Property reference
As a Spring Boot application, the Orchestration Cluster supports standard Spring configuration methods.
The following configurations apply to all components within the Orchestration Cluster.
API
- Configuration property
- Environment variable
camunda.api.long-polling
Property | Description | Default value |
---|---|---|
camunda.api.long-polling.enabled | Enable long-polling for the Camunda gRPC API server. | true |
camunda.api.long-polling.timeout | Set the timeout for long polling in milliseconds. | 10000 |
camunda.api.long-polling.probe-timeout | Set the probe timeout for long polling in milliseconds. | 10000 |
camunda.api.long-polling.min-empty-responses | Set the number of minimum empty responses. A minimum number of responses with jobCount of 0 infers that no jobs are available. | 10s |
CAMUNDA_API_LONGPOLLING
Property | Description | Default value |
---|---|---|
CAMUNDA_API_LONGPOLLING_ENABLED | Enable long-polling for the Camunda gRPC API server. | true |
CAMUNDA_API_LONGPOLLING_TIMEOUT | Set the timeout for long polling in milliseconds. | 10000 |
CAMUNDA_API_LONGPOLLING_PROBETIMEOUT | Set the probe timeout for long polling in milliseconds. | 10000 |
CAMUNDA_API_LONGPOLLING_MINEMPTYRESPONSES | Set the number of minimum empty responses. A minimum number of responses with jobCount of 0 infers that no jobs are available. | 10s |
API - gRPC
- Configuration property
- Environment variable
camunda.api.grpc
Property | Description | Default value |
---|---|---|
camunda.api.grpc.address | Set the address the gateway binds to. | 0.0.0.0 |
camunda.api.grpc.port | Set the port the gateway binds to. | 26500 |
camunda.api.grpc.min-keep-alive-interval | Set the minimum keep alive interval.
| 30s |
camunda.api.grpc.max-message-size | Set the maximum size of the incoming and outgoing messages (that is, commands and events). | 4MB |
camunda.api.grpc.management-threads | Set the number of threads the gateway will use to communicate with the broker cluster. | 1 |
camunda.api.grpc.ssl
Property | Description | Default value |
---|---|---|
camunda.api.grpc.ssl.enabled | Enable SSL (Secure Sockets Layer) authentication for the gateway. | false |
camunda.api.grpc.ssl.certificate | Set the path to the certificate chain file. | Null |
camunda.api.grpc.ssl.certificate-private-key | Set the path to the private key file location. | Null |
camunda.api.grpc.ssl.key-store.file-path | Configure the keystore file containing both the certificate chain and the private key. Currently only supports PKCS12 format. | /path/to/keystore |
camunda.api.grpc.ssl.key-store.password | Configure the keystore password. | Null |
camunda.api.grpc.interceptors
Property | Description | Default value |
---|---|---|
camunda.api.grpc.interceptors[] | This property is part of Camunda's gRPC interceptor system, which allows you to add custom processing logic to gRPC requests and responses. The property is a list of interceptor configurations, each requiring an | No entries |
camunda.api.grpc.interceptors[].id | The unique identifier for a particular gRPC interceptor configuration. | Null |
camunda.api.grpc.interceptors[].jar-path | The file path to a JAR file that contains a custom gRPC interceptor implementation. | Null |
camunda.api.grpc.interceptors[].class-name | Set the fully qualified class name of a custom gRPC interceptor implementation that should be loaded and executed by the Camunda gRPC server. | Null |
CAMUNDA_API_GRPC
Property | Description | Default value |
---|---|---|
CAMUNDA_API_GRPC_ADDRESS | Set the address the gateway binds to. | 0.0.0.0 |
CAMUNDA_API_GRPC_PORT | Set the port the gateway binds to. | 26500 |
CAMUNDA_API_GRPC_MINKEEPALIVEINTERVAL | Set the minimum keep alive interval.
| 30s |
CAMUNDA_API_GRPC_MAXMESSAGESIZE | Set the maximum size of the incoming and outgoing messages (that is, commands and events). | 4MB |
CAMUNDA_API_GRPC_MANAGEMENTTHREADS | Set the number of threads the gateway will use to communicate with the broker cluster. | 1 |
CAMUNDA_API_GRPC_SSL
Property | Description | Default value |
---|---|---|
CAMUNDA_API_GRPC_SSL_ENABLED | Enable SSL (Secure Sockets Layer) authentication for the gateway. | false |
CAMUNDA_API_GRPC_SSL_CERTIFICATE | Set the path to the certificate chain file. | Null |
CAMUNDA_API_GRPC_SSL_CERTIFICATEPRIVATEKEY | Set the path to the private key file location. | Null |
CAMUNDA_API_GRPC_SSL_KEYSTORE_FILEPATH | Configure the keystore file containing both the certificate chain and the private key. Currently only supports PKCS12 format. | /path/to/keystore |
CAMUNDA_API_GRPC_SSL_KEYSTORE_PASSWORD | Configure the keystore password. | Null |
CAMUNDA_API_GRPC_INTERCEPTORS
Property | Description | Default value |
---|---|---|
CAMUNDA_API_GRPC_INTERCEPTORS | List of gRPC interceptor configurations. Each entry requires | No entries |
CAMUNDA_API_GRPC_INTERCEPTORS_0_ID | The unique identifier for a particular gRPC interceptor configuration. | Null |
CAMUNDA_API_GRPC_INTERCEPTORS_0_JARPATH | The file path to a JAR file that contains a custom gRPC interceptor implementation. | Null |
CAMUNDA_API_GRPC_INTERCEPTORS_0_CLASSNAME | Set the fully qualified class name of a custom gRPC interceptor implementation that should be loaded and executed by the Camunda gRPC server. | Null |
API - REST
- Configuration property
- Environment variable
camunda.api.rest.filters
Property | Description | Default value |
---|---|---|
camunda.api.rest.filters[] | This property is part of Camunda's REST filter system, which allows you to add filters to REST requests and responses. The property is a list of filter configurations, each requiring an | No entries |
camunda.api.rest.filters[].id | The unique identifier for a particular REST filter configuration. | Null |
camunda.api.rest.filters.jar-path | The file path to a JAR file that contains a custom REST filter implementation. | Null |
camunda.api.rest.filters.class-name | Set the fully qualified class name of a custom REST filter implementation that should be loaded and executed by the Camunda REST server. | Null |
camunda.api.rest.process-cache
Property | Description | Default value |
---|---|---|
camunda.api.rest.process-cache.max-size | Set the maximum number of entries that can be stored in the REST API's process cache. | 100 |
camunda.api.rest.process-cache.expiration-idle | Set the idle expiration time for entries in the REST API's process cache. | null |
camunda.api.rest.executor
Property | Description | Default value |
---|---|---|
camunda.api.rest.executor.core-pool-size-multiplier | Multiplier applied to the number of available processors to compute the executor's core pool size (minimum number of threads kept alive). Effective value: Use a higher value if you have steady, continuous traffic and want to minimize cold-start latency. Keep it low to allow the pool to scale down when idle. | 1 |
camunda.api.rest.executor.max-pool-size-multiplier | Multiplier applied to the number of available processors to compute the executor's maximum pool size (hard cap on threads). Effective value: Must be >= Increase cautiously, as high values can cause oversubscription for CPU-bound workloads. | 2 |
camunda.api.rest.executor.keep-alive | Time in seconds that threads above the core size may remain idle before being terminated. Lower values reclaim resources faster after bursts. Higher values reduce thread creation/destruction churn if bursts are frequent. | 60s |
camunda.api.rest.executor.queue-capacity | Capacity of the executor's task queue. A small bounded queue (for example, | 64 |
CAMUNDA_API_REST_FILTERS
Property | Description | Default value |
---|---|---|
CAMUNDA_API_REST_FILTERS | This property is part of Camunda's REST filter system, which allows you to add filters to REST requests and responses. The property is a list of filter configurations, each requiring an | No entries |
CAMUNDA_API_REST_FILTERS_0_ID | The unique identifier for a particular REST filter configuration. | Null |
CAMUNDA_API_REST_FILTERS_0_JARPATH | The file path to a JAR file that contains a custom REST filter implementation. | Null |
CAMUNDA_API_REST_FILTERS_0_CLASSNAME | Set the fully qualified class name of a custom REST filter implementation that should be loaded and executed by the Camunda REST server. | Null |
CAMUNDA_API_REST_PROCESSCACHE
Property | Description | Default value |
---|---|---|
CAMUNDA_API_REST_PROCESSCACHE_MAXSIZE | Set the maximum number of entries that can be stored in the REST API's process cache. | 100 |
CAMUNDA_API_REST_PROCESSCACHE_EXPIRATIONIDLE | Set the idle expiration time for entries in the REST API's process cache. | null |
CAMUNDA_API_REST_EXECUTOR
Property | Description | Default value |
---|---|---|
CAMUNDA_API_REST_EXECUTOR_COREPOOLSIZEMULTIPLIER | Multiplier applied to the number of available processors to compute the executor's core pool size (minimum number of threads kept alive). Effective value: Use a higher value if you have steady, continuous traffic and want to minimize cold-start latency. Keep it low to allow the pool to scale down when idle. | 1 |
CAMUNDA_API_REST_EXECUTOR_MAXPOOLSIZEMULTIPLIER | Multiplier applied to the number of available processors to compute the executor's maximum pool size (hard cap on threads). Effective value: Must be >= Increase cautiously, as high values can cause oversubscription for CPU-bound workloads. | 2 |
CAMUNDA_API_REST_EXECUTOR_KEEPALIVE | Time in seconds that threads above the core size may remain idle before being terminated. Lower values reclaim resources faster after bursts. Higher values reduce thread creation/destruction churn if bursts are frequent. | 60s |
CAMUNDA_API_REST_EXECUTOR_QUEUECAPACITY | Capacity of the executor's task queue. A small bounded queue (for example, | 64 |
Cluster
- Configuration property
- Environment variable
camunda.cluster
Property | Description | Default value |
---|---|---|
camunda.cluster.network.host | The network host for internal cluster communication. | null |
camunda.cluster.node-id | Specifies the unique id of this broker node in a cluster. The id should be between 0 and number of nodes in the cluster (exclusive). | 0 |
camunda.cluster.partition-count | The number of partitions in the cluster. | 1 |
camunda.cluster.replication-factor | The number of replicas for each partition in the cluster. The replication factor cannot be greater than the number of nodes in the cluster. | 1 |
camunda.cluster.size | The number of nodes in the cluster. | 1 |
camunda.cluster.metadata
Property | Description | Default value |
---|---|---|
camunda.cluster.metadata.sync-delay | The delay between two sync requests in the | 10s |
camunda.cluster.metadata.sync-request-timeout | The timeout for a sync request in the | 2s |
camunda.cluster.metadata.gossip-fanout | The number of nodes to which a cluster topology is gossiped. | 2 |
camunda.cluster.raft
Property | Description | Default value |
---|---|---|
camunda.cluster.raft | Configuration for the Raft consensus protocol in the cluster. This class provides settings for Raft algorithm parameters including timing, elections, and log flushing. | none |
camunda.cluster.raft.priority-election-enabled | When this flag is enabled, the leader election algorithm attempts to elect the leaders based on a pre-defined priority. As a result, it tries to distribute the leaders uniformly across the brokers. Note that it is only a best-effort strategy. It is not guaranteed to be a strictly uniform distribution. | true |
camunda.cluster.raft.flush-enabled | If false, explicit flushing of the Raft log is disabled, and flushing only occurs right before a snapshot is taken. You should only disable explicit flushing if you are willing to accept potential data loss at the expense of performance. Before disabling it, try the delayed options, which provide a trade-off between safety and performance. By default, for a given partition, data is flushed on every leader commit, and every follower append. This is to ensure consistency across all replicas. Disabling this can cause inconsistencies, and at worst, data corruption or data loss scenarios. | true |
camunda.cluster.raft.flush-delay | If the delay is > 0, then flush requests are delayed by at least the given period. It is recommended that you find the smallest delay here with which you achieve your performance goals. It's also likely that anything above 30s is not useful, as this is the typical default flush interval for the Linux OS. The default behavior is optimized for safety, and flushing occurs on every leader commit and follower append in a synchronous fashion. | 0s |
camunda.cluster.raft.heartbeat-interval | The heartbeat interval for Raft. The leader sends a heartbeat to a follower every | 250ms |
camunda.cluster.raft.election-timeout | The election timeout for Raft. If a follower does not receive a heartbeat from the leader within an election timeout, it can start a new leader election. The When the When the If the network latency between the nodes is high, it is recommended to have a higher election timeout. This is an advanced setting. | 2.5s |
CAMUNDA_CLUSTER
Property | Description | Default value |
---|---|---|
CAMUNDA_CLUSTER_NETWORK_HOST | The network host for internal cluster communication. | null |
CAMUNDA_CLUSTER_NODEID | Specifies the unique id of this broker node in a cluster. The id should be between 0 and number of nodes in the cluster (exclusive). | 0 |
CAMUNDA_CLUSTER_PARTITIONCOUNT | The number of partitions in the cluster. | 1 |
CAMUNDA_CLUSTER_REPLICATIONFACTOR | The number of replicas for each partition in the cluster. The replication factor cannot be greater than the number of nodes in the cluster. | 1 |
CAMUNDA_CLUSTER_SIZE | The number of nodes in the cluster. | 1 |
CAMUNDA_CLUSTER_METADATA
Property | Description | Default value |
---|---|---|
CAMUNDA_CLUSTER_METADATA_SYNCDELAY | The delay between two sync requests in the | 10s |
CAMUNDA_CLUSTER_METADATA_SYNCREQUESTTIMEOUT | The timeout for a sync request in the | 2s |
CAMUNDA_CLUSTER_METADATA_GOSSIPFANOUT | The number of nodes to which a cluster topology is gossiped. | 2 |
CAMUNDA_CLUSTER_RAFT
Property | Description | Default value |
---|---|---|
CAMUNDA_CLUSTER_RAFT | Configuration for the Raft consensus protocol in the cluster. This class provides settings for Raft algorithm parameters including timing, elections, and log flushing. | none |
CAMUNDA_CLUSTER_RAFT_PRIORITYELECTIONENABLED | When this flag is enabled, the leader election algorithm attempts to elect the leaders based on a pre-defined priority. As a result, it tries to distribute the leaders uniformly across the brokers. Note that it is only a best-effort strategy. It is not guaranteed to be a strictly uniform distribution. | true |
CAMUNDA_CLUSTER_RAFT_FLUSHENABLED | If false, explicit flushing of the Raft log is disabled, and flushing only occurs right before a snapshot is taken. You should only disable explicit flushing if you are willing to accept potential data loss at the expense of performance. Before disabling it, try the delayed options, which provide a trade-off between safety and performance. By default, for a given partition, data is flushed on every leader commit, and every follower append. This is to ensure consistency across all replicas. Disabling this can cause inconsistencies, and at worst, data corruption or data loss scenarios. | true |
CAMUNDA_CLUSTER_RAFT_FLUSHDELAY | If the delay is > 0, then flush requests are delayed by at least the given period. It is recommended that you find the smallest delay here with which you achieve your performance goals. It's also likely that anything above 30s is not useful, as this is the typical default flush interval for the Linux OS. The default behavior is optimized for safety, and flushing occurs on every leader commit and follower append in a synchronous fashion. | 0s |
CAMUNDA_CLUSTER_RAFT_HEARTBEATINTERVAL | The heartbeat interval for Raft. The leader sends a heartbeat to a follower every | '250ms' |
CAMUNDA_CLUSTER_RAFT_ELECTIONTIMEOUT | The election timeout for Raft. If a follower does not receive a heartbeat from the leader within an election timeout, it can start a new leader election. The When the When the If the network latency between the nodes is high, it is recommended to have a higher election timeout. This is an advanced setting. | 2.5s |
Data
- Configuration property
- Environment variable
camunda.data
Property | Description | Default value |
---|---|---|
camunda.data.snapshot-period | How often snapshots are taken of streams (in minutes). | 5m |
camunda.data.export.distribution-interval | Configures the rate at which exporter positions are distributed to the followers. This is useful for fail-over and taking snapshots. The follower is able to take snapshots based on replayed and distributed export position. When a follower takes over it can recover from the snapshot, it doesn't need to replay and export everything. For example, it can start from the last exported position it has received by the distribution mechanism. | 15s |
camunda.data.export.skip-records | Enable the exporters to skip record position. Allows to skip certain records by their position. This is useful for debugging or skipping a record that is preventing processing or exporting to continue. Record positions defined to skip in this definition will be skipped in all exporters. The value is a comma-separated list of records ids to skip. Whitespace is ignored. | [] |
CAMUNDA_DATA
Property | Description | Default value |
---|---|---|
CAMUNDA_DATA_SNAPSHOTPERIOD | How often snapshots are taken of streams (in minutes). | 5m |
CAMUNDA_DATA_EXPORT_DISTRIBUTIONINTERVAL | Configures the rate at which exporter positions are distributed to the followers. This is useful for fail-over and taking snapshots. The follower is able to take snapshots based on replayed and distributed export position. When a follower takes over it can recover from the snapshot, it doesn't need to replay and export everything. For example, it can start from the last exported position it has received by the distribution mechanism. | 15s |
CAMUNDA_DATA_EXPORT_SKIPRECORDS | Enable the exporters to skip record position. Allows to skip certain records by their position. This is useful for debugging or skipping a record that is preventing processing or exporting to continue. Record positions defined to skip in this definition will be skipped in all exporters. The value is a comma-separated list of records ids to skip. Whitespace is ignored. | [] |
Data - backup
- Configuration property
- Environment variable
camunda.data.backup
Property | Description | Default value |
---|---|---|
camunda.data.backup.repository-name | Set the Elasticsearch/OpenSearch snapshot repository name. Note: This setting applies to backups of secondary storage. | '' |
camunda.data.backup.snapshot-timeout | A backup of history data consists of multiple Elasticsearch/OpenSearch snapshots. The Note: This setting applies to backups of secondary storage. | 0 |
camunda.data.backup.incomplete-check-timeout | Defines the timeout period for determining whether an incomplete backup should be considered as failed or still in progress. This property helps distinguish between backups that are actively running versus those that may have stalled or failed silently. Note: This setting applies to backups of secondary storage. | 5m |
camunda.data.backup.store | Set the backup store type. Supported values are
Note: This configuration applies to the backup of primary storage. | NONE |
camunda.data.backup.s3
Property | Description | Default value |
---|---|---|
camunda.data.backup.s3.bucket-name | Name of the bucket where the backup will be stored.
| Null |
camunda.data.backup.s3.endpoint | Configure the URL endpoint for the store. If no endpoint is provided, it will be determined based on the configured region. | Null |
camunda.data.backup.s3.region | Configure the AWS region. If no region is provided it will be determined as documented in setting the AWS Region for the AWS SDK for Java 2.x. | Null |
camunda.data.backup.s3.access-key | Configure access credentials. If either | - |
camunda.data.backup.s3.secret-key | Configure access credentials. If either | - |
camunda.data.backup.s3.api-call-timeout | Configure a maximum duration for all S3 client API calls. Lower values will ensure that failed or slow API calls don't block other backups but may increase the risk that backups can't be stored if uploading parts of the backup takes longer than the configured timeout. Refer to AWS Java SDK 2.x Best Practices. | 180s |
camunda.data.backup.s3.force-path-style-access | If enabled, forces the s3 client to use path-style access. By default, the client will automatically choose between path-style and virtual-hosted-style. This should only be enabled if the s3 compatible storage cannot support virtual-hosted-style. | false |
camunda.data.backup.s3.compression | When set to an algorithm such as When not set or set to Enabling compression reduces the required storage space for backups in S3 but also increases the impact on CPU and disk utilization while taking a backup. | - |
camunda.data.backup.s3.max-concurrent-connections | Maximum number of connections allowed in a connection pool. This is used to restrict the maximum number of concurrent uploads as to avoid connection timeouts when uploading backups with large/multiple files. | 50 |
camunda.data.backup.s3.connection-acquisition-timeout | Timeout for acquiring an already-established connection from a connection pool to a remote service. | 45s |
camunda.data.backup.s3.base-path | When set, all objects in the bucket will use this prefix. Must be non-empty and not start or end with ' This is useful for using the same bucket for multiple Zeebe clusters. In this scenario, the | Null |
camunda.data.backup.s3.support-legacy-md5 | Enable s3 md5 plugin for legacy support. | Null |
camunda.data.backup.gcs
Property | Description | Default value |
---|---|---|
camunda.data.backup.gcs.bucket-name | Name of the bucket where the backup will be stored.
| Null |
camunda.data.backup.gcs.host | When set, this overrides the host that the GCS client connects to. By default, this is not set because the client can automatically discover the correct host to connect to. | AUTO |
camunda.data.backup.gcs.basePath | When set, all blobs in the bucket will use this prefix. This is useful for using the same bucket for multiple Zeebe clusters. In this scenario, the | Null |
camunda.data.backup.gcs.auth | Configures which authentication method is used for connecting to GCS. Can be either
| Null |
camunda.data.backup.azure
Property | Description | Default value |
---|---|---|
camunda.data.backup.azure.endpoint | The Azure endpoint to connect to. Required unless a connection string is specified. | Null |
camunda.data.backup.azure.account-name | The account name used to authenticate with Azure. This can only be used in combination with an account key. If account credentials or a connection string are not provided, authentication will use credentials from the runtime environment. | Null |
camunda.data.backup.azure.account-key | The account key that is used to authenticate with Azure. This can only be used in combination with an account name. If account credentials or a connection string are not provided, authentication will use credentials from the runtime environment. | Null |
camunda.data.backup.azure.connection-string | The connection string configures the endpoint, account name and account key all at once. Ifa connection string or account credentials are not provided, authentication will use credentials from the runtime environment. | Null |
camunda.data.backup.azure.base-path | Defines the container name where backup contents are saved. | Null |
camunda.data.backup.azure.create-container | Defines the container name where backup contents are saved. | true |
camunda.data.backup.azure.sas-token.type | This setting defines the SAS token to use. These can be of user delegation, service or account type. Note: As user delegation and service SAS tokens do not support the creation of containers, The user must make sure that the container already exists, or it will lead to a runtime error. Refer to delegate access by using a shared access signature. | Null |
camunda.data.backup.azure.sas-token.value | The actual Shared Access Signature (SAS) token value used for authentication. | Null |
camunda.data.backup.filesystem
Property | Description | Default value |
---|---|---|
camunda.data.backup.filesystem.base-path | Set the base path to store all related backup files in. | Null |
CAMUNDA_DATA_BACKUP
Property | Description | Default value |
---|---|---|
CAMUNDA_DATA_BACKUP_REPOSITORYNAME | Set the Elasticsearch/OpenSearch snapshot repository name. Note: This setting applies to backups of secondary storage. | '' |
CAMUNDA_DATA_BACKUP_SNAPSHOTTIMEOUT | A backup of history data consists of multiple Elasticsearch/OpenSearch snapshots. The Note: This setting applies to backups of secondary storage. | 0 |
CAMUNDA_DATA_BACKUP_INCOMPLETECHECKTIMEOUT | Defines the timeout period for determining whether an incomplete backup should be considered as failed or still in progress. This property helps distinguish between backups that are actively running versus those that may have stalled or failed silently. Note: This setting applies to backups of secondary storage. | 5m |
CAMUNDA_DATA_BACKUP_STORE | Set the backup store type. Supported values are
Note: This configuration applies to the backup of primary storage. | NONE |
CAMUNDA_DATA_BACKUP_S3
Property | Description | Default value |
---|---|---|
CAMUNDA_DATA_BACKUP_S3_BUCKETNAME | Name of the bucket where the backup will be stored.
| Null |
CAMUNDA_DATA_BACKUP_S3_ENDPOINT | Configure the URL endpoint for the store. If no endpoint is provided, it will be determined based on the configured region. | Null |
CAMUNDA_DATA_BACKUP_S3_REGION | Configure the AWS region. If no region is provided it will be determined as documented in setting the AWS Region for the AWS SDK for Java 2.x. | Null |
CAMUNDA_DATA_BACKUP_S3_ACCESSKEY | Configure access credentials. If either | - |
CAMUNDA_DATA_BACKUP_S3_SECRETKEY | Configure access credentials. If either | - |
CAMUNDA_DATA_BACKUP_S3_APICALLTIMEOUT | Configure a maximum duration for all S3 client API calls. Lower values will ensure that failed or slow API calls don't block other backups but may increase the risk that backups can't be stored if uploading parts of the backup takes longer than the configured timeout. Refer to AWS Java SDK 2.x Best Practices. | 180s |
CAMUNDA_DATA_BACKUP_S3_FORCEPATHSTYLEACCESS | If enabled, forces the s3 client to use path-style access. By default, the client will automatically choose between path-style and virtual-hosted-style. This should only be enabled if the s3 compatible storage cannot support virtual-hosted-style. | false |
CAMUNDA_DATA_BACKUP_S3_COMPRESSION | When set to an algorithm such as When not set or set to Enabling compression reduces the required storage space for backups in S3 but also increases the impact on CPU and disk utilization while taking a backup. | - |
CAMUNDA_DATA_BACKUP_S3_MAXCONCURRENTCONNECTIONS | Maximum number of connections allowed in a connection pool. This is used to restrict the maximum number of concurrent uploads as to avoid connection timeouts when uploading backups with large/multiple files. | 50 |
CAMUNDA_DATA_BACKUP_S3_CONNECTIONACQUISITIONTIMEOUT | Timeout for acquiring an already-established connection from a connection pool to a remote service. | 45s |
CAMUNDA_DATA_BACKUP_S3_BASEPATH | When set, all objects in the bucket will use this prefix. Must be non-empty and not start or end with ' This is useful for using the same bucket for multiple Zeebe clusters. In this scenario, the | Null |
CAMUNDA_DATA_BACKUP_S3_SUPPORTLEGACYMD5 | Enable s3 md5 plugin for legacy support. | Null |
CAMUNDA_DATA_BACKUP_GCS
Property | Description | Default value |
---|---|---|
CAMUNDA_DATA_BACKUP_GCS_BUCKETNAME | Name of the bucket where the backup will be stored.
| Null |
CAMUNDA_DATA_BACKUP_GCS_HOST | When set, this overrides the host that the GCS client connects to. By default, this is not set because the client can automatically discover the correct host to connect to. | AUTO |
CAMUNDA_DATA_BACKUP_GCS_BASEPATH | When set, all blobs in the bucket will use this prefix. This is useful for using the same bucket for multiple Zeebe clusters. In this scenario, the | Null |
CAMUNDA_DATA_BACKUP_GCS_AUTH | Configures which authentication method is used for connecting to GCS. Can be either
| Null |
CAMUNDA_DATA_BACKUP_AZURE
Property | Description | Default value |
---|---|---|
CAMUNDA_DATA_BACKUP_AZURE_ENDPOINT | The Azure endpoint to connect to. Required unless a connection string is specified. | Null |
CAMUNDA_DATA_BACKUP_AZURE_ACCOUNTNAME | The account name used to authenticate with Azure. This can only be used in combination with an account key. If account credentials or a connection string are not provided, authentication will use credentials from the runtime environment. | Null |
CAMUNDA_DATA_BACKUP_AZURE_ACCOUNTKEY | The account key that is used to authenticate with Azure. This can only be used in combination with an account name. If account credentials or a connection string are not provided, authentication will use credentials from the runtime environment. | Null |
CAMUNDA_DATA_BACKUP_AZURE_CONNECTIONSTRING | The connection string configures the endpoint, account name and account key all at once. Ifa connection string or account credentials are not provided, authentication will use credentials from the runtime environment. | Null |
CAMUNDA_DATA_BACKUP_AZURE_BASEPATH | Defines the container name where backup contents are saved. | Null |
CAMUNDA_DATA_BACKUP_AZURE_CREATECONTAINER | Defines the container name where backup contents are saved. | true |
CAMUNDA_DATA_BACKUP_AZURE_SASTOKEN_TYPE | This setting defines the SAS token to use. These can be of user delegation, service or account type. Note: As user delegation and service SAS tokens do not support the creation of containers, The user must make sure that the container already exists, or it will lead to a runtime error. Refer to delegate access by using a shared access signature. | Null |
CAMUNDA_DATA_BACKUP_AZURE_SASTOKEN_VALUE | The actual Shared Access Signature (SAS) token value used for authentication. | Null |
CAMUNDA_DATA_BACKUP_FILESYSTEM
Property | Description | Default value |
---|---|---|
CAMUNDA_DATA_BACKUP_FILESYSTEM_BASEPATH | Set the base path to store all related backup files in. | Null |
Data - secondary storage
- Configuration property
- Environment variable
camunda.data.secondary-storage
Property | Description | Default value |
---|---|---|
camunda.data.secondary-storage.type | Determines the type of the secondary storage database. | elasticsearch |
camunda.data.secondary-storage.autoconfigure-camunda-exporter | If enabled, the default exporter Manual configuration of If disabled, Manual configuration of | true |
camunda.data.secondary-storage.elasticsearch
Property | Description | Default value |
---|---|---|
camunda.data.secondary-storage.elasticsearch.url | Endpoint for the database configured as secondary storage. | http://localhost:9200 |
camunda.data.secondary-storage.elasticsearch.cluster-name | Name of the cluster. | elasticsearch |
camunda.data.secondary-storage.elasticsearch.username | Username for the database configured as secondary storage. | '' |
camunda.data.secondary-storage.elasticsearch.password | Password for the database configured as secondary storage. | '' |
camunda.data.secondary-storage.elasticsearch.security.enabled | Enable security. | false |
camunda.data.secondary-storage.elasticsearch.security.certificate-path | Path to certificate used by Elasticsearch. | '' |
camunda.data.secondary-storage.elasticsearch.security.verify-hostname | Should the hostname be validated. | true |
camunda.data.secondary-storage.elasticsearch.security.self-signed | Certificate was self-signed. | false |
camunda.data.secondary-storage.elasticsearch.index-prefix | Prefix to apply to the indexes. | '' |
camunda.data.secondary-storage.opensearch
Property | Description | Default value |
---|---|---|
camunda.data.secondary-storage.opensearch.url | Endpoint for the database configured as secondary storage. | http://localhost:9200 |
camunda.data.secondary-storage.opensearch.cluster-name | Name of the cluster. | elasticsearch |
camunda.data.secondary-storage.opensearch.username | Username for the database configured as secondary storage. | '' |
camunda.data.secondary-storage.opensearch.password | Password for the database configured as secondary storage.. | '' |
camunda.data.secondary-storage.opensearch.security.enabled | Enable security | false |
camunda.data.secondary-storage.opensearch.security.certificate-path | Path to certificate used by OpenSearch. | '' |
camunda.data.secondary-storage.opensearch.security.verify-hostname | CShould the hostname be validated. | true |
camunda.data.secondary-storage.opensearch.security.self-signed | Certificate was self-signed. | false |
camunda.data.secondary-storage.opensearch.index-prefix | Prefix to apply to the indexes. | '' |
CAMUNDA_DATA_SECONDARYSTORAGE
Property | Description | Default value |
---|---|---|
CAMUNDA_DATA_SECONDARYSTORAGE_TYPE | Determines the type of the secondary storage database. | elasticsearch |
CAMUNDA_DATA_SECONDARYSTORAGE_AUTOCONFIGURECAMUNDAEXPORTER | If enabled, the default exporter Manual configuration of If disabled, Manual configuration of | true |
CAMUNDA_DATA_SECONDARYSTORAGE_ELASTICSEARCH
Property | Description | Default value |
---|---|---|
CAMUNDA_DATA_SECONDARYSTORAGE_ELASTICSEARCH_URL | Endpoint for the database configured as secondary storage. | http://localhost:9200 |
CAMUNDA_DATA_SECONDARYSTORAGE_ELASTICSEARCH_CLUSTERNAME | Name of the cluster. | elasticsearch |
CAMUNDA_DATA_SECONDARYSTORAGE_ELASTICSEARCH_USERNAME | Username for the database configured as secondary storage. | '' |
CAMUNDA_DATA_SECONDARYSTORAGE_ELASTICSEARCH_PASSWORD | Password for the database configured as secondary storage. | '' |
CAMUNDA_DATA_SECONDARYSTORAGE_ELASTICSEARCH_SECURITY_ENABLED | Enable security. | false |
CAMUNDA_DATA_SECONDARYSTORAGE_ELASTICSEARCH_SECURITY_CERTIFICATEPATH | Path to certificate used by Elasticsearch. | '' |
CAMUNDA_DATA_SECONDARYSTORAGE_ELASTICSEARCH_SECURITY_VERIFYHOSTNAME | Should the hostname be validated. | true |
CAMUNDA_DATA_SECONDARYSTORAGE_ELASTICSEARCH_SECURITY_SELFSIGNED | Certificate was self-signed. | false |
CAMUNDA_DATA_SECONDARYSTORAGE_ELASTICSEARCH_INDEXPREFIX | Prefix to apply to the indexes. | '' |
CAMUNDA_DATA_SECONDARYSTORAGE_OPENSEARCH
Property | Description | Default value |
---|---|---|
CAMUNDA_DATA_SECONDARYSTORAGE_OPENSEARCH_URL | Endpoint for the database configured as secondary storage. | http://localhost:9200 |
CAMUNDA_DATA_SECONDARYSTORAGE_OPENSEARCH_CLUSTERNAME | Name of the cluster. | elasticsearch' |
CAMUNDA_DATA_SECONDARYSTORAGE_OPENSEARCH_USERNAME | Username for the database configured as secondary storage. | '' |
CAMUNDA_DATA_SECONDARYSTORAGE_OPENSEARCH_PASSWORD | Password for the database configured as secondary storage.. | '' |
CAMUNDA_DATA_SECONDARYSTORAGE_OPENSEARCH_SECURITY_ENABLED | Enable security | false |
CAMUNDA_DATA_SECONDARYSTORAGE_OPENSEARCH_SECURITY_CERTIFICATEPATH | Path to certificate used by OpenSearch. | '' |
CAMUNDA_DATA_SECONDARYSTORAGE_OPENSEARCH_SECURITY_VERIFYHOSTNAME | CShould the hostname be validated. | true |
CAMUNDA_DATA_SECONDARYSTORAGE_OPENSEARCH_SECURITY_SELFSIGNED | Certificate was self-signed. | false |
CAMUNDA_DATA_SECONDARYSTORAGE_OPENSEARCH_INDEXPREFIX | Prefix to apply to the indexes. | '' |
Data - primary storage
- Configuration property
- Environment variable
camunda.data.primary-storage
Property | Description | Default value |
---|---|---|
camunda.data.primary-storage.directory | Specify the directory in which data is stored. | './data' |
camunda.data.primary-storage.runtime-directory | Specify the directory in which runtime is stored.
Note: If runtime is on a different disk than the data directory, files must be copied to the data directory while taking the snapshot. This can impact disk i/o or performance during snapshotting. | '' |
camunda.data.primary-storage.disk
Property | Description | Default value |
---|---|---|
camunda.data.primary-storage.disk.monitoring-interval | Sets the interval at which the disk usage is monitored. | 1s |
camunda.data.primary-storage.disk.monitoring-enabled | Configure disk monitoring to prevent getting into a non-recoverable state due to out of disk space. If monitoring is enabled, the broker rejects commands and pauses replication when the required | true |
camunda.data.primary-storage.disk.free-space.processing | When the free space available is less than this value, the broker rejects all client commands and pauses processing. | 2GB |
camunda.data.primary-storage.disk.free-space.replication | When the free space available is less than this value, the broker stops receiving replicated events. This value must be less than It is recommended to configure free space large enough for at least one log segment and one snapshot. This is because a partition needs enough space to take a new snapshot to be able to compact the log segments to make disk space available again. | 1GB |
camunda.data.primary-storage.logstream
Property | Description | Default value |
---|---|---|
camunda.data.primary-storage.logstream.log-segment-size | The size of data log segment files. | 128MB |
camunda.data.primary-storage.logstream.log-index-density | The density of the log index, which determines how frequently index entries are created in the log. This value specifies the number of log entries between each index entry. A lower value increases the number of index entries (improving lookup speed but using more memory), while a higher value reduces the number of index entries (saving memory but potentially slowing lookups). Valid values: any positive integer (recommended range: 1-1000). | 100 |
camunda.data.primary-storage.rocksdb
Property | Description | Default value |
---|---|---|
camunda.data.primary-storage.rocksdb.statistics-enabled | Enables RocksDB statistics, which will be written to the RocksDB log file. | false |
camunda.data.primary-storage.rocksdb.access-metrics | Configures which, if any, RocksDB column family access metrics are exposed. Valid values are | none |
camunda.data.primary-storage.rocksdb.memory-limit | Configures the memory limit, which can be used by RocksDB. Be aware that this setting only applies to RocksDB, which is used by the Zeebe's state management and that an RocksDB instance is used per partition. | 512MB |
camunda.data.primary-storage.rocksdb.max-open-files | Configures how many files are kept open by RocksDB. The default is unlimited (-1). This is a performance optimization: if you set a value greater than zero, it will keep track and cap the number of open files in the On accessing the files it needs to look them up in the cache. You should configure this property if the maximum open files are limited on your system, or if you have thousands of files in your RocksDB state as there is a memory overhead to keeping all of them open, and setting | -1 |
camunda.data.primary-storage.rocksdb.max-write-buffer-number | Configures the maximum number of simultaneous write buffers/memtables RocksDB will have in memory. Normally about 2/3s of the This means the higher | 6 |
camunda.data.primary-storage.rocksdb.min-write-buffer-number-to-merge | Configures how many write buffers should be full before they are merged and flushed to disk. A higher numeric value means you may flush less often, but will flush more data at once. A lower numeric value means flushing more often, but flushing less data at once. | 3 |
camunda.data.primary-storage.rocksdb.io-rate-bytes-per-second | Configures a rate limit for write I/O of RocksDB. Setting any value less than or equal to 0 will disable this, which is the default setting. Setting a rate limit on the write I/O can help achieve more stable performance by avoiding write spikes consuming all available IOPS, leading to more predictable read rates. | 0 |
camunda.data.primary-storage.rocksdb.wal-disabled | Configures if the RocksDB write-ahead-log is used or not. By default, every write in RocksDB goes to the active write buffer and the WAL; this helps recover a RocksDB instance should it crash before the write buffer is flushed. Zeebe however only recovers from specific point-in-time snapshot, and never from a previously active RocksDB instance, which makes it a good candidate to disable the WAL. WAL is disabled by default as it can improve performance of Zeebe. | true |
camunda.data.primary-storage.rocksdb.sst-partitioning-enabled | Configures if the RocksDB SST files should be partitioned based on some virtual column families. By default, RocksDB will not partition the SST files, which could influence the compacting of certain key ranges. Enabling this option gives RocksDB some good hints how to improve compaction and reduce the write amplification. Benchmarks have shown impressive results, allowing sustained performance on larger states. This setting will increase the general file count of runtime and snapshots. | true |
CAMUNDA_DATA_PRIMARYSTORAGE
Property | Description | Default value |
---|---|---|
CAMUNDA_DATA_PRIMARYSTORAGE_DIRECTORY | Specify the directory in which data is stored. | ./data |
CAMUNDA_DATA_PRIMARYSTORAGE_RUNTIMEDIRECTORY | Specify the directory in which runtime is stored.
Note: If runtime is on a different disk than the data directory, files must be copied to the data directory while taking the snapshot. This can impact disk i/o or performance during snapshotting. | '' |
CAMUNDA_DATA_PRIMARYSTORAGE_DISK
Property | Description | Default value |
---|---|---|
CAMUNDA_DATA_PRIMARYSTORAGE_DISK_MONITORINGINTERVAL | Sets the interval at which the disk usage is monitored. | 1s |
CAMUNDA_DATA_PRIMARYSTORAGE_DISK_MONITORINGENABLED | Configure disk monitoring to prevent getting into a non-recoverable state due to out of disk space. If monitoring is enabled, the broker rejects commands and pauses replication when the required | true |
CAMUNDA_DATA_PRIMARYSTORAGE_DISK_FREESPACE_PROCESSING | When the free space available is less than this value, the broker rejects all client commands and pauses processing. | 2GB |
CAMUNDA_DATA_PRIMARYSTORAGE_DISK_FREESPACE_REPLICATION | When the free space available is less than this value, the broker stops receiving replicated events. This value must be less than It is recommended to configure free space large enough for at least one log segment and one snapshot. This is because a partition needs enough space to take a new snapshot to be able to compact the log segments to make disk space available again. | 1GB |
CAMUNDA_DATA_PRIMARYSTORAGE_LOGSTREAM
Property | Description | Default value |
---|---|---|
CAMUNDA_DATA_PRIMARYSTORAGE_LOGSTREAM_LOGSEGMENTSIZE | The size of data log segment files. | 128MB |
CAMUNDA_DATA_PRIMARYSTORAGE_LOGSTREAM_LOGINDEXDENSITY | The density of the log index, which determines how frequently index entries are created in the log. This value specifies the number of log entries between each index entry. A lower value increases the number of index entries (improving lookup speed but using more memory), while a higher value reduces the number of index entries (saving memory but potentially slowing lookups). Valid values: any positive integer (recommended range: 1-1000). | 100 |
CAMUNDA_DATA_PRIMARYSTORAGE_ROCKSDB
Property | Description | Default value |
---|---|---|
CAMUNDA_DATA_PRIMARYSTORAGE_ROCKSDB_STATISTICSENABLED | Enables RocksDB statistics, which will be written to the RocksDB log file. | false |
CAMUNDA_DATA_PRIMARYSTORAGE_ROCKSDB_ACCESSMETRICS | Configures which, if any, RocksDB column family access metrics are exposed. Valid values are | none |
CAMUNDA_DATA_PRIMARYSTORAGE_ROCKSDB_MEMORYLIMIT | Configures the memory limit, which can be used by RocksDB. Be aware that this setting only applies to RocksDB, which is used by the Zeebe's state management and that an RocksDB instance is used per partition. | 512MB |
CAMUNDA_DATA_PRIMARYSTORAGE_ROCKSDB_MAXOPENFILES | Configures how many files are kept open by RocksDB. The default is unlimited (-1). This is a performance optimization: if you set a value greater than zero, it will keep track and cap the number of open files in the On accessing the files it needs to look them up in the cache. You should configure this property if the maximum open files are limited on your system, or if you have thousands of files in your RocksDB state as there is a memory overhead to keeping all of them open, and setting | -1 |
CAMUNDA_DATA_PRIMARYSTORAGE_ROCKSDB_MAXWRITEBUFFERNUMBER | Configures the maximum number of simultaneous write buffers/memtables RocksDB will have in memory. Normally about 2/3s of the This means the higher | 6 |
CAMUNDA_DATA_PRIMARYSTORAGE_ROCKSDB_MINWRITEBUFFERNUMBERTOMERGE | Configures how many write buffers should be full before they are merged and flushed to disk. A higher numeric value means you may flush less often, but will flush more data at once. A lower numeric value means flushing more often, but flushing less data at once. | 3 |
CAMUNDA_DATA_PRIMARYSTORAGE_ROCKSDB_IORATEBYTESPERSECOND | Configures a rate limit for write I/O of RocksDB. Setting any value less than or equal to 0 will disable this, which is the default setting. Setting a rate limit on the write I/O can help achieve more stable performance by avoiding write spikes consuming all available IOPS, leading to more predictable read rates. | 0 |
CAMUNDA_DATA_PRIMARYSTORAGE_ROCKSDB_WALDISABLED | Configures if the RocksDB write-ahead-log is used or not. By default, every write in RocksDB goes to the active write buffer and the WAL; this helps recover a RocksDB instance should it crash before the write buffer is flushed. Zeebe however only recovers from specific point-in-time snapshot, and never from a previously active RocksDB instance, which makes it a good candidate to disable the WAL. WAL is disabled by default as it can improve performance of Zeebe. | true |
CAMUNDA_DATA_PRIMARYSTORAGE_ROCKSDB_SSTPARTITIONINGENABLED | Configures if the RocksDB SST files should be partitioned based on some virtual column families. By default, RocksDB will not partition the SST files, which could influence the compacting of certain key ranges. Enabling this option gives RocksDB some good hints how to improve compaction and reduce the write amplification. Benchmarks have shown impressive results, allowing sustained performance on larger states. This setting will increase the general file count of runtime and snapshots. | true |
Licensing
Installations of Camunda 8 Self-Managed that require a license can provide their license key to the components. See licensing.
- Configuration property
- Environment variable
Security
- Configuration property
- Environment variable
- Helm values
camunda.security
Property | Description | Default value |
---|---|---|
camunda.security.id-validation-pattern | A Java regular expression that validates the user-defined identifiers of Identity-related entities. | ^[a-zA-Z0-9_@.+-]+$ |
camunda.security.authentication
Property | Description | Default value |
---|---|---|
camunda.security.authentication.authentication-refresh-interval | The interval at which the memberships (groups, roles, tenants, component authorizations) are refreshed for logged in users. Find more details in webserver and security. | PT30S |
camunda.security.authorizations.enabled | If authorizations are enabled. | true |
camunda.security.authentication.method | The authentication method to use. Options: basic , oidc . | basic |
camunda.security.authentication.unprotected-api | If the API can be used without authentication. | false |
camunda.security.csrf
Property | Description | Default value |
---|---|---|
camunda.security.csrf.enabled | Enables or disables CSRF protection. Disabling CSRF protection is not recommended for production environments as it leaves your application vulnerable to cross-site request forgery attacks. | true |
camunda.security.http-headers
Property | Description | Related Header | Default value |
---|---|---|---|
camunda.security.http-headers.cache-control.enabled | Enables or disables cache prevention headers. Default values: Cache-Control: no-cache, no-store, max-age=0, must-revalidate , Pragma: no-cache , Expires: 0 . | Cache-Control , Pragma , Expires | true |
camunda.security.http-headers.content-security-policy.enabled | Enables or disables CSP headers. | Content-Security-Policy | true |
camunda.security.http-headers.content-security-policy.policy-directives | Custom CSP directives. If not set, default values applied. If set, overrides default CSP policies. | Content-Security-Policy | |
camunda.security.http-headers.content-security-policy.report-only | Enables reporting mode without enforcing policies. | Content-Security-Policy-Report-Only | false |
camunda.security.http-headers.content-type-options.enabled | Enables or disables X-Content-Type-Options header with nosniff value. | X-Content-Type-Options | true |
camunda.security.http-headers.cross-origin-embedder-policy.value | Restricts embedded cross-origin resources. Options: REQUIRE_CORP , UNSAFE_NONE . | Cross-Origin-Embedder-Policy | UNSAFE_NONE |
camunda.security.http-headers.cross-origin-opener-policy.value | Isolates windows from cross-origin openers. Options: UNSAFE_NONE , SAME_ORIGIN_ALLOW_POPUPS , SAME_ORIGIN . | Cross-Origin-Opener-Policy | SAME_ORIGIN_ALLOW_POPUPS |
camunda.security.http-headers.cross-origin-resource-policy.value | Declares whether resources can be loaded cross-origin. Options: SAME_ORIGIN , SAME_SITE , CROSS_ORIGIN . | Cross-Origin-Resource-Policy | SAME_SITE |
camunda.security.http-headers.frame-options.enabled | Enables or disables X-Frame-Options header. Default value is SAMEORIGIN . | X-Frame-Options | true |
camunda.security.http-headers.frame-options.mode | Frame options mode. Options: DENY , SAMEORIGIN . | X-Frame-Options | SAMEORIGIN |
camunda.security.http-headers.hsts.enabled | Enables or disables Strict-Transport-Security header. | Strict-Transport-Security | true |
camunda.security.http-headers.hsts.include-subdomains | Applies HSTS to all subdomains. | Strict-Transport-Security | false |
camunda.security.http-headers.hsts.max-age-in-seconds | HSTS max age in seconds. | Strict-Transport-Security | 31536000 |
camunda.security.http-headers.hsts.preload | Enables HSTS preloading. | Strict-Transport-Security | false |
camunda.security.http-headers.permissions-policy.value | Restricts access to browser capabilities. | Permissions-Policy | Disables all features by default |
camunda.security.http-headers.referrer-policy.value | Controls referrer information sharing. See available values below. | Referrer-Policy | STRICT_ORIGIN_WHEN_CROSS_ORIGIN |
Default Content Security Policy
This is default value of the Content Security Policy when enabled:
default-src 'self';
base-uri 'self';
script-src 'self' https: *.chargebee.com *.mixpanel.com ajax.cloudflare.com static.cloudflareinsights.com;
script-src-elem 'self' cdn.jsdelivr.net ;
connect-src 'self' https: *.mixpanel.com cloudflareinsights.com *.appcues.net wss://api.appcues.net cdn.jsdelivr.net;
style-src 'self' https: 'unsafe-inline' cdn.jsdelivr.net *.googleapis.com *.chargebee.com;
img-src data: 'self';
form-action 'self';
frame-ancestors 'self';
frame-src 'self' https: *.chargebee.com blob: ;
object-src 'self' blob:;
font-src 'self' data: fonts.camunda.io cdn.jsdelivr.net;
worker-src 'self' blob:;
child-src;
script-src-attr 'none'.
camunda.security.authentication.oidc
Property | Description | Default value |
---|---|---|
camunda.security.authentication.oidc.client-id | The client ID for OIDC authentication. | |
camunda.security.authentication.oidc.client-secret | The client secret for OIDC authentication. | |
camunda.security.authentication.oidc.issuer-uri | The issuer URI for OIDC authentication. If set, the individual endpoints of your OIDC provider will be fetched from its well-known configuration endpoint. In this case, any individually configured token, authorization, and JWKS URIs do not take effect. | |
camunda.security.authentication.oidc.redirect-uri | The URI for redirects from the OIDC provider to the Orchestration Cluster after user login. | http://localhost:8080/sso-callback |
camunda.security.authentication.oidc.username-claim | The JWT claim that identifies a user. Extracted from a token, this claim value becomes the user's username. This setting is evaluated on any token-based access, regardless of the underying OIDC/OAuth flow. | sub |
camunda.security.authentication.oidc.groups-claim | The JWT claim that contains a user's or client's groups. Expects an array of String values. If not set, groups can be managed in the Orchestration Cluster through its REST APIs. | |
camunda.security.authentication.oidc.client-id-claim | The JWT claim that identifies a client. Extracted from a token, this claim value becomes the clients's ID. This setting is evaluated on any token-based access, regardless of the underying OIDC/OAuth flow. | |
camunda.security.authentication.oidc.audiences | Comma-separated list of audiences to validate in the OIDC token. | |
camunda.security.authentication.oidc.scope | Comma-separated list of scopes to request in the OIDC token. | openid, profile |
camunda.security.authentication.oidc.jwk-set-uri | Sets the OIDC provider's JWK Set URI explicitly. Only takes effect if camunda.security.authentication.oidc.issuer-uri is not set. | |
camunda.security.authentication.oidc.authorization-uri | Sets the OIDC provider's authorization URI explicitly. Only takes effect if camunda.security.authentication.oidc.issuer-uri is not set. | |
camunda.security.authentication.oidc.token-uri | Sets the OIDC provider's token URI explicitly. Only takes effect if camunda.security.authentication.oidc.issuer-uri is not set. |
camunda.security.initialization.default-roles
Property | Description | Default value |
---|---|---|
camunda.security.initialization.default-roles.<role>.clients.[0] | Clients assigned to the <role> role. | |
camunda.security.initialization.default-roles.<role>.groups.[0] | Groups assigned to the <role> role. | |
camunda.security.initialization.default-roles.<role>.mappingrules.[0] | Mapping rules assigned to the <role> role. | |
camunda.security.initialization.default-roles.<role>.users.[0] | Users assigned to the <role> role. |
camunda.security.initialization.users
Property | Description | Default value |
---|---|---|
camunda.security.initialization.users.[0].email | The email address of the first user. | |
camunda.security.initialization.users.[0].name | The name of the first user. | |
camunda.security.initialization.users.[0].password | The password of the first user. | |
camunda.security.initialization.users.[0].username | The username of the first user. |
camunda.security.initialization.mappingrules
Property | Description | Default value |
---|---|---|
camunda.security.initialization.mappingrules.[0].claim-name | The claim of the first mapping rule. | |
camunda.security.initialization.mappingrules.[0].claim-value | The claim's value of the first mapping rule. | |
camunda.security.initialization.mappingrules.[0].mapping-rule-id | The id of the first mapping rule. |
camunda.security.multi-tenancy
Property | Description | Default value |
---|---|---|
camunda.security.multi-tenancy.api-enabled | Enables the multi-tenancy API and UI independently from multi-tenancy checks. | true |
camunda.security.multi-tenancy.checks-enabled | Enables multi-tenancy checks. This requires the API to be protected. | false |
camunda.persistent.sessions
Property | Description | Default value |
---|---|---|
camunda.persistent.sessions.enabled | Stores session data in secondary storage so users stay logged in across cluster nodes. | false |
spring.profiles
Property | Description | Default value |
---|---|---|
spring.profiles.active | Note: This property will be deprecated as additional authentication methods become available. | consolidated-auth |
CAMUNDA_SECURITY
Property | Description | Default value |
---|---|---|
CAMUNDA_SECURITY_IDVALIDATIONPATTERN | A Java regular expression that validates the user-defined identifiers of Identity-related entities. | ^[a-zA-Z0-9_@.+-]+$ |
CAMUNDA_SECURITY_AUTHENTICATION
Property | Description | Default value |
---|---|---|
CAMUNDA_SECURITY_AUTHENTICATION_AUTHENTICATIONREFRESHINTERVAL | The interval at which the memberships (groups, roles, tenants, component authorizations) are refreshed for logged in users. Find more details in webserver and security. | PT30S |
CAMUNDA_SECURITY_AUTHORIZATIONS_ENABLED | If authorizations are enabled. | true |
CAMUNDA_SECURITY_AUTHENTICATION_METHOD | The authentication method to use. Options: basic , oidc . | basic |
CAMUNDA_SECURITY_AUTHENTICATION_UNPROTECTEDAPI | If the API can be used without authentication. | false |
CAMUNDA_SECURITY_AUTHENTICATION_OIDC
Property | Description | Default value |
---|---|---|
CAMUNDA_SECURITY_AUTHENTICATION_OIDC_CLIENTID | The client ID for OIDC authentication. | |
CAMUNDA_SECURITY_AUTHENTICATION_OIDC_CLIENTSECRET | The client secret for OIDC authentication. | |
CAMUNDA_SECURITY_AUTHENTICATION_OIDC_ISSUERURI | The issuer URI for OIDC authentication. If set, the individual endpoints of your OIDC provider will be fetched from its well-known configuration endpoint. In this case, any individually configured token, authorization, and JWKS URIs do not take effect. | |
CAMUNDA_SECURITY_AUTHENTICATION_OIDC_REDIRECTURI | The URI for redirects from the OIDC provider to the Orchestration Cluster after user login. | http://localhost:8080/sso-callback |
CAMUNDA_SECURITY_AUTHENTICATION_OIDC_USERNAMECLAIM | The JWT claim that identifies a user. Extracted from a token, this claim value becomes the user's username. This setting is evaluated on any token-based access, regardless of the underying OIDC/OAuth flow. | sub |
CAMUNDA_SECURITY_AUTHENTICATION_OIDC_GROUPSCLAIM | The JWT claim that contains a user's or client's groups. Expects an array of String values. If not set, groups can be managed in the Orchestration Cluster through its REST APIs. | |
CAMUNDA_SECURITY_AUTHENTICATION_OIDC_CLIENTIDCLAIM | The JWT claim that identifies a client. Extracted from a token, this claim value becomes the clients's id. This setting is evaluated on any token-based access, regardless of the underying OIDC/OAuth flow. | |
CAMUNDA_SECURITY_AUTHENTICATION_OIDC_AUDIENCES | Comma-separated list of audiences to validate in the OIDC token. | |
CAMUNDA_SECURITY_AUTHENTICATION_OIDC_SCOPE | Comma-separated list of scopes to request in the OIDC token. | openid, profile |
CAMUNDA_SECURITY_AUTHENTICATION_OIDC_JWKSETURI | Sets the OIDC provider's JWK Set URI explicitly. Only takes effect if CAMUNDA_SECURITY_AUTHENTICATION_OIDC_ISSUERURI is not set. | |
CAMUNDA_SECURITY_AUTHENTICATION_OIDC_AUTHORIZATIONURI | Sets the OIDC provider's authorization URI explicitly. Only takes effect if CAMUNDA_SECURITY_AUTHENTICATION_OIDC_ISSUERURI is not set. | |
CAMUNDA_SECURITY_AUTHENTICATION_OIDC_TOKENURI | Sets the OIDC provider's token URI explicitly. Only takes effect if CAMUNDA_SECURITY_AUTHENTICATION_OIDC_ISSUERURI is not set. |
CAMUNDA_SECURITY_CSRF
Property | Description | Default value |
---|---|---|
CAMUNDA_SECURITY_CSRF_ENABLED | Enables or disables CSRF protection. Disabling CSRF protection is not recommended for production environments as it leaves your application vulnerable to cross-site request forgery attacks. | true |
CAMUNDA_SECURITY_HTTP_HEADERS
Property | Description | Related Header | Default value |
---|---|---|---|
CAMUNDA_SECURITY_HTTP_HEADERS_CACHE_CONTROL_ENABLED | Enables or disables cache prevention headers. Default values: Cache-Control: no-cache, no-store, max-age=0, must-revalidate , Pragma: no-cache , Expires: 0 . | Cache-Control , Pragma , Expires | true |
CAMUNDA_SECURITY_HTTP_HEADERS_CONTENT_SECURITY_POLICY_ENABLED | Enables or disables CSP headers. | Content-Security-Policy | true |
CAMUNDA_SECURITY_HTTP_HEADERS_CONTENT_SECURITY_POLICY_POLICY_DIRECTIVES | Custom CSP directives. If not set, default values applied. If set, overrides default CSP policies. | Content-Security-Policy | |
CAMUNDA_SECURITY_HTTP_HEADERS_CONTENT_SECURITY_POLICY_REPORT_ONLY | Enables reporting mode without enforcing policies. | Content-Security-Policy-Report-Only | false |
CAMUNDA_SECURITY_HTTP_HEADERS_CONTENT_TYPE_OPTIONS_ENABLED | Enables or disables X-Content-Type-Options header with nosniff value. | X-Content-Type-Options | true |
CAMUNDA_SECURITY_HTTP_HEADERS_CROSS_ORIGIN_EMBEDDER_POLICY_VALUE | Restricts embedded cross-origin resources. Options: REQUIRE_CORP , UNSAFE_NONE . | Cross-Origin-Embedder-Policy | UNSAFE_NONE |
CAMUNDA_SECURITY_HTTP_HEADERS_CROSS_ORIGIN_OPENER_POLICY_VALUE | Isolates windows from cross-origin openers. Options: UNSAFE_NONE , SAME_ORIGIN_ALLOW_POPUPS , SAME_ORIGIN . | Cross-Origin-Opener-Policy | SAME_ORIGIN_ALLOW_POPUPS |
CAMUNDA_SECURITY_HTTP_HEADERS_CROSS_ORIGIN_RESOURCE_POLICY_VALUE | Declares whether resources can be loaded cross-origin. Options: SAME_ORIGIN , SAME_SITE , CROSS_ORIGIN . | Cross-Origin-Resource-Policy | SAME_SITE |
CAMUNDA_SECURITY_HTTP_HEADERS_FRAME_OPTIONS_ENABLED | Enables or disables X-Frame-Options header. Default value is SAMEORIGIN . | X-Frame-Options | true |
CAMUNDA_SECURITY_HTTP_HEADERS_FRAME_OPTIONS_MODE | Frame options mode. Options: DENY , SAMEORIGIN . | X-Frame-Options | SAMEORIGIN |
CAMUNDA_SECURITY_HTTP_HEADERS_HSTS_ENABLED | Enables or disables Strict-Transport-Security header. | Strict-Transport-Security | true |
CAMUNDA_SECURITY_HTTP_HEADERS_HSTS_INCLUDE_SUBDOMAINS | Applies HSTS to all subdomains. | Strict-Transport-Security | false |
CAMUNDA_SECURITY_HTTP_HEADERS_HSTS_MAX_AGE_IN_SECONDS | HSTS max age in seconds. | Strict-Transport-Security | 31536000 |
CAMUNDA_SECURITY_HTTP_HEADERS_HSTS_PRELOAD | Enables HSTS preloading. | Strict-Transport-Security | false |
CAMUNDA_SECURITY_HTTP_HEADERS_PERMISSIONS_POLICY_VALUE | Restricts access to browser capabilities. | Permissions-Policy | Disables all features by default |
CAMUNDA_SECURITY_HTTP_HEADERS_REFERRER_POLICY_VALUE | Controls referrer information sharing. See available values below. | Referrer-Policy | STRICT_ORIGIN_WHEN_CROSS_ORIGIN |
Default Content Security Policy
This is default value of the Content Security Policy when enabled:
default-src 'self';
base-uri 'self';
script-src 'self' https: *.chargebee.com *.mixpanel.com ajax.cloudflare.com static.cloudflareinsights.com;
script-src-elem 'self' cdn.jsdelivr.net ;
connect-src 'self' https: *.mixpanel.com cloudflareinsights.com *.appcues.net wss://api.appcues.net cdn.jsdelivr.net;
style-src 'self' https: 'unsafe-inline' cdn.jsdelivr.net *.googleapis.com *.chargebee.com;
img-src data: 'self';
form-action 'self';
frame-ancestors 'self';
frame-src 'self' https: *.chargebee.com blob: ;
object-src 'self' blob:;
font-src 'self' data: fonts.camunda.io cdn.jsdelivr.net;
worker-src 'self' blob:;
child-src;
script-src-attr 'none'.
CAMUNDA_SECURITY_INITIALIZATION_DEFAULTROLES
Property | Description | Default value |
---|---|---|
CAMUNDA_SECURITY_INITIALIZATION_DEFAULTROLES_<ROLE>_CLIENTS_0 | Clients assigned to the <role> role. | |
CAMUNDA_SECURITY_INITIALIZATION_DEFAULTROLES_<ROLE>_GROUPS_0 | Groups assigned to the <role> role. | |
CAMUNDA_SECURITY_INITIALIZATION_DEFAULTROLES_<ROLE>_MAPPINGRULES_0 | Mapping rules assigned to the <role> role. | |
CAMUNDA_SECURITY_INITIALIZATION_DEFAULTROLES_<ROLE>_USERS_0 | Users assigned to the <role> role. |
CAMUNDA_SECURITY_INITIALIZATION_MAPPINGRULES
Property | Description | Default value |
---|---|---|
CAMUNDA_SECURITY_INITIALIZATION_MAPPINGRULES_0_CLAIMNAME | The claim of the first mapping rule. | |
CAMUNDA_SECURITY_INITIALIZATION_MAPPINGRULES_0_CLAIMVALUE | The claim's value of the first mapping rule. | |
CAMUNDA_SECURITY_INITIALIZATION_MAPPINGRULES_0_MAPPINGRULEID | The id of the first mapping rule. |
CAMUNDA_SECURITY_INITIALIZATION_USERS
Property | Description | Default value |
---|---|---|
CAMUNDA_SECURITY_INITIALIZATION_USERS_0_EMAIL | The email address of the first user. | |
CAMUNDA_SECURITY_INITIALIZATION_USERS_0_NAME | The name of the first user. | |
CAMUNDA_SECURITY_INITIALIZATION_USERS_0_PASSWORD | The password of the first user. |
CAMUNDA_SECURITY_MULTITENANCY
Property | Description | Default value |
---|---|---|
CAMUNDA_SECURITY_MULTITENANCY_APIENABLED | Enables the multi-tenancy API and UI independently from multi-tenancy checks. | true |
CAMUNDA_SECURITY_MULTITENANCY_CHECKSENABLED | Enables multi-tenancy checks. This requires the API to be protected. | false |
CAMUNDA_PERSISTENT_SESSIONS
Property | Description | Default value |
---|---|---|
CAMUNDA_PERSISTENT_SESSIONS_ENABLED | Stores session data in secondary storage so users stay logged in across cluster nodes. | false |
SPRING_PROFILES
Property | Description | Default value |
---|---|---|
SPRING_PROFILES_ACTIVE | Note: This property will be deprecated as additional authentication methods become available. | consolidated-auth |
global
Property | Description | Default value |
---|---|---|
global.persistent.sessions.enabled | Stores session data in secondary storage so users stay logged in across cluster nodes. | true |
orchestration.security.authentication
Property | Description | Default value |
---|---|---|
orchestration.security.authentication.method | The authentication method to use. Options: basic , oidc . | basic |
orchestration.security.authentication.authenticationRefreshInterval | The interval at which the memberships (groups, roles, tenants, component authorizations) are refreshed for logged in users. Find more details in webserver and security. | PT30S |
orchestration.security.authentication.unprotectedApi | If the API can be used without authentication. | false |
orchestration.security.authentication.oidc
Property | Description | Default value |
---|---|---|
orchestration.security.authentication.oidc.clientId | The client ID for OIDC authentication. | |
orchestration.security.authentication.oidc.clientSecret | The client secret for OIDC authentication. | |
orchestration.security.authentication.oidc.issuer | Sets the OIDC provider's authorization URI explicitly. | |
orchestration.security.authentication.oidc.jwksUrl | Sets the OIDC provider's JWK Set URI explicitly. | |
orchestration.security.authentication.oidc.tokenUrl | Sets the OIDC provider's token URI explicitly. | |
orchestration.security.authentication.oidc.redirectUrl | The URI for redirects from the OIDC provider to the Orchestration Cluster after user login | http://localhost:8080/sso-callback |
orchestration.security.authentication.oidc.userNameClaim | The JWT claim that identifies a user. Extracted from a token, this claim value becomes the user's username. This setting is evaluated on any token-based access, regardless of the underying OIDC/OAuth flow. | sub |
orchestration.security.authentication.oidc.clientIdClaim | The JWT claim that identifies a client. Extracted from a token, this claim value becomes the clients's id. This setting is evaluated on any token-based access, regardless of the underying OIDC/OAuth flow. | sub |
orchestration.security.authentication.oidc.groupsClaim | The JWT claim that contains a user's or client's groups. Expects an array of String values. If not set, groups can be managed in the Orchestration Cluster through its REST APIs. | |
orchestration.security.authentication.oidc.audiences | Comma-separated list of audiences to validate in the OIDC token. |
orchestration.security.authorizations
Property | Description | Default value |
---|---|---|
orchestration.security.authorizations.enabled | If authorizations are enabled. | true |
orchestration.security.csrf
Property | Description | Default value |
---|---|---|
orchestration.security.csrf.enabled | Enables or disables CSRF protection. Disabling CSRF protection is not recommended for production environments as it leaves your application vulnerable to cross-site request forgery attacks. | true |
orchestration.security.httpHeaders
Property | Description | Related Header | Default value |
---|---|---|---|
orchestration.security.httpHeaders.cacheControl.enabled | Enables or disables cache prevention headers. Default values: Cache-Control: no-cache, no-store, max-age=0, must-revalidate , Pragma: no-cache , Expires: 0 . | Cache-Control , Pragma , Expires | true |
orchestration.security.httpHeaders.contentSecurityPolicy.enabled | Enables or disables CSP headers. | Content-Security-Policy | true |
orchestration.security.httpHeaders.contentSecurityPolicy.policyDirectives | Custom CSP directives. If not set, default values applied. If set, overrides default CSP policies. | Content-Security-Policy | |
orchestration.security.httpHeaders.contentSecurityPolicy.reportOnly | Enables reporting mode without enforcing policies. | Content-Security-Policy-Report-Only | false |
orchestration.security.httpHeaders.contentTypeOptions.enabled | Enables or disables X-Content-Type-Options header with nosniff value. | X-Content-Type-Options | true |
orchestration.security.httpHeaders.crossOriginEmbedderPolicy.value | Restricts embedded cross-origin resources. Options: REQUIRE_CORP , UNSAFE_NONE . | Cross-Origin-Embedder-Policy | UNSAFE_NONE |
orchestration.security.httpHeaders.crossOriginOpenerPolicy.value | Isolates windows from cross-origin openers. Options: UNSAFE_NONE , SAME_ORIGIN_ALLOW_POPUPS , SAME_ORIGIN . | Cross-Origin-Opener-Policy | SAME_ORIGIN_ALLOW_POPUPS |
orchestration.security.httpHeaders.crossOriginResourcePolicy.value | Declares whether resources can be loaded cross-origin. Options: SAME_ORIGIN , SAME_SITE , CROSS_ORIGIN . | Cross-Origin-Resource-Policy | SAME_SITE |
orchestration.security.httpHeaders.frameOptions.enabled | Enables or disables X-Frame-Options header. Default value is SAMEORIGIN . | X-Frame-Options | true |
orchestration.security.httpHeaders.frameOptions.mode | Frame options mode. Options: DENY , SAMEORIGIN . | X-Frame-Options | SAMEORIGIN |
orchestration.security.httpHeaders.hsts.enabled | Enables or disables Strict-Transport-Security header. | Strict-Transport-Security | true |
orchestration.security.httpHeaders.hsts.includeSubdomains | Applies HSTS to all subdomains. | Strict-Transport-Security | false |
orchestration.security.httpHeaders.hsts.maxAgeInSeconds | HSTS max age in seconds. | Strict-Transport-Security | 31536000 |
orchestration.security.httpHeaders.hsts.preload | Enables HSTS preloading. | Strict-Transport-Security | false |
orchestration.security.httpHeaders.permissionsPolicy.value | Restricts access to browser capabilities. | Permissions-Policy | Disables all features by default |
orchestration.security.httpHeaders.referrerPolicy.value | Controls referrer information sharing. See available values below. | Referrer-Policy | STRICT_ORIGIN_WHEN_CROSS_ORIGIN |
Default Content Security Policy
This is default value of the Content Security Policy when enabled:
default-src 'self';
base-uri 'self';
script-src 'self' https: *.chargebee.com *.mixpanel.com ajax.cloudflare.com static.cloudflareinsights.com;
script-src-elem 'self' cdn.jsdelivr.net ;
connect-src 'self' https: *.mixpanel.com cloudflareinsights.com *.appcues.net wss://api.appcues.net cdn.jsdelivr.net;
style-src 'self' https: 'unsafe-inline' cdn.jsdelivr.net *.googleapis.com *.chargebee.com;
img-src data: 'self';
form-action 'self';
frame-ancestors 'self';
frame-src 'self' https: *.chargebee.com blob: ;
object-src 'self' blob:;
font-src 'self' data: fonts.camunda.io cdn.jsdelivr.net;
worker-src 'self' blob:;
child-src;
script-src-attr 'none'.
orchestration.security.initialization
Property | Description | Default value |
---|---|---|
orchestration.security.initiation.users | List of users to initialize (each with username, password, name, email). | |
orchestration.security.initiation.mappingRules | List of mapping rule to initialize (each with mappingRuleId, claimName, claimValue). |
orchestration.security.multiTenancy
Property | Description | Default value |
---|---|---|
orchestration.security.multiTenancy.checksEnabled | Enables multi-tenancy checks. This requires the API to be protected. | false |
orchestration.security.multiTenancy.apiEnabled | Enables the multi-tenancy API and UI independently from multi-tenancy checks. | true |
Disabling CSRF protection is not recommended for production environments as it leaves your application vulnerable to cross-site request forgery attacks.
Secondary storage
Review secondary storage management for guidance on best practices, ensuring data integrity and performance optimization.
Connection
- Environment variables
- application.yaml
- Helm values
Environment variable | Description | Default value |
---|---|---|
CAMUNDA_DATA_SECONDARYSTORAGE_TYPE | Type of secondary storage to use. Must match either elasticsearch or opensearch . | elasticsearch |
CAMUNDA_DATA_SECONDARYSTORAGE_ELASTICSEARCH_URL CAMUNDA_DATA_SECONDARYSTORAGE_OPENSEARCH_URL | Secondary storage host URL. Use the variable matching the selected type. | http://localhost:9200 |
CAMUNDA_DATA_SECONDARYSTORAGE_ELASTICSEARCH_CLUSTERNAME CAMUNDA_DATA_SECONDARYSTORAGE_OPENSEARCH_CLUSTERNAME | Secondary storage cluster name. Use the variable matching the selected type. | elasticsearch |
CAMUNDA_DATA_SECONDARYSTORAGE_ELASTICSEARCH_USERNAME CAMUNDA_DATA_SECONDARYSTORAGE_OPENSEARCH_USERNAME | Username for accessing the secondary storage REST API (leave blank if not secured). | - |
CAMUNDA_DATA_SECONDARYSTORAGE_ELASTICSEARCH_PASSWORD CAMUNDA_DATA_SECONDARYSTORAGE_OPENSEARCH_PASSWORD | Password for accessing the secondary storage REST API. | - |
CAMUNDA_DATA_SECONDARYSTORAGE_ELASTICSEARCH_SECURITY_ENABLED CAMUNDA_DATA_SECONDARYSTORAGE_OPENSEARCH_SECURITY_ENABLED | Enables HTTPS and related SSL/TLS handling for the secondary storage connection. | false |
CAMUNDA_DATA_SECONDARYSTORAGE_ELASTICSEARCH_SECURITY_CERTIFICATEPATH CAMUNDA_DATA_SECONDARYSTORAGE_OPENSEARCH_SECURITY_CERTIFICATEPATH | Path to the trusted root or CA certificate file when using a custom or self-signed certificate. | - |
CAMUNDA_DATA_SECONDARYSTORAGE_ELASTICSEARCH_SECURITY_VERIFYHOSTNAME CAMUNDA_DATA_SECONDARYSTORAGE_OPENSEARCH_SECURITY_VERIFYHOSTNAME | Whether the hostname in the certificate must match the endpoint. Disable only for troubleshooting. | true |
CAMUNDA_DATA_SECONDARYSTORAGE_ELASTICSEARCH_SECURITY_SELFSIGNED CAMUNDA_DATA_SECONDARYSTORAGE_OPENSEARCH_SECURITY_SELFSIGNED | Indicates the certificate is self-signed (enables relaxed trust handling when supported). | false |
CAMUNDA_DATA_SECONDARYSTORAGE_ELASTICSEARCH_INDEXPREFIX CAMUNDA_DATA_SECONDARYSTORAGE_OPENSEARCH_INDEXPREFIX | Optional prefix for secondary storage index names. | - |
CAMUNDA_DATABASE_AWSENABLED | Use basic authentication or AWS credentials to log in.
| false |
Application.yaml property | Description | Default value |
---|---|---|
camunda.data.secondary-storage.type | Type of secondary storage to use. Must match either elasticsearch or opensearch . | elasticsearch |
camunda.data.secondary-storage.elasticsearch.url camunda.data.secondary-storage.opensearch.url | Secondary storage host URL. Use the property matching the selected type. | http://localhost:9200 |
camunda.data.secondary-storage.elasticsearch.clusterName camunda.data.secondary-storage.opensearch.clusterName | Secondary storage cluster name. Use the property matching the selected type. | elasticsearch |
camunda.data.secondary-storage.elasticsearch.username camunda.data.secondary-storage.opensearch.username | Username for accessing the secondary storage REST API (leave blank if not secured). | - |
camunda.data.secondary-storage.elasticsearch.password camunda.data.secondary-storage.opensearch.password | Password for accessing the secondary storage REST API. | - |
camunda.data.secondary-storage.elasticsearch.security.enabled camunda.data.secondary-storage.opensearch.security.enabled | Enables HTTPS and related SSL/TLS handling for the secondary storage connection. | false |
camunda.data.secondary-storage.elasticsearch.security.certificatePath camunda.data.secondary-storage.opensearch.security.certificatePath | Path to the trusted root or CA certificate file when using a custom or self-signed certificate. | - |
camunda.data.secondary-storage.elasticsearch.security.verifyHostname camunda.data.secondary-storage.opensearch.security.verifyHostname | Whether the hostname in the certificate must match the endpoint. Disable only for troubleshooting. | true |
camunda.data.secondary-storage.elasticsearch.security.selfSigned camunda.data.secondary-storage.opensearch.security.selfSigned | Indicates the certificate is self-signed (enables relaxed trust handling when supported). | false |
camunda.data.secondary-storage.elasticsearch.indexPrefix camunda.data.secondary-storage.opensearch.indexPrefix | Optional prefix for secondary storage index names. | - |
camunda.database.aws-enabled | Use basic authentication or AWS credentials to log in.
| false |
Helm value key | Description | Default value |
---|---|---|
global.elasticsearch.enabled global.opensearch.enabled | Enable Elasticsearch or OpenSearch as the secondary storage backend (enable exactly one). | true (Elasticsearch)false (OpenSearch) |
global.elasticsearch.auth.username global.opensearch.auth.username | Username for accessing the secondary storage cluster (leave blank if not secured). | - |
global.elasticsearch.auth.password global.opensearch.auth.password | Password for accessing the secondary storage cluster (use secret-based authentication if available). | - |
orchestration.index.prefix | Optional prefix for indices created in the secondary storage cluster. | - |
global.opensearch.aws.enabled | Use basic authentication or AWS credentials to log in.
| false |
Enable exactly one of global.elasticsearch.enabled
or global.opensearch.enabled
.
If both are set to false
, you can set global.noSecondaryStorage=true
to run in engine-only mode.
Do not set both providers to true
simultaneously.
Set indexPrefix
only if you need to separate secondary storage indices from other indices in the same cluster (for example, when multiple Camunda environments share one cluster). Leave blank (-
) to use the default.
Secure connection (HTTPS / TLS)
To connect to a secured (https
) Elasticsearch or OpenSearch cluster for secondary storage:
- Change the URL protocol from
http
tohttps
. - Provide
username
andpassword
if the cluster requires authentication. - Use additional security properties to handle custom certificates or strict hostname verification:
- Set
security.enabled=true
(or simply use anhttps
URL if auto-detection applies) to activate SSL/TLS handling. - Use
security.certificatePath
when the server certificate is signed by a custom CA or is self-signed so the JVM can trust it. - Set
security.selfSigned=true
if the certificate is self-signed and the client logic requires this hint. - Keep
security.verifyHostname=true
for production. Disable it only temporarily to diagnose hostname/certificate mismatch issues.
- Set
Import the certificate (or its issuing CA) into the JVM trust store if it is not already trusted.
For Kubernetes-based deployments, mount a trust store and point certificatePath
to it.
Index & retention settings
The following properties control index creation characteristics (shards, replicas, template priority) and retention/lifecycle policies for secondary storage indices.
- Environment variables
- application.yaml
- Helm values
Environment variable | Description | Default value |
---|---|---|
CAMUNDA_DATABASE_INDEX_NUMBEROFSHARDS | Default number of primary shards for new indices. | 1 |
CAMUNDA_DATABASE_INDEX_SHARDSBYINDEXNAME | JSON map overriding shard count per index (key=index name, value=shards). | - |
CAMUNDA_DATABASE_INDEX_NUMBEROFREPLICAS | Default number of replicas for new indices. | 0 |
CAMUNDA_DATABASE_INDEX_REPLICASBYINDEXNAME | JSON map overriding replica count per index (key=index name, value=replicas). | - |
CAMUNDA_DATABASE_INDEX_TEMPLATEPRIORITY | Priority applied to index templates created by the platform. Higher values override provider defaults. | - |
CAMUNDA_DATABASE_RETENTION_ENABLED | Enables creation and application of retention/ILM policies. | false |
CAMUNDA_DATABASE_RETENTION_MINIMUMAGE | Minimum age before data is eligible for deletion. | 30d |
CAMUNDA_DATABASE_RETENTION_POLICYNAME | Name of the retention policy applied to standard indices. | camunda-retention-policy |
CAMUNDA_DATABASE_RETENTION_USAGEMETRICSMINIMUMAGE | Minimum age before usage metrics indices are deleted. | 730d |
CAMUNDA_DATABASE_RETENTION_USAGEMETRICSPOLICYNAME | Name of the retention policy applied to usage metrics indices. | camunda-usage-metrics-retention-policy |
Application.yaml property | Description | Default value |
---|---|---|
camunda.database.index.number-of-shards | Default number of primary shards for new indices. | 1 |
camunda.database.index.shards-by-index-name | Map overriding shard count per index (key=index name, value=shards). | - |
camunda.database.index.number-of-replicas | Default number of replicas for new indices. | 0 |
camunda.database.index.replicas-by-index-name | Map overriding replica count per index (key=index name, value=replicas). | - |
camunda.database.index.template-priority | Priority applied to index templates created by the platform. Higher values override provider defaults. | - |
camunda.database.retention.enabled | Enables creation and application of retention/ILM policies. | false |
camunda.database.retention.minimum-age | Minimum age before data is eligible for deletion. | 30d |
camunda.database.retention.policy-name | Name of the retention policy applied to standard indices. | camunda-retention-policy |
camunda.database.retention.usage-metrics-minimum-age | Minimum age before usage metrics indices are deleted. | 730d |
camunda.database.retention.usage-metrics-policy-name | Name of the retention policy applied to usage metrics indices. | camunda-usage-metrics-retention-policy |
Helm value key | Description | Default value |
---|---|---|
orchestration.history.retention.enabled | Enables creation and application of retention/ILM policies for historical indices. | false |
orchestration.history.retention.minimumAge | Minimum age before standard historical indices are deleted. | 30d |
orchestration.history.retention.policyName | Name of the ILM policy applied to standard historical indices. | camunda-retention-policy |
orchestration.history.retention.usageMetricsMinimumAge | Minimum age before usage metrics indices are deleted. | 730d |
orchestration.history.retention.usageMetricsPolicyName | Name of the ILM policy applied to usage metrics indices. | camunda-usage-metrics-retention-policy |
Shards/replicas and template priority overrides are not currently exposed as Helm values.
Configure these via environment variables or application.yaml
properties (camunda.database.index.*
) if supported by your runtime version.
Durations support ISO-8601 (P30D
) or simplified suffix formats (30d
, 12h
).
Use simplified suffix formats unless strict ISO-8601 compliance is required.
Replica count changes (number-of-replicas
and per-index overrides`)
- For newer versions (8.8+), changes are applied to existing indices on the next application restart—their settings are updated in place.
- Also written to the index templates so that newly created indices inherit the updated replica configuration.
Shard count changes (number-of-shards
and per-index overrides`)
- Only applied to index templates, affecting indices created after the change.
- Existing indices retain their original shard layout.
Template priority changes
- Adjust which template is applied when multiple patterns match.
- The effect is only for indices created after the change.
Some Elasticsearch and OpenSearch deployments may ship predefined wildcard (*
pattern) index templates with their own priorities. Assign a strictly higher priority to the Camunda index templates to ensure Camunda's mappings and settings take precedence when multiple templates match the same index name. If the priority is not higher, provider wildcard templates may override shard/replica defaults, analyzers, or field mappings, leading to unexpected index behavior.
Maps (for example, shards/replicas overrides) are key-value objects:
camunda.database.index.shards-by-index-name:
list-view: 3
task: 2
System
- Configuration property
- Environment variable
camunda.system
Property | Description | Default value |
---|---|---|
camunda.system.cpu-thread-count | Controls the number of non-blocking CPU threads to be used Warning: You should never specify a value that is larger than the number of physical cores available. Good practice is to leave 1-2 cores for IO threads and the operating system (it has to run somewhere). For example, when running Zeebe on a machine which has 4 cores, a good value would be | 2 |
camunda.system.io-thread-count | Controls the number of io threads to be used. These threads are used for workloads that write data to disk. While writing, these threads are blocked which means that they yield the CPU. | 2 |
camunda.system.clock-controlled | Controls whether the system clock or mutable one. If enabled, time progression can be controlled programmatically for testing purposes. | false |
camunda.system.actor.idle
Property | Description | Default value |
---|---|---|
camunda.system.actor.idle.max-spins | The maximum number of busy-wait spins that an idle actor thread will perform before transitioning to a different idle state in Camunda's actor system. | Null |
camunda.system.actor.idle.max-yields | The maximum number of yield operations that an idle actor thread will perform before transitioning to the next idle state in Camunda's actor system. | Null |
camunda.system.actor.idle.max-park-period | The maximum duration that an idle actor thread will remain in the parked state in Camunda's actor system. | Null |
camunda.system.upgrade
Property | Description | Default value |
---|---|---|
camunda.system.upgrade.enable-version-check | Toggles the version check restriction, used for migration. This is useful for testing migration logic on snapshot or alpha versions. The default value | true |
CAMUNDA_SYSTEM
Property | Description | Default value |
---|---|---|
CAMUNDA_SYSTEM_CPUTHREADCOUNT | Controls the number of non-blocking CPU threads to be used Warning: You should never specify a value that is larger than the number of physical cores available. Good practice is to leave 1-2 cores for IO threads and the operating system (it has to run somewhere). For example, when running Zeebe on a machine which has 4 cores, a good value would be | 2 |
CAMUNDA_SYSTEM_IOTHREADCOUNT | Controls the number of io threads to be used. These threads are used for workloads that write data to disk. While writing, these threads are blocked which means that they yield the CPU. | 2 |
CAMUNDA_SYSTEM_CLOCKCONTROLLED | Controls whether the system clock or mutable one. If enabled, time progression can be controlled programmatically for testing purposes. | false |
CAMUNDA_SYSTEM_ACTOR_IDLE
Property | Description | Default value |
---|---|---|
CAMUNDA_SYSTEM_ACTOR_IDLE_MAXSPINS | The maximum number of busy-wwait spins that an idle actor thread will perform before transitioning to a different idle state. | Null |
CAMUNDA_SYSTEM_ACTOR_IDLE_MAXYIELDS | The maximum number of yield operations that an idle actor thread will perform before transitioning to the next idle state. | Null |
CAMUNDA_SYSTEM_ACTOR_IDLE_MAXPARKPERIOD | The maximum duration that an idle actor thread will remain in the parked state. | Null |
CAMUNDA_SYSTEM_UPGRADE
Property | Description | Default value |
---|---|---|
CAMUNDA_SYSTEM_UPGRADE_ENABLEVERSIONCHECK | Toggles the version check restriction, used for migration. This is useful for testing migration logic on snapshot or alpha versions. The default value | true |