Contents x
      Runtime Service Configuration
      • 26 Feb 2025
      • 3 Minutes to read
      • Print
      • Dark
        Light
      • PDF
      Contents

      Runtime Service Configuration

      • Updated on 26 Feb 2025
      • 3 Minutes to read
      • Print
      • Dark
        Light
      • PDF
      Article summary

      About Runtime Service Configuration

      The PlainID PDP (Runtime service) has a large configuration file that enables fine-tuning and control over various service parameters. While service parameter default values typically suffice, certain scenarios may require adjustments to optimize the PDP's behavior for your organization's specific needs.

      Although you can directly edit the JSON configuration file in a Standalone PAA deployment or inject a full configuration map in a Kubernetes (K8s) PAA deployment, maintaining updated keys is simpler using Environment Variables. The Runtime service supports a naming convention for ENV_VARs that allows you to adjust any configuration key as needed in the Runtime extraEnv section in the values.yaml. Ensure that you add the values you want to adjust in the values-custom.yaml.

      Environment Variables following the naming convention outlined below automatically load and override the default values of configuration keys.

      Environment Variables Naming Convention

      Environment Variable Prefix

      All Runtime configuration keys begin with the predefined prefix RTCONF_

      Hierarchy Naming Syntax

      After the prefix, the Environment Variable name reflects the hierarchical structure of the configuration file, using a double underscore (__) as a separator between hierarchy levels.
      This same double underscore (__) is also used to denote array indices for configuration keys that are defined as arrays.

      Note: A single underscore(_) is used as a word separator within the ENV_VAR name.

      Examples

      The following table demonstrates the naming convention and hierarchical structure for ENV_VARs.

      Config KeyThe config key full JSON PathENV_VAR
      refreshAssetTemplates (root)$.refreshAssetTemplatesRTCONF_REFRESH_ASSET_TEMPLATES
      isSysLogEnable (audit)$.audit.isSysLogEnableRTCONF_AUDIT__IS_SYSLOG_ENABLE
      isHttps (ssl)$.ssl.isHttpsRTCONF_SSL__IS_HTTPS
      type (asset provider)$.assetProvider.connection.typeRTCONF_ASSET_PROVIDER__0__CONNECTION__TYPE

      Logging

      Loading Environment Variables and overriding configuration keys are logged in the Runtime service logs to facilitate troubleshooting.
      Any configuration key replaced by a value defined with an Environment Variable according to this hierarchical structure is logged at the Info level with message in this structure: config.json key <key-name> was overridden by <env-var-name> environment variable.
      Additional logging may also be present in cases of error handling and validation of the Environment Variables naming syntax.

      List of Runtime Configuration Keys

      The table below highlights common Runtime service configuration keys that are relevant for fine-tuning. For additional guidance on configuration, consult the PlainID Professional Services team.

      Config KeyJSON PathDefaultENV_VAR
      Service Port$.httpPort8010RTCONF_HTTP_PORT
      Inject request ID into PIP SQL$.useIdentityPipSqlTraceabilitytrueRTCONF_USE_IDENTITY_PIP_SQL_TRACEABILITY
      Max connection pool size for PIP Assets connectivity$.assetProviders[0].connection.jdbcMaxPoolSize20RTCONF_ASSET_PROVIDER__0__CONNECTION__JDBC_MAX_POOL_SIZE
      Min connection pool size for PIP Assets connectivity$.assetProviders[0].connection.jdbcMinPoolSize5RTCONF_ASSET_PROVIDER__0__CONNECTION__JDBC_MIN_POOL_SIZE
      PIP Assets query timeout$.assetProviders[0].connection.queryTimeoutInSeconds25RTCONF_ASSET_PROVIDER__0__CONNECTION__QUERY_TIMOUT_IN_SECONDS
      Number of Asset provider instances$.assetProviders[0].count20RTCONF_ASSET_PROVIDER__0__COUNT
      Number of parallel thread workers for Asset providers$.assetProviders[0].workerPool20RTCONF_ASSET_PROVIDER__0__WORKER_POOL
      Enable auditing with a database$.audit.isDataBaseEnablefalseRTCONF_AUDIT__IS_DATABASE_ENABLE

      Note: The above Asset provider examples can also apply to identities. Replace ..ASSET_PROVIDER.. with ..ENTITY_PROVIDER...
      Database driver for audit database$.audit.connection.driverNameRTCONF_AUDIT__CONNECTION_DRIVER_NAME
      Audit database host URL$.audit.connection.urlRTCONF_AUDIT__CONNECTION_URL
      Audit database user$.audit.connection.userRTCONF_AUDIT__CONNECTION_USER
      Audit database user password$.audit.connection.passwordRTCONF_AUDIT__CONNECTION_PASSWORD

      Note: If using a Secrets Manager integration you can utilize a password from a secret store. Specifically for AWS RDS DB, you can utilize RDS signed connection tokens by adding this Environment Variable like this:
      |-
        {{store=AWS_RDS_IAM_AUTH_STORE,key=test_user@shared-partner-mgmt-dev.cluster-g6wgs3hs1zff.eu-east-2.rds.amazonaws.com:5432/eu-east-2}}
      For more information, refer to our Secret Management Configuration article      .
      Maximum number of Identities retrieved per Source in User List$.identityAgentLimit1000RTCONF_IDENTITY_AGENT_LIMIT
      Metrics data refresh interval$.runtimeRefreshSnapshot60000msRTCONF_RUNTIME_REFRESH_SNAPSHOT

      Optimizing PDP Performance with Redis Caching

      To enhance performance, the Runtime service supports caching policy decision requests and responses using Redis. Caching reduces redundant policy evaluations and accelerates response times. You can configure specific environment variables to fine-tune cache behavior, reducing redundant policy evaluations and improving response times..

      Configuration KeyDefault ValueDescription
      SHOULD_READ_FROM_CACHE_BEFORE_DBfalseDetermines whether the PDP consumes the prefetched Policy and other metadata from the service cache or from the Redis storage. Setting the value to false keeps the current behavior and setting it to true uses more prefetched data, reducing the Redis communication.
      SCOPE_SETTINGS_COOLDOWN_SECONDS60Determines the refresh interval in seconds, in which PDP refetches updated data from Redis.
      Was this article helpful?
      What's Next