be done to a separate file.

boolean

false

The access log file base name, defaults to 'quarkus' which will give a log file name of 'quarkus.log'.

string

quarkus

The log directory to use when logging access to a file If this is not set then the current working directory is used.

string

string

.log

The log category to use if logging is being done via the standard log mechanism (i.e. if base-file-name is empty).

string

io.quarkus.http.access-log

If the log should be rotated daily

boolean

true

If responses should be compressed. Note that this will attempt to compress all responses, to avoid compressing already compressed content (such as images) you need to set the following header: Content-Encoding: identity Which will tell vert.x not to compress the response.

boolean

false

If this is true then the address, scheme etc will be set from headers forwarded by the proxy server, such as X-Forwarded-For. This should only be set if you are behind a proxy that sets these headers.

boolean

false

If this is true and proxy address forwarding is enabled then the standard Forwarded header will be used, rather than the more common but not standard X-Forwarded-For.

boolean

false

Enable override the received request’s host through a forwarded host header.

boolean

false

Configure the forwarded host header to be used if override enabled.

string

X-Forwarded-Host

Enable prefix the received request’s path with a forwarded prefix header.

boolean

false

Configure the forwarded prefix header to be used if prefixing enabled.

string

X-Forwarded-Prefix

The HTTP policy that this permission set is linked to. There are 3 built in policies: permit, deny and authenticated. Role based policies can be defined, and extensions can add their own policies.

string

required

The methods that this permission set applies to. If this is not set then they apply to all methods. Note that if a request matches any path from any permission set, but does not match the constraint due to the method not being listed then the request will be denied. Method specific permissions take precedence over matches that do not have any methods set. This means that for example if Quarkus is configured to allow GET and POST requests to /admin to and no other permissions are configured PUT requests to /admin will be denied.

list of string

The paths that this permission check applies to. If the path ends in /* then this is treated as a path prefix, otherwise it is treated as an exact match. Matches are done on a length basis, so the most specific path match takes precedence. If multiple permission sets match the same path then explicit methods matches take precedence over over matches without methods set, otherwise the most restrictive permissions are applied.

list of string

The roles that are allowed to access resources protected by this policy

list of string

required

If the cookie pattern is case sensitive

boolean

false

The value to set in the samesite attribute

none, strict, lax

required

Some User Agents break when sent SameSite=None, this will detect them and avoid sending the value

boolean

true

If this is true then the 'secure' attribute will automatically be sent on cookies with a SameSite attribute of None.

boolean

true

Elasticsearch REST client

Type

Default

Whether or not an health check is published in case the smallrye-health extension is present.

boolean

true

The list of hosts of the Elasticsearch servers.

list of host:port

localhost:9200

The protocol to use when contacting Elasticsearch servers. Set to "https" to enable SSL/TLS.

string

http

The username for basic HTTP authentication.

string

The password for basic HTTP authentication.

string

Duration

1S

Duration

30S

The maximum number of connections to all the Elasticsearch servers.

int

20

The maximum number of connections per Elasticsearch server.

int

10

The number of IO thread. By default, this is the number of locally detected processors. Thread counts higher than the number of processors should not be necessary because the I/O threads rely on non-blocking operations, but you may want to use a thread count lower than the number of processors.

int

Defines if automatic discovery is enabled.

boolean

false

Refresh interval of the node list.

Duration

5M

Elytron Security JDBC

Type

Default

string

Quarkus

If the properties store is enabled.

boolean

false

The sql query to find the password

string

string

boolean

false

The index (1 based numbering) of the column containing the clear password

int

1

boolean

false

The index (1 based numbering) of the column containing the password hash

int

0

A string referencing the password hash encoding ("BASE64" or "HEX")

base64, hex

base64

The index (1 based numbering) of the column containing the Bcrypt salt

int

0

A string referencing the salt encoding ("BASE64" or "HEX")

base64, hex

base64

The index (1 based numbering) of the column containing the Bcrypt iteration count

int

0

int

0

string

required

string

string

int

0

string

required

boolean

false

The index (1 based numbering) of the column containing the clear password

int

1

boolean

false

The index (1 based numbering) of the column containing the password hash

int

0

A string referencing the password hash encoding ("BASE64" or "HEX")

base64, hex

base64

The index (1 based numbering) of the column containing the Bcrypt salt

int

0

base64, hex

base64

The index (1 based numbering) of the column containing the Bcrypt iteration count

int

0

Elytron Security LDAP Realm

Type

Default

The option to enable the ldap elytron module

boolean

false

The elytron realm name

string

Quarkus

Provided credentials are verified against ldap?

boolean

true

The url of the ldap server

string

required

The principal: user which is used to connect to ldap server (also named "bindDn")

string

The password which belongs to the principal (also named "bindCredential")

string

The identifier which correlates to the provided user (also named "baseFilter")

string

uid

string

required

string

required

The identifier whom the attribute is mapped to (in Quarkus: "groups", in WildFly this is "Roles")

string

groups

string

required

string

required

Elytron Security OAuth 2.0

Type

Default

Determine if the OAuth2 extension is enabled. Enabled by default if you include the elytron-security-oauth2 dependency, so this would be used to disable it.

boolean

true

The claim that is used in the introspection endpoint response to load the roles.

string

scope

The OAuth2 client id used to validate the token. Mandatory if the extension is enabled.

string

The OAuth2 client secret used to validate the token. Mandatory if the extension is enabled.

string

The OAuth2 introspection endpoint URL used to validate the token and gather the authentication claims. Mandatory if the extension is enabled.

string

The OAuth2 server certificate file. Warning: this is not supported in native mode where the certificate must be included in the truststore used during the native image generation, see Using SSL With Native Executables.

string

Elytron Security Properties File

Type

Default

If the properties are stored in plain text. If this is false (the default) then it is expected that the passwords are of the form HEX( MD5( username ":" realm ":" password ) )

boolean

false

The realm users user1=password\nuser2=password2…​ mapping. See Embedded Users.

Map<String,String>

none

The realm roles user1=role1,role2,…​\nuser2=role1,role2,…​ mapping See Embedded Roles.

Map<String,String>

none

Property Files Realm Configuration

Type

Default

The realm name. This is used when generating a hashed password

string

Quarkus

Determine whether security via the file realm is enabled.

boolean

false

If the properties are stored in plain text. If this is false (the default) then it is expected that the passwords are of the form HEX( MD5( username ":" realm ":" password ) )

boolean

false

Classpath resource name of properties file containing user to password mappings. See Users.properties.

string

users.properties

Classpath resource name of properties file containing user to role mappings. See Roles.properties.

string

roles.properties

Embedded Realm Configuration

Type

Default

The realm name. This is used when generating a hashed password

string

Quarkus

Determine whether security via the embedded realm is enabled.

boolean

false

Flyway

Type

Default

Comma-separated list of locations to scan recursively for migrations. The location type is determined by its prefix. Unprefixed locations or locations starting with classpath: point to a package on the classpath and may contain both SQL and Java-based migrations. Locations starting with filesystem: point to a directory on the filesystem, may only contain SQL migrations and are only scanned recursively down non-hidden directories.

list of string

db/migration

The maximum number of retries when attempting to connect to the database. After each failed attempt, Flyway will wait 1 second before attempting to connect again, up to the maximum number of times specified by connectRetries.

int

Comma-separated case-sensitive list of schemas managed by Flyway. The first schema in the list will be automatically set as the default one during the migration. It will also be the one containing the schema history table.

list of string

The name of Flyway’s schema history table. By default (single-schema mode) the schema history table is placed in the default schema for the connection provided by the datasource. When the flyway.schemas property is set (multi-schema mode), the schema history table is placed in the first schema of the list.

string

The file name prefix for versioned SQL migrations. Versioned SQL migrations have the following file name structure: prefixVERSIONseparatorDESCRIPTIONsuffix , which using the defaults translates to V1.1__My_description.sql

string

The file name prefix for repeatable SQL migrations. Repeatable SQL migrations have the following file name structure: prefixSeparatorDESCRIPTIONsuffix , which using the defaults translates to R__My_description.sql

string

true to execute Flyway clean command automatically when the application starts, false otherwise.

boolean

false

true to execute Flyway automatically when the application starts, false otherwise.

boolean

false

Enable the creation of the history table if it does not exist already.

boolean

false

The initial baseline version.

string

The description to tag an existing schema with when executing baseline.

string

Whether to automatically call validate when performing a migration.

boolean

false

Allows migrations to be run "out of order".

boolean

false

Ignore missing migrations when reading the history table. When set to true any migration present in the history table but absent in the configured locations will be ignored (and logged as a warning), when false (the default) the validation step will fail.

boolean

false

Whether Flyway should attempt to create the schemas specified in the schemas property

boolean

true

Prefix of every placeholder (default: ${ )

string

Suffix of every placeholder (default: } )

string

Comma-separated list of locations to scan recursively for migrations. The location type is determined by its prefix. Unprefixed locations or locations starting with classpath: point to a package on the classpath and may contain both SQL and Java-based migrations. Locations starting with filesystem: point to a directory on the filesystem, may only contain SQL migrations and are only scanned recursively down non-hidden directories.

list of string

db/migration

Sets the placeholders to replace in SQL migration scripts.

Map<String,String>

The maximum number of retries when attempting to connect to the database. After each failed attempt, Flyway will wait 1 second before attempting to connect again, up to the maximum number of times specified by connectRetries.

int

Comma-separated case-sensitive list of schemas managed by Flyway. The first schema in the list will be automatically set as the default one during the migration. It will also be the one containing the schema history table.

list of string

The name of Flyway’s schema history table. By default (single-schema mode) the schema history table is placed in the default schema for the connection provided by the datasource. When the flyway.schemas property is set (multi-schema mode), the schema history table is placed in the first schema of the list.

string

The file name prefix for versioned SQL migrations. Versioned SQL migrations have the following file name structure: prefixVERSIONseparatorDESCRIPTIONsuffix , which using the defaults translates to V1.1__My_description.sql

string

The file name prefix for repeatable SQL migrations. Repeatable SQL migrations have the following file name structure: prefixSeparatorDESCRIPTIONsuffix , which using the defaults translates to R__My_description.sql

string

true to execute Flyway clean command automatically when the application starts, false otherwise.

boolean

false

true to execute Flyway automatically when the application starts, false otherwise.

boolean

false

Enable the creation of the history table if it does not exist already.

boolean

false

string

The description to tag an existing schema with when executing baseline.

string

Whether to automatically call validate when performing a migration.

boolean

false

Allows migrations to be run "out of order".

boolean

false

Ignore missing migrations when reading the history table. When set to true any migration present in the history table but absent in the configured locations will be ignored (and logged as a warning), when false (the default) the validation step will fail.

boolean

false

Sets the placeholders to replace in SQL migration scripts.

Map<String,String>

Whether Flyway should attempt to create the schemas specified in the schemas property

boolean

true

Prefix of every placeholder (default: ${ )

string

Suffix of every placeholder (default: } )

string

Funqy Knative Events Binding

Type

Default

Cloud Event type (ce-type) that triggers this function. Default value is function name. This config item is only required when there is more than one function defined within the deployment. The ce-type is not looked at if there is only one function in the deployment. The message will just be dispatched to that function. This allows you to change the knative trigger binding without having to change the configuration of the quarkus deployment.

string

If function has response output, then what is the Cloud Event type (ce-type)? This will default to {function}.output

string

If function has response output, then what is the Cloud Event source (ce-source)? This will default to the function name

string

Google Cloud Functions

Type

Default

The function name. Function names are specified on function classes using the @javax.inject.Named annotation. If this name is unspecified and there is exactly one unnamed function then this unnamed function will be used. If there is only a single named function and the name is unspecified then the named function will be used. These rules apply for each function implementation (HttpFunction, BackgroundFunction, RawBackgroundFunction).

string

Hibernate Envers

Type

Default

Enable store_data_at_delete feature.

boolean

false

Hibernate ORM

Type

Default

string

list of string

Name of the file containing the SQL statements to execute when Hibernate ORM starts. Its default value differs depending on the Quarkus launch mode:

  • In dev and test modes, it defaults to import.sql. Simply add an import.sql file in the root of your resources directory and it will be picked up without having to set this property. Pass no-file to force Hibernate ORM to ignore the SQL import file.

  • In production mode, it defaults to no-file. It means Hibernate ORM won’t try to execute any SQL import file by default. Pass an explicit value to force Hibernate ORM to execute the SQL import file.

If you need different SQL statements between dev mode, test (@QuarkusTest) and in production, use Quarkus configuration profiles facility.

application.properties
%dev.quarkus.hibernate-orm.sql-load-script = import-dev.sql
%test.quarkus.hibernate-orm.sql-load-script = import-test.sql
%prod.quarkus.hibernate-orm.sql-load-script = no-file

Quarkus supports .sql file with SQL statements or comments spread over multiple lines. Each SQL statement must be terminated by a semicolon.

string

import.sql in DEV, TEST ; no-file otherwise

The size of the batches used when loading entities and collections.

-1 means batch loading is disabled. This is the default.

int

-1

The maximum depth of outer join fetch tree for single-ended associations (one-to-one, many-to-one). A 0 disables default outer join fetching.

int

Pluggable strategy contract for applying physical naming rules for database object names. Class name of the Hibernate PhysicalNamingStrategy implementation

string

Pluggable strategy for applying implicit naming rules when an explicit name is not given. Class name of the Hibernate ImplicitNamingStrategy implementation

string

The default in Quarkus is for 2nd level caching to be enabled, and a good implementation is already integrated for you. Just cherry-pick which entities should be using the cache. Set this to false to disable all 2nd level caches.

boolean

true

Defines the method for multi-tenancy (DATABASE, NONE, SCHEMA). The complete list of allowed values is available in the Hibernate ORM JavaDoc. The type DISCRIMINATOR is currently not supported. The default value is NONE (no multi-tenancy).

string

Defines the name of the datasource to use in case of SCHEMA approach. The datasource of the persistence unit will be used if not set.

string

Whether statistics collection is enabled. If 'metrics.enabled' is true, then the default here is considered true, otherwise the default is false.

boolean

Whether or not metrics are published if a metrics extension is enabled.

boolean

false

Dialect related configuration

Type

Default

Class name of the Hibernate ORM dialect. The complete list of bundled dialects is available in the Hibernate ORM JavaDoc.

Not all the dialects are supported in GraalVM native executables: we currently provide driver extensions for PostgreSQL, MariaDB, Microsoft SQL Server and H2.

string

The storage engine to use when the dialect supports multiple storage engines.

E.g. MyISAM or InnoDB for MySQL.

string

Query related configuration

Type

Default

The maximum size of the query plan cache.

string

Default precedence of null values in ORDER BY clauses.

Valid values are: none, first, last.

string

Database related configuration

Type

Default

Select whether the database schema is generated or not. drop-and-create is awesome in development mode. Accepted values: none, create, drop-and-create, drop, update.

string

none

If Hibernate ORM should create the schemas automatically (for databases supporting them).

boolean

false

Whether we should stop on the first error when applying the schema.

boolean

false

The default catalog to use for the database objects.

string

The default schema to use for the database objects.

string

The charset of the database. Used for DDL generation and also for the SQL import scripts.

Charset

UTF-8

Whether Hibernate should quote all identifiers.

boolean

false

JDBC related configuration

Type

Default

The time zone pushed to the JDBC driver.

string

How many rows are fetched at a time by the JDBC driver.

int

The number of updates (inserts, updates and deletes) that are sent by the JDBC driver at one time for execution.

int

Logging configuration

Type

Default

Show SQL logs and format them nicely. Setting it to true is obviously not recommended in production.

boolean

false

Whether JDBC warnings should be collected and logged.

boolean

depends on dialect

Logs SQL bind parameter. Setting it to true is obviously not recommended in production.

boolean

false

Caching configuration

Type

Default

The maximum time before an object of the cache is considered expired.

Duration

The maximum number of objects kept in memory in the cache.

long

Additional named persistence units

Type

Default

string

list of string

Name of the file containing the SQL statements to execute when Hibernate ORM starts. Its default value differs depending on the Quarkus launch mode:

  • In dev and test modes, it defaults to import.sql. Simply add an import.sql file in the root of your resources directory and it will be picked up without having to set this property. Pass no-file to force Hibernate ORM to ignore the SQL import file.

  • In production mode, it defaults to no-file. It means Hibernate ORM won’t try to execute any SQL import file by default. Pass an explicit value to force Hibernate ORM to execute the SQL import file.

If you need different SQL statements between dev mode, test (@QuarkusTest) and in production, use Quarkus configuration profiles facility.

application.properties
%dev.quarkus.hibernate-orm.sql-load-script = import-dev.sql
%test.quarkus.hibernate-orm.sql-load-script = import-test.sql
%prod.quarkus.hibernate-orm.sql-load-script = no-file

Quarkus supports .sql file with SQL statements or comments spread over multiple lines. Each SQL statement must be terminated by a semicolon.

string

import.sql in DEV, TEST ; no-file otherwise

The size of the batches used when loading entities and collections.

-1 means batch loading is disabled. This is the default.

int

-1

The maximum depth of outer join fetch tree for single-ended associations (one-to-one, many-to-one). A 0 disables default outer join fetching.

int

Pluggable strategy contract for applying physical naming rules for database object names. Class name of the Hibernate PhysicalNamingStrategy implementation

string

Pluggable strategy for applying implicit naming rules when an explicit name is not given. Class name of the Hibernate ImplicitNamingStrategy implementation

string

The default in Quarkus is for 2nd level caching to be enabled, and a good implementation is already integrated for you. Just cherry-pick which entities should be using the cache. Set this to false to disable all 2nd level caches.

boolean

true

Defines the method for multi-tenancy (DATABASE, NONE, SCHEMA). The complete list of allowed values is available in the Hibernate ORM JavaDoc. The type DISCRIMINATOR is currently not supported. The default value is NONE (no multi-tenancy).

string

Defines the name of the datasource to use in case of SCHEMA approach. The datasource of the persistence unit will be used if not set.

string

Dialect related configuration

Type

Default

Class name of the Hibernate ORM dialect. The complete list of bundled dialects is available in the Hibernate ORM JavaDoc.

Not all the dialects are supported in GraalVM native executables: we currently provide driver extensions for PostgreSQL, MariaDB, Microsoft SQL Server and H2.

string

The storage engine to use when the dialect supports multiple storage engines.

E.g. MyISAM or InnoDB for MySQL.

string

Query related configuration

Type

Default

string

Default precedence of null values in ORDER BY clauses.

Valid values are: none, first, last.

string

Database related configuration

Type

Default

Select whether the database schema is generated or not. drop-and-create is awesome in development mode. Accepted values: none, create, drop-and-create, drop, update.

string

none

If Hibernate ORM should create the schemas automatically (for databases supporting them).

boolean

false

Whether we should stop on the first error when applying the schema.

boolean

false

The default catalog to use for the database objects.

string

The default schema to use for the database objects.

string

The charset of the database. Used for DDL generation and also for the SQL import scripts.

Charset

UTF-8

boolean

false

JDBC related configuration

Type

Default

The time zone pushed to the JDBC driver.

string

How many rows are fetched at a time by the JDBC driver.

int

The number of updates (inserts, updates and deletes) that are sent by the JDBC driver at one time for execution.

int

Logging configuration

Type

Default

Show SQL logs and format them nicely. Setting it to true is obviously not recommended in production.

boolean

false

Whether JDBC warnings should be collected and logged.

boolean

depends on dialect

Caching configuration

Type

Default

The maximum time before an object of the cache is considered expired.

Duration

The maximum number of objects kept in memory in the cache.

long

Hibernate Search + Elasticsearch

Type

Default

The class or the name of the bean that should be notified of any failure occurring in a background process (mainly index operations). Must implement org.hibernate.search.engine.reporting.FailureHandler.

class name

The strategy used for index lifecycle.

none, validate, create, create-or-validate, create-or-update, drop-and-create, drop-and-create-and-drop

create-or-validate

The strategy to use when loading entities during the execution of a search query.

skip, persistence-context, persistence-context-then-second-level-cache

skip

The fetch size to use when loading entities during the execution of a search query.

int

100

The synchronization strategy to use when indexing automatically.

Defines how complete indexing should be before resuming the application thread after a database transaction is committed.

Available values:

Strategy

Throughput

Guarantees when the application thread resumes

Changes applied

Changes safe from crash/power loss

Changes visible on search

async

Best

write-sync (default)

Medium

read-sync

Medium to worst

sync

Worst

string

write-sync

Whether to check if dirty properties are relevant to indexing before actually reindexing an entity. When enabled, re-indexing of an entity is skipped if the only changes are on properties that are not used when indexing.

boolean

true

Default backend

Type

Default

The version of Elasticsearch used in the cluster. As the schema is generated without a connection to the server, this item is mandatory. It doesn’t have to be the exact version (it can be 7 or 7.1 for instance) but it has to be sufficiently precise to choose a model dialect (the one used to generate the schema) compatible with the protocol dialect (the one used to communicate with Elasticsearch). There’s no rule of thumb here as it depends on the schema incompatibilities introduced by Elasticsearch versions. In any case, if there is a problem, you will have an error when Hibernate Search tries to connect to the cluster.

ElasticsearchVersion

The class or the name of the bean used to configure full text analysis (e.g. analyzers, normalizers).

class name

The class or the name of the bean used to configure layout (e.g. index names, index aliases).

class name

The list of hosts of the Elasticsearch servers.

list of string

localhost:9200

The protocol to use when contacting Elasticsearch servers. Set to "https" to enable SSL/TLS.

http, https

http

The username used for authentication.

string

The password used for authentication.

string

Duration

3S

The maximum number of connections to all the Elasticsearch servers.

int

20

The maximum number of connections per Elasticsearch server.

int

10

Defines if automatic discovery is enabled.

boolean

false

Duration

10S

The size of the thread pool assigned to the backend. Note that number is per backend, not per index. Adding more indexes will not add more threads. As all operations happening in this thread-pool are non-blocking, raising its size above the number of processor cores available to the JVM will not bring noticeable performance benefit. The only reason to alter this setting would be to reduce the number of threads; for example, in an application with a single index with a single indexing queue, running on a machine with 64 processor cores, you might want to bring down the number of threads. Defaults to the number of processor cores available to the JVM on startup.

int

green, yellow, red

green

How long we should wait for the status before failing the bootstrap.

Duration

10S

The number of indexing queues assigned to each index. Higher values will lead to more connections being used in parallel, which may lead to higher indexing throughput, but incurs a risk of overloading Elasticsearch, i.e. of overflowing its HTTP request buffers and tripping circuit breakers, leading to Elasticsearch giving up on some request and resulting in indexing failures.

int

10

The size of indexing queues. Lower values may lead to lower memory usage, especially if there are many queues, but values that are too low will reduce the likeliness of reaching the max bulk size and increase the likeliness of application threads blocking because the queue is full, which may lead to lower indexing throughput.

int

1000

The maximum size of bulk requests created when processing indexing queues. Higher values will lead to more documents being sent in each HTTP request sent to Elasticsearch, which may lead to higher indexing throughput, but incurs a risk of overloading Elasticsearch, i.e. of overflowing its HTTP request buffers and tripping circuit breakers, leading to Elasticsearch giving up on some request and resulting in indexing failures. Note that raising this number above the queue size has no effect, as bulks cannot include more requests than are contained in the queue.

int

100

green, yellow, red

green

How long we should wait for the status before failing the bootstrap.

Duration

10S

The number of indexing queues assigned to each index. Higher values will lead to more connections being used in parallel, which may lead to higher indexing throughput, but incurs a risk of overloading Elasticsearch, i.e. of overflowing its HTTP request buffers and tripping circuit breakers, leading to Elasticsearch giving up on some request and resulting in indexing failures.

int

10

The size of indexing queues. Lower values may lead to lower memory usage, especially if there are many queues, but values that are too low will reduce the likeliness of reaching the max bulk size and increase the likeliness of application threads blocking because the queue is full, which may lead to lower indexing throughput.

int

1000

The maximum size of bulk requests created when processing indexing queues. Higher values will lead to more documents being sent in each HTTP request sent to Elasticsearch, which may lead to higher indexing throughput, but incurs a risk of overloading Elasticsearch, i.e. of overflowing its HTTP request buffers and tripping circuit breakers, leading to Elasticsearch giving up on some request and resulting in indexing failures. Note that raising this number above the queue size has no effect, as bulks cannot include more requests than are contained in the queue.

int

100

Named backends

Type

Default

The version of Elasticsearch used in the cluster. As the schema is generated without a connection to the server, this item is mandatory. It doesn’t have to be the exact version (it can be 7 or 7.1 for instance) but it has to be sufficiently precise to choose a model dialect (the one used to generate the schema) compatible with the protocol dialect (the one used to communicate with Elasticsearch). There’s no rule of thumb here as it depends on the schema incompatibilities introduced by Elasticsearch versions. In any case, if there is a problem, you will have an error when Hibernate Search tries to connect to the cluster.

ElasticsearchVersion

The class or the name of the bean used to configure full text analysis (e.g. analyzers, normalizers).

class name

The class or the name of the bean used to configure layout (e.g. index names, index aliases).

class name

The list of hosts of the Elasticsearch servers.

list of string

localhost:9200

The protocol to use when contacting Elasticsearch servers. Set to "https" to enable SSL/TLS.

http, https

http

string

string

Duration

3S

The maximum number of connections to all the Elasticsearch servers.

int

20

The maximum number of connections per Elasticsearch server.

int

10

boolean

false

Duration

10S

The size of the thread pool assigned to the backend. Note that number is per backend, not per index. Adding more indexes will not add more threads. As all operations happening in this thread-pool are non-blocking, raising its size above the number of processor cores available to the JVM will not bring noticeable performance benefit. The only reason to alter this setting would be to reduce the number of threads; for example, in an application with a single index with a single indexing queue, running on a machine with 64 processor cores, you might want to bring down the number of threads. Defaults to the number of processor cores available to the JVM on startup.

int

green, yellow, red

green

Duration

10S

The number of indexing queues assigned to each index. Higher values will lead to more connections being used in parallel, which may lead to higher indexing throughput, but incurs a risk of overloading Elasticsearch, i.e. of overflowing its HTTP request buffers and tripping circuit breakers, leading to Elasticsearch giving up on some request and resulting in indexing failures.

int

10

The size of indexing queues. Lower values may lead to lower memory usage, especially if there are many queues, but values that are too low will reduce the likeliness of reaching the max bulk size and increase the likeliness of application threads blocking because the queue is full, which may lead to lower indexing throughput.

int

1000

The maximum size of bulk requests created when processing indexing queues. Higher values will lead to more documents being sent in each HTTP request sent to Elasticsearch, which may lead to higher indexing throughput, but incurs a risk of overloading Elasticsearch, i.e. of overflowing its HTTP request buffers and tripping circuit breakers, leading to Elasticsearch giving up on some request and resulting in indexing failures. Note that raising this number above the queue size has no effect, as bulks cannot include more requests than are contained in the queue.

int

100

green, yellow, red

green

Duration

10S

The number of indexing queues assigned to each index. Higher values will lead to more connections being used in parallel, which may lead to higher indexing throughput, but incurs a risk of overloading Elasticsearch, i.e. of overflowing its HTTP request buffers and tripping circuit breakers, leading to Elasticsearch giving up on some request and resulting in indexing failures.

int

10

The size of indexing queues. Lower values may lead to lower memory usage, especially if there are many queues, but values that are too low will reduce the likeliness of reaching the max bulk size and increase the likeliness of application threads blocking because the queue is full, which may lead to lower indexing throughput.

int

1000

The maximum size of bulk requests created when processing indexing queues. Higher values will lead to more documents being sent in each HTTP request sent to Elasticsearch, which may lead to higher indexing throughput, but incurs a risk of overloading Elasticsearch, i.e. of overflowing its HTTP request buffers and tripping circuit breakers, leading to Elasticsearch giving up on some request and resulting in indexing failures. Note that raising this number above the queue size has no effect, as bulks cannot include more requests than are contained in the queue.

int

100

Hibernate Validator

Type

Default

Enable the fail fast mode. When fail fast is enabled the validation will stop on the first constraint violation detected.

boolean

false

Method validation

Type

Default

Define whether overriding methods that override constraints should throw a ConstraintDefinitionException. The default value is false, i.e. do not allow. See Section 4.5.5 of the JSR 380 specification, specifically "In sub types (be it sub classes/interfaces or interface implementations), no parameter constraints may be declared on overridden or implemented methods, nor may parameters be marked for cascaded validation. This would pose a strengthening of preconditions to be fulfilled by the caller."

boolean

false

Define whether parallel methods that define constraints should throw a ConstraintDefinitionException. The default value is false, i.e. do not allow. See Section 4.5.5 of the JSR 380 specification, specifically "If a sub type overrides/implements a method originally defined in several parallel types of the hierarchy (e.g. two interfaces not extending each other, or a class and an interface not implemented by said class), no parameter constraints may be declared for that method at all nor parameters be marked for cascaded validation. This again is to avoid an unexpected strengthening of preconditions to be fulfilled by the caller."

boolean

false

Define whether more than one constraint on a return value may be marked for cascading validation are allowed. The default value is false, i.e. do not allow. See Section 4.5.5 of the JSR 380 specification, specifically "One must not mark a method return value for cascaded validation more than once in a line of a class hierarchy. In other words, overriding methods on sub types (be it sub classes/interfaces or interface implementations) cannot mark the return value for cascaded validation if the return value has already been marked on the overridden method of the super type or interface."

boolean

false

Infinispan Client

Type

Default

Sets the bounded entry count for near cache. If this value is 0 or less near cache is disabled.

int

0

Sets the host name/port to connect to. Each one is separated by a semicolon (eg. host1:11222;host2:11222).

string

Sets client intelligence used by authentication

string

Enables or disables authentication

string

Sets user name used by authentication

string

Sets password used by authentication

string

Sets realm used by authentication

string

Sets server name used by authentication

string

Sets client subject used by authentication

string

Sets callback handler used by authentication

string

Sets SASL mechanism used by authentication

string

Sets the trust store path

string

Sets the trust store password

string

Sets the trust store type

string

Jaeger

Type

Default

Defines if the Jaeger extension is enabled.

boolean

true

Whether or not metrics are published in case the smallrye-metrics extension is present.

boolean

false

The traces endpoint, in case the client should connect directly to the Collector, like http://jaeger-collector:14268/api/traces

URI

Authentication Token to send as "Bearer" to the endpoint

string

Username to send as part of "Basic" authentication to the endpoint

string

Password to send as part of "Basic" authentication to the endpoint

string

The hostname and port for communicating with agent via UDP

host:port

Whether the reporter should also log the spans

boolean

The reporter’s maximum queue size

int

The reporter’s flush interval

Duration

The sampler type (const, probabilistic, ratelimiting or remote)

string

The sampler parameter (number)

BigDecimal

The host name and port when using the remote controlled sampler

host:port

The service name

string

A comma separated list of name = value tracer level tags, which get added to all reported spans. The value can also refer to an environment variable using the format ${envVarName:default}, where the :default is optional, and identifies a value to be used if the environment variable cannot be found

string

Comma separated list of formats to use for propagating the trace context. Defaults to the standard Jaeger format. Valid values are jaeger and b3

string

The sender factory class name

string

Whether the trace context should be logged.

boolean

true

Keycloak Authorization

Type

Default

Adapters will make separate HTTP invocations to the Keycloak server to turn an access code into an access token. This config option defines how many connections to the Keycloak server should be pooled

int

20

Enables policy enforcement.

boolean

false

Specifies how policies are enforced.

permissive, enforcing, disabled

enforcing

Defines the limit of entries that should be kept in the cache

int

1000

Defines the time in milliseconds when the entry should be expired

long

30000

Specifies how the adapter should fetch the server for resources associated with paths in your application. If true, the policy enforcer is going to fetch resources on-demand accordingly with the path being requested

boolean

true

Specifies how scopes should be mapped to HTTP methods. If set to true, the policy enforcer will use the HTTP method from the current request to check whether or not access should be granted

boolean

false

The name of a resource on the server that is to be associated with a given path

string

A URI relative to the application’s context path that should be protected by the policy enforcer

string

string

required

An array of strings with the scopes associated with the method

list of string

required

A string referencing the enforcement mode for the scopes associated with a method

all, any, disabled

all

permissive, enforcing, disabled

enforcing

Map<String,Map<String,Map<String,String>>>

Map<String,Map<String,String>>

Map<String,Map<String,Map<String,String>>>

Map<String,Map<String,String>>

Kubernetes

Type

Default

The name of the group this component belongs too

string

The name of the application. This value will be used for naming Kubernetes resources like: - Deployment - Service and so on …​

string

${quarkus.container-image.name}

The version of the application.

string

${quarkus.container-image.tag}

The namespace the generated resources should belong to. If not value is set, then the 'namespace' field will not be added to the 'metadata' section of the generated manifests. This in turn means that when the manifests are applied to a cluster, the namespace will be resolved from the current Kubernetes context (see https://kubernetes.io/docs/concepts/configuration/organize-cluster-access-kubeconfig/#context for more details).

string

Whether or not to add the build timestamp to the Kubernetes annotations This is a very useful way to have manifests of successive builds of the same application differ - thus ensuring that Kubernetes will apply the updated resources

boolean

true

Working directory

string

list of string

list of string

The service account

string

The host under which the application is going to be exposed

string

The type of service that will be generated for the application

cluster-ip, node-port, load-balancer, external-name

cluster-ip

always, if-not-present, never

always

The image pull secret

list of string

The http path to use for the probe For this to work, the container port also needs to be set Assuming the container port has been set (as per above comment), if execAction or tcpSocketAction are not set, an http probe will be used automatically even if no path is set (which will result in the root path being used)

string

The command to use for the probe.

string

The tcp socket to use for the probe (the format is host:port).

string

The amount of time to wait before starting to probe.

Duration

0S

The period in which the action should be called.

Duration

30S

The amount of time to wait for each action.

Duration

10S

The success threshold to use.

int

1

The failure threshold to use.

int

3

The http path to use for the probe For this to work, the container port also needs to be set Assuming the container port has been set (as per above comment), if execAction or tcpSocketAction are not set, an http probe will be used automatically even if no path is set (which will result in the root path being used)

string

The command to use for the probe.

string

The tcp socket to use for the probe (the format is host:port).

string

The amount of time to wait before starting to probe.

Duration

0S

The period in which the action should be called.

Duration

30S

The amount of time to wait for each action.

Duration

10S

int

1

int

3

The optional list of Secret names to load environment variables from.

list of string

The optional list of ConfigMap names to load environment variables from.

list of string

Whether or not this service is cluster-local. Cluster local services are not exposed to the outside world.

boolean

false

This value controls the minimum number of replicas each revision should have. Knative will attempt to never have less than this number of replicas at any one point in time.

int

This value controls the maximum number of replicas each revision should have. Knative will attempt to never have more than this number of replicas running, or in the process of being created, at any one point in time.

int

The scale-to-zero values control whether Knative allows revisions to scale down to zero, or stops at “1”.

boolean

true

kpa, hpa

concurrency, rps, cpu

int

int

int

kpa, hpa

int

int

int

Custom labels to add to all resources

Map<String,String>

Custom annotations to add to all resources

Map<String,String>

The port number. Refers to the container port.

int

int

The application path (refers to web application path).

string

/

tcp, udp

tcp

The name of the volumeName to mount.

string

string

Path within the volumeName from which the container’s volumeName should be mounted.

string

boolean

false

string

required

Default mode. When specifying an octal number, leading zero must be present.

string

0600

boolean

false

string

required

Default mode. When specifying an octal number, leading zero must be present.

string

0600

boolean

false

string

required

The directory of the repository to mount.

string

string

string

required

Default mode. When specifying an octal number, leading zero must be present.

string

0600

boolean

false

string

required

int

string

ext4

boolean

false

string

required

string

required

Wether the volumeName is read only or not.

boolean

false

string

required

The URI of the vhd blob object OR the resourceID of an Azure managed data disk if Kind is Managed

string

required

managed, shared

managed

read-write, read-only, none

read-write

string

ext4

Wether the volumeName is read only or not.

boolean

false

string

string

list of string

list of string

string

The host under which the application is going to be exposed.

string

int

int

The application path (refers to web application path).

string

/

tcp, udp

tcp

always, if-not-present, never

always

list of string

string

string

Path within the volumeName from which the container’s volumeName should be mounted.

string

boolean

false

The optional list of Secret names to load environment variables from.

list of string

The optional list of ConfigMap names to load environment variables from.

list of string

The map associating environment variable names to their associated field references they take their value from.

Map<String,String>

The map associating environment name to its associated value.

Map<String,String>

The optional name of the Secret from which a value is to be extracted. Mutually exclusive with from-configmap.

string

The optional name of the ConfigMap from which a value is to be extracted. Mutually exclusive with from-secret.

string

The key identifying the field from which the value is extracted.

string

required

string

string

list of string

list of string

string

The host under which the application is going to be exposed.

string

The port number. Refers to the container port.

int

int

The application path (refers to web application path).

string

/

tcp, udp

tcp

always, if-not-present, never

always

list of string

string

string

Path within the volumeName from which the container’s volumeName should be mounted.

string

boolean

false

The optional list of Secret names to load environment variables from.

list of string

The optional list of ConfigMap names to load environment variables from.

list of string

The map associating environment variable names to their associated field references they take their value from.

Map<String,String>

The map associating environment name to its associated value.

Map<String,String>

The optional name of the Secret from which a value is to be extracted. Mutually exclusive with from-configmap.

string

The optional name of the ConfigMap from which a value is to be extracted. Mutually exclusive with from-secret.

string

The key identifying the field from which the value is extracted.

string

required

The map associating environment variable names to their associated field references they take their value from.

Map<String,String>

The map associating environment name to its associated value.

Map<String,String>

The optional name of the Secret from which a value is to be extracted. Mutually exclusive with from-configmap.

string

The optional name of the ConfigMap from which a value is to be extracted. Mutually exclusive with from-secret.

string

The key identifying the field from which the value is extracted.

string

required

The name of the group this component belongs too

string

The name of the application. This value will be used for naming Kubernetes resources like: - Deployment - Service and so on …​

string

${quarkus.container-image.name}

The version of the application.

string

${quarkus.container-image.tag}

The namespace the generated resources should belong to. If not value is set, then the 'namespace' field will not be added to the 'metadata' section of the generated manifests. This in turn means that when the manifests are applied to a cluster, the namespace will be resolved from the current Kubernetes context (see https://kubernetes.io/docs/concepts/configuration/organize-cluster-access-kubeconfig/#context for more details).

string

Whether or not to add the build timestamp to the Kubernetes annotations This is a very useful way to have manifests of successive builds of the same application differ - thus ensuring that Kubernetes will apply the updated resources

boolean

true

Working directory

string

list of string

list of string

string

The host under which the application is going to be exposed

string

The number of desired pods

int

1

The type of service that will be generated for the application

cluster-ip, node-port, load-balancer, external-name

cluster-ip

The nodePort to set when serviceType is set to node-port.

int

always, if-not-present, never

always

list of string

The http path to use for the probe For this to work, the container port also needs to be set Assuming the container port has been set (as per above comment), if execAction or tcpSocketAction are not set, an http probe will be used automatically even if no path is set (which will result in the root path being used)

string

The command to use for the probe.

string

The tcp socket to use for the probe (the format is host:port).

string

The amount of time to wait before starting to probe.

Duration

0S

The period in which the action should be called.

Duration

30S

The amount of time to wait for each action.

Duration

10S

int

1

int

3

The http path to use for the probe For this to work, the container port also needs to be set Assuming the container port has been set (as per above comment), if execAction or tcpSocketAction are not set, an http probe will be used automatically even if no path is set (which will result in the root path being used)

string

The command to use for the probe.

string

The tcp socket to use for the probe (the format is host:port).

string

The amount of time to wait before starting to probe.

Duration

0S

The period in which the action should be called.

Duration

30S

The amount of time to wait for each action.

Duration

10S

int

1

int

3

The target deployment platform. Defaults to kubernetes. Can be kubernetes, openshift, knative, minikube etc, or any combination of the above as comma separated list.

list of string

If true, a Kubernetes Ingress will be created

boolean

false

The optional list of Secret names to load environment variables from.

list of string

The optional list of ConfigMap names to load environment variables from.

list of string

Custom labels to add to all resources

Map<String,String>

Custom annotations to add to all resources

Map<String,String>

The port number. Refers to the container port.

int

int

The application path (refers to web application path).

string

/

tcp, udp

tcp

The name of the volumeName to mount.

string

string

Path within the volumeName from which the container’s volumeName should be mounted.

string

boolean

false

string

required

Default mode. When specifying an octal number, leading zero must be present.

string

0600

boolean

false

string

required

Default mode. When specifying an octal number, leading zero must be present.

string

0600

boolean

false

string

required

The directory of the repository to mount.

string

string

string

required

Default mode. When specifying an octal number, leading zero must be present.

string

0600

boolean

false

string

required

int

string

ext4

boolean

false

string

required

string

required

boolean

false

string

required

The URI of the vhd blob object OR the resourceID of an Azure managed data disk if Kind is Managed

string

required

managed, shared

managed

read-write, read-only, none

read-write

string

ext4

boolean

false

string

string

list of string

list of string

string

The host under which the application is going to be exposed.

string

int

int

The application path (refers to web application path).

string

/

tcp, udp

tcp

always, if-not-present, never

always

list of string

string

string

Path within the volumeName from which the container’s volumeName should be mounted.

string

boolean

false

The optional list of Secret names to load environment variables from.

list of string

The optional list of ConfigMap names to load environment variables from.

list of string

The map associating environment variable names to their associated field references they take their value from.

Map<String,String>

The map associating environment name to its associated value.

Map<String,String>

The optional name of the Secret from which a value is to be extracted. Mutually exclusive with from-configmap.

string

The optional name of the ConfigMap from which a value is to be extracted. Mutually exclusive with from-secret.

string

The key identifying the field from which the value is extracted.

string

required

string

string

list of string

list of string

string

The host under which the application is going to be exposed.

string

The port number. Refers to the container port.

int

int

The application path (refers to web application path).

string

/

tcp, udp

tcp

always, if-not-present, never

always

list of string

string

string

Path within the volumeName from which the container’s volumeName should be mounted.

string

boolean

false

The optional list of Secret names to load environment variables from.

list of string