Runtime Service Configuration
    • 26 Feb 2025
    • 3 Minutes to read
    • Dark
      Light
    • PDF

    Runtime Service Configuration

    • Dark
      Light
    • PDF

    Article summary

    About Runtime Service Configuration

    The PlainID PDP (Runtime service) has a large configuration file that enables fine-tuning and control over various service parameters. While service parameter default values typically suffice, certain scenarios may require adjustments to optimize the PDP's behavior for your organization's specific needs.

    Although you can directly edit the JSON configuration file in a Standalone PAA deployment or inject a full configuration map in a Kubernetes (K8s) PAA deployment, maintaining updated keys is simpler using Environment Variables. The Runtime service supports a naming convention for ENV_VARs that allows you to adjust any configuration key as needed in the Runtime extraEnv section in the values.yaml. Ensure that you add the values you want to adjust in the values-custom.yaml.

    Environment Variables following the naming convention outlined below automatically load and override the default values of configuration keys.

    Environment Variables Naming Convention

    Environment Variable Prefix

    All Runtime configuration keys begin with the predefined prefix RTCONF_

    Hierarchy Naming Syntax

    After the prefix, the Environment Variable name reflects the hierarchical structure of the configuration file, using a double underscore (__) as a separator between hierarchy levels.
    This same double underscore (__) is also used to denote array indices for configuration keys that are defined as arrays.

    Note: A single underscore(_) is used as a word separator within the ENV_VAR name.

    Examples

    The following table demonstrates the naming convention and hierarchical structure for ENV_VARs.

    Config KeyThe config key full JSON PathENV_VAR
    refreshAssetTemplates (root)$.refreshAssetTemplatesRTCONF_REFRESH_ASSET_TEMPLATES
    isSysLogEnable (audit)$.audit.isSysLogEnableRTCONF_AUDIT__IS_SYSLOG_ENABLE
    isHttps (ssl)$.ssl.isHttpsRTCONF_SSL__IS_HTTPS
    type (asset provider)$.assetProvider.connection.typeRTCONF_ASSET_PROVIDER__0__CONNECTION__TYPE

    Logging

    Loading Environment Variables and overriding configuration keys are logged in the Runtime service logs to facilitate troubleshooting.
    Any configuration key replaced by a value defined with an Environment Variable according to this hierarchical structure is logged at the Info level with message in this structure: config.json key <key-name> was overridden by <env-var-name> environment variable.
    Additional logging may also be present in cases of error handling and validation of the Environment Variables naming syntax.

    List of Runtime Configuration Keys

    The table below highlights common Runtime service configuration keys that are relevant for fine-tuning. For additional guidance on configuration, consult the PlainID Professional Services team.

    Config KeyJSON PathDefaultENV_VAR
    Service Port$.httpPort8010RTCONF_HTTP_PORT
    Inject request ID into PIP SQL$.useIdentityPipSqlTraceabilitytrueRTCONF_USE_IDENTITY_PIP_SQL_TRACEABILITY
    Max connection pool size for PIP Assets connectivity$.assetProviders[0].connection.jdbcMaxPoolSize20RTCONF_ASSET_PROVIDER__0__CONNECTION__JDBC_MAX_POOL_SIZE
    Min connection pool size for PIP Assets connectivity$.assetProviders[0].connection.jdbcMinPoolSize5RTCONF_ASSET_PROVIDER__0__CONNECTION__JDBC_MIN_POOL_SIZE
    PIP Assets query timeout$.assetProviders[0].connection.queryTimeoutInSeconds25RTCONF_ASSET_PROVIDER__0__CONNECTION__QUERY_TIMOUT_IN_SECONDS
    Number of Asset provider instances$.assetProviders[0].count20RTCONF_ASSET_PROVIDER__0__COUNT
    Number of parallel thread workers for Asset providers$.assetProviders[0].workerPool20RTCONF_ASSET_PROVIDER__0__WORKER_POOL
    Enable auditing with a database$.audit.isDataBaseEnablefalseRTCONF_AUDIT__IS_DATABASE_ENABLE

    Note: The above Asset provider examples can also apply to identities. Replace ..ASSET_PROVIDER.. with ..ENTITY_PROVIDER...
    Database driver for audit database$.audit.connection.driverNameRTCONF_AUDIT__CONNECTION_DRIVER_NAME
    Audit database host URL$.audit.connection.urlRTCONF_AUDIT__CONNECTION_URL
    Audit database user$.audit.connection.userRTCONF_AUDIT__CONNECTION_USER
    Audit database user password$.audit.connection.passwordRTCONF_AUDIT__CONNECTION_PASSWORD

    Note: If using a Secrets Manager integration you can utilize a password from a secret store. Specifically for AWS RDS DB, you can utilize RDS signed connection tokens by adding this Environment Variable like this:
    |-
      {{store=AWS_RDS_IAM_AUTH_STORE,key=test_user@shared-partner-mgmt-dev.cluster-g6wgs3hs1zff.eu-east-2.rds.amazonaws.com:5432/eu-east-2}}
    For more information, refer to our Secret Management Configuration article
    .
    Maximum number of Identities retrieved per Source in User List$.identityAgentLimit1000RTCONF_IDENTITY_AGENT_LIMIT
    Metrics data refresh interval$.runtimeRefreshSnapshot60000msRTCONF_RUNTIME_REFRESH_SNAPSHOT

    Optimizing PDP Performance with Redis Caching

    To enhance performance, the Runtime service supports caching policy decision requests and responses using Redis. Caching reduces redundant policy evaluations and accelerates response times. You can configure specific environment variables to fine-tune cache behavior, reducing redundant policy evaluations and improving response times..

    Configuration KeyDefault ValueDescription
    SHOULD_READ_FROM_CACHE_BEFORE_DBfalseDetermines whether the PDP consumes the prefetched Policy and other metadata from the service cache or from the Redis storage. Setting the value to false keeps the current behavior and setting it to true uses more prefetched data, reducing the Redis communication.
    SCOPE_SETTINGS_COOLDOWN_SECONDS60Determines the refresh interval in seconds, in which PDP refetches updated data from Redis.

    Was this article helpful?