Skip to main content

Config. with files

There are a lot of things you may configure in Daikoku. By default, Daikoku provides a configuration that should be enough for testing purpose. But you'll likely need to update this configuration when you'll need to move Daikoku into production.

In this page, any configuration property can be set at runtime using a -D flag when launching Daikoku, like:

java -Dhttp.port=8080 -jar daikoku.jar

or

./bin/daikoku -Dhttp.port=8080

Common configuration

nametypedefault valuedescription
daikoku.modeString"prod"Daikoku running mode. Supported values are dev or prod
daikoku.exposedOnStringhttp.portThe HTTP port exposed by Daikoku
daikoku.singingkeyString"secret"The secret used for signing the JWT token
daikoku.tenants.providerstring"local"The way to get the tenant to display. Supported values are local, header or hostname
daikoku.tenants.hostheaderNamestringOtoroshi-Proxied-HostThe header key to get the host, in the case of daikoku.tenants.provider is hostname
daikoku.team.defaultApiKeyVisibilitystring"User"The default value of team apikeys visibility for its own members is based on Team permission. Supported values are Administrator, ApiEditor or User
daikoku.exposition.providerstring"none"Activate the exchange protocol. Supported values are otoroshi (for Otoroshi Exchange Protocol and none
daikoku.snowflake.seednumber0This number will be used to generate unique IDs across the cluster. Each Otoroshi instance must have a unique seed.

Admin api

nametypedefault valuedescription
daikoku.api.typeString"local"The provider of apikey for admin APIs. Supported values are local and otoroshi
daikoku.api.keyString"secret"The local apikey of admin APIs
daikoku.api.headerNameString"Otoroshi-Claim"
daikoku.api.headerSecretString"secret"

Otoroshi settings

nametypedefault valuedescription
daikoku.exposition.otoroshi.stateHeaderNamestring"Otoroshi-State"The Otoroshi exchange protocol header name
daikoku.exposition.otoroshi.stateRespHeaderNamestring"Otoroshi-State-resp"The Otoroshi exchange protocol response header name
daikoku.otoroshi.groups.namePrefixstringValue to filter Otoroshi groups based on the group name
daikoku.otoroshi.groups.idPrefixstringValue to filter Otoroshi groups based on the group d
daikoku.otoroshi.sync.masterbooleanfalseValue to define if the instance is the master to sync Otoroshi datas
daikoku.otoroshi.sync.keystring"secret"Sync key to sync Otoroshi
daikoku.otoroshi.sync.cronbooleanfalseValue to define if Otoroshi values are sync by cron
daikoku.otoroshi.sync.instancenumberDaikoku instance number

Daikoku init

nametypedefault valuedescription
daikoku.init.hostString"localhost"
daikoku.init.admin.nameString"Daikoku admin"Daikoku default admin name
daikoku.init.admin.emailString"admin@daikoku.io"Daikoku default admin email
daikoku.init.admin.passwordStringDaikoku default admin password
daikoku.init.data.fromstringA file path or a URL to a Daikoku export file. If the datastore is empty on startup, this file will be used to import data to the empty DB

DB configuration

Postgres configuration

nametypedefault valuedescription
daikoku.postgres.portint5432The port used to connect to datastore
daikoku.postgres.hoststring"localhost"The host wher the datastore is
daikoku.postgres.databasestring"default"The name of the database
daikoku.postgres.usernamestring"postgres"The user used to connect to database
daikoku.postgres.passwordstring"postgres"The password used to connect to database
daikoku.postgres.schemastring"public"The current schema

Audit trail purge configuration

nametypedefault valuedescription
daikoku.audit.purge.cronbooleanfalseEnable the automatic purge of audit trail in database
daikoku.audit.purge.intervalstring"1hour"The interval of purge run
daikoku.audit.purge.max.datestring"60days"Retention date for the audit trail

Play specific configuration

As Daikoku is a Play app, you should take a look at the Play configuration documentation to tune its internal configuration

nametypedefault valuedescription
http.portnumber8080The HTTP port used by Daikoku. You can use 'disabled' as value if you don't want to use HTTP
https.portnumberdisabledThe HTTPS port used by Daikoku. You can use 'disabled' as value if you don't want to use HTTPS
play.http.secret.keystring"secret"The secret used to sign Daikoku session cookie
play.http.session.securebooleanfalseWhether or not the Daikoku backoffice session will be served over HTTPS only
play.http.session.httpOnlybooleantrueWhether or not the Daikoku backoffice session will be accessible from JavaScript
play.http.session.maxAgenumber259200000The number of seconds before Daikoku backoffice session expired
play.http.session.domainstringnullThe domain on which the Daikoku backoffice session is authorized
play.http.session.cookieNamestring"daikoku-session"Tme of the Daikoku backoffice session
server.https.keyStore.pathstringThe path to the keystore containing the private key and certificate, if not provided generates a keystore for you
server.https.keyStore.typestring"JKS"The keystore type
server.https.keyStore.passwordstring""The password
server.https.keyStore.algorithmstringThe keystore algorithm, defaults to the platforms default algorithm

Anonymous reporting

nametypedefault valuedescription
daikoku.anonymous-reporting.enabledbooleantrueEnabling or not the anonymous reporting. If it's set to true and in the frontend to false, no reporting will be sent.
daikoku.anonymous-reporting.timeoutnumber60000The request timeout for sending data to our anonymous reporting database.
daikoku.containerizedbooleanfalseThis is to know if you are running daikoku with docker or not (only used for the anonymous reporting)

More config. options

See https://github.com/MAIF/daikoku/blob/master/daikoku/conf/application.conf

If you want to configure HTTPS on your Daikoku server, just read the PlayFramework documentation about it

Example of configuration file

daikoku {

mode = "prod"
signingKey = "secret"

exposedOn = ${http.port}

api {
type = "local"
key = "secret"
headerName = "Otoroshi-Claim"
headerSecret = "secret"
}

init {
host = "localhost"
admin {
name = "Daikoku admin"
email = "admin@daikoku.io"
password = "password"
}
data {
from = "/config/daikoku.ndjson"
headers = {}
}
}

snowflake {
seed = 0
}

tenants {
provider = "local"
}

exposition {
provider = "none"
otoroshi {
stateHeaderName = "Otoroshi-State"
stateRespHeaderName = "Otoroshi-State-Resp"
}
}

otoroshi {
groups {
namePrefix = "daikoku"
}
sync {
interval = 3600000
master = false
key = "secret"
cron = true
instance = 0
}
}

stats {
sync {
interval = 3600000
cron = true
}
call {
interval = 600000
}
}

audit {
purge {
cron = false
interval = 1hour
max.date = 60days
}
}

containerized = false
containerized = ${?IS_CONTAINERIZED}

anonymous-reporting {
enabled = true
enabled = ${?DAIKOKU_ANONYMOUS_REPORTING_ENABLED}
url = "https://reporting.otoroshi.io/daikoku/ingest"
timeout = 60000
timeout = ${?DAIKOKU_ANONYMOUS_REPORTING_TIMEOUT}
}
}

postgres {
database = "daikoku_test"
poolSize = 4
}


http.port = 8080
https.port = disabled

play {
application.loader = "fr.maif.otoroshi.daikoku.DaikokuLoader"
modules {}
filters {
enabled = []
}
http {
filters = play.api.http.NoHttpFilters
secret {
key = "secret"
}
session = {
cookieName = "daikoku-session"
secure = false
maxAge = 259200000
httpOnly = true
sameSite = "lax"
domain = null
path = ${play.http.context}
jwt {
signatureAlgorithm = "HS256"
expiresAfter = ${play.http.session.maxAge}
clockSkew = 5 minutes
dataClaim = "data"
}
}
}
server {
akka {
requestTimeout = 60s
}
http {
port = ${http.port}
idleTimeout = 60s
}
}
}