Configuration Settings

Configuration settings can be modified at runtime by using the CLI or by using API calls. Configuration settings are applied globally, meaning they apply for all users of DevOps Secrets Safe.

List All Configuration Settings

ssrun setting get

Outputs a list of configured settings in JSON format.

 

{
	"Server:Limits:MaxRequestBodySize": 10000,
	"Jwt:AccessTokenTimeToLiveSeconds": 3600,
	"Jwt:RefreshTokenTimeToLiveSeconds": 2592000,
	"JwtConfigs:Local:ClockSkewSeconds": "300"
}

List One Configuration Setting

ssrun setting get -n <setting-name>

Outputs the value of an individual setting.

 

Server:Limits:MaxRequestBodySize = 10000			

Delete a Configuration Setting

ssrun setting delete -n <setting-name>

Deletes the setting with the specified name.

Create a Configuration Setting

ssrun setting create -n <setting-name> -v <setting-value>

Creates a configuration setting using the values specified on the command line.

Update a Configuration Setting

ssrun setting update -n <setting-name> -v <setting-value>

Updates a configuration setting that already exists, using the values specified on the command line.

Delegate Permissions for Configuration Settings

ssrun authorization create -p principal/internal/user/<User> -o create -a allow system/settings/

Grants permission to create configuration settings for a user that does not have root user permissions. Permissions to read, update, and delete can also be granted.

Current Configuration Settings

Server:Limits:MaxRequestBodySize

The maximum body size (in bytes) for a request. This setting is applied to the gateway service and will reject requests with larger than configured message body size. The default is 1048576 bytes.

Jwt:AccessTokenTimeToLiveSeconds

Used to set the access token time to live (in seconds). The minimum value is 10 seconds. The default is 3600 seconds.

Jwt:RefreshTokenTimeToLiveSeconds

Used to set the refresh token time to live (in seconds). The minimum value is 0 seconds. The default is 2592000 seconds.

JwtConfigs:Local:ClockSkewSeconds

Used to set the access token time to live skew (in seconds). When the access token is validated this setting allows compensating for server time drift. The default is 300 seconds.

Changing this setting could result in unauthorized 401 responses if there is a time difference between the token time and the DevOps Secrets Safe services time.

Jwt:TokenCleanupIntervalSeconds

Used to control the frequency of cleaning up old Jwt tokens. The default is 3600 seconds.

Changing this setting could have performance repercussions.