Console configuration
Console Self-Managed can be configured using environment variables and configuration parameters.
Underscores in environment variables correspond to configuration file key levels.
Environment variables
Console environment variables can be set in Helm values via the console.env key. For more details, check Console Helm values.
Keycloak settings
| Environment variable | Description | Example value | 
|---|---|---|
| KEYCLOAK_BASE_URL | Base URL for Keycloak. | https://example.com/auth | 
| KEYCLOAK_INTERNAL_BASE_URL | Internal base URL for Keycloak. | http://camunda-platform-keycloak:80/auth | 
| KEYCLOAK_REALM | Realm for Keycloak. | camunda-platform | 
Console settings
| Environment variable | Description | Example value | 
|---|---|---|
| CAMUNDA_IDENTITY_AUDIENCE | Audience for the Console client. | console | 
| CAMUNDA_IDENTITY_CLIENT_ID | Client ID for the Console client. | console | 
| CAMUNDA_CONSOLE_CONTEXT_PATH | Context path for Console. | console | 
| CAMUNDA_CONSOLE_CUSTOMERID | Unique identifier for the customer. | customer-id | 
| CAMUNDA_CONSOLE_INSTALLATIONID | Unique installation ID of the current customer installation. | installation-id | 
| CAMUNDA_CONSOLE_TELEMETRY | Telemetry mode for Console Self-Managed: disabled,online, ordownload. | online | 
| CAMUNDA_CONSOLE_DISABLE_AUTH | Disables authentication for Console. When set to true, users can access Console without logging in and API requests do not require authorization. All Identity-related variables are ignored when authentication is disabled. | true | 
| CAMUNDA_LICENSE_KEY | Camunda 8 license key. For Helm installations, configure this in the values.yamlfile. See License key for details.Without a license key, Console will display Non‑Production License in the navigation bar and log a warning; functionality is unaffected. See Camunda Enterprise page. | N/A | 
| CAMUNDA_CONSOLE_REDIRECT_URL | (Optional) Overrides the redirect URL for the authentication flow. By default, the origin URL is used. Default: empty string. | https://example.com/callback | 
| CAMUNDA_CONSOLE_REDIRECT_TRAILING_SLASH | (Optional) Controls whether a trailing slash is added to the redirect URL for the authentication flow. Default: true. | false | 
| CAMUNDA_IDENTITY_JWT_ALGORITHMS | (Optional) List of trusted JWS algorithms used for JWT validation. Only necessary if the algorithms cannot be derived from the JWK set response. | ES256 | 
SSL/TLS settings
| Environment variable | Description | Example value | 
|---|---|---|
| SERVER_SSL_ENABLED | (Optional) Whether to enable SSL support. Default: false. | true | 
| SERVER_SSL_CERTIFICATE | (Optional) Path to the PEM-encoded SSL certificate file. | file:/full/path/to/certificate.pem | 
| SERVER_SSL_CERTIFICATE_PRIVATE_KEY | (Optional) Path to the PEM-encoded private key file for the SSL certificate. | file:/full/path/to/key.pem | 
| SERVER_SSL_PASSPHRASE | (Optional) Passphrase for the key. | passphrase | 
| MANAGEMENT_SERVER_SSL_ENABLED | (Optional) Whether to enable SSL for management server routes. Default: false. | true | 
| MANAGEMENT_SERVER_SSL_CERTIFICATE | (Optional) Path to the PEM-encoded certificate file for the management server. | file:/full/path/to/certificate.pem | 
| MANAGEMENT_SERVER_SSL_CERTIFICATE_PRIVATE_KEY | (Optional) Path to the PEM-encoded private key file for the management server certificate. | file:/full/path/to/key.pem | 
| MANAGEMENT_SERVER_SSL_PASSPHRASE | (Optional) Passphrase for the management server certificate key. | passphrase | 
Proxy
These settings are useful when the application needs to make outgoing network requests in environments that require traffic to pass through a proxy server.
| Environment variable | Description | Example value | Default value | 
|---|---|---|---|
| http_proxy | Specifies the proxy server to be used for outgoing HTTP requests. | http://proxy.example.com:8080 | - | 
| https_proxy | Specifies the proxy server to be used for outgoing HTTPS requests. | https://secureproxy.example.com:443 | - | 
| no_proxy | A comma-separated list of domain names or IP addresses for which the proxy should be bypassed. | localhost,127.0.0.1,.example.com | - | 
These proxy variables (http_proxy, https_proxy, no_proxy) are lowercase by convention. Many systems and tools expect them in lowercase.
Experimental Features
The following environment variables enable experimental features:
| Environment variable | Description | Example value | Default value | 
|---|---|---|---|
| CAMUNDA_CONSOLE_EXPERIMENTAL_DISCOVERY_MODE | This mode allows orchestration clusters to register itself by calling an API in Console. | true | false | 
Telemetry
You can enable telemetry and usage collection to help us improve our product by sending several telemetry metrics to Camunda. The information we collect will contribute to continuous product enhancement and help us understand how Camunda is used. We do not collect sensitive information and limit data points to several metrics. For more information, you can download collected data set metrics from the telemetry page at anytime.
By enabling data collection and reporting, you can get a new page to introspect Camunda 8 component metrics. Usually accessible via monitoring tools like Prometheus, you can now access these metrics directly in Console. By default, telemetry collection is disabled and no data is collected.
When CAMUNDA_CONSOLE_TELEMETRY env var or telemetry parameter is set to online, the telemetry feature is activated and the collected data is sent once every 24 hours via HTTPS.
When CAMUNDA_CONSOLE_TELEMETRY env var or telemetry parameter is set to download, the telemetry feature is activated. Data collected will not be sent to Camuda automatically, but could be downloaded from Console and shared with us on request.
To enable usage collection, configure the parameters described in the next section.
Configuration parameters
To enable telemetry, the following parameters need to be configured. Camunda will provide you with the customer ID (Camunda Docker username) needed to send telemetry data to Camunda.
| Parameter | Description | Example value | 
|---|---|---|
| customerId | Unique identifier of the customer. This is also a Camunda Docker registry username. | customername | 
| installationId | Unique installation ID of the current customer installation. | my-deployment | 
| telemetry | Telemetry config for Console Self-Managed: disabled,online, ordownload. | online | 
| managed.releases.tags | Assign cluster tags to indicate what type of cluster it is. Default tags are dev,stage,test, orprod, but users can assign any custom tag. | - dev(list of strings) | 
| managed.releases.custom-properties | List of custom properties users can add to their cluster with custom descriptions and custom links on the cluster details page. | See custom properties section | 
Console environment variables could be set in Helm. For more details, check Console Helm values. For example:
console:
  env:
    - name: CAMUNDA_CONSOLE_CUSTOMERID
      values: customername
    - name: CAMUNDA_CONSOLE_INSTALLATIONID
      values: my-deployment
    - name: CAMUNDA_CONSOLE_TELEMETRY
      value: online
Override configuration parameters
You can override only specific configuration parameters as needed. The YAML structure mirrors the environment variable hierarchy. If a parameter must be changed for a specific cluster, the name and namespace fields must be set with the exact values so correlations can be made accordingly.
Example
Given the following configuration provided by Helm:
camunda:
  console:
    customerId: customer-id
    installationId: camunda-platform-id-dev-console-sm-main
    telemetry: disabled
    managed:
      method: plain
      releases:
        - name: camunda-platform
          namespace: camunda-platform-namespace
          version: 9.1.2
          components:
            - name: Console
              id: console
              version: ...
              url: https://...
              readiness: https://...
              metrics: https://...
            - name: Keycloak
              id: keycloak
              version: ...
              url: https://...
            - name: Identity
              id: identity
              version: ...
              url: https://...
              readiness: https://...
              metrics: https://...
            - name: WebModeler WebApp
              id: webModelerWebApp
              version: ...
              url: https://...
            - name: Zeebe Gateway
              id: zeebeGateway
              version: ...
              urls:
                grpc: grpc://...
                http: https://...
              readiness: https://...
              metrics: https://...
            - name: Zeebe
              id: zeebe
              version: ...
The following example of an overrideConfiguration changes the customerId and adds tags and custom-properties for the cluster with name camunda-platform in namespace camunda-platform-namespace:
console:
  overrideConfiguration:
    camunda:
      console:
        customerId: "new-customer-id"
        managed:
          releases:
            - name: camunda-platform
              namespace: camunda-platform-namespace
              tags:
                - production
              custom-properties:
                - description: "This is a custom description of the cluster."
                  links:
                    - name: "Camunda"
                      url: "https://camunda.com"
                    - name: "Camunda Docs"
                      url: "https://docs.camunda.io"
                    - name: "Grafana"
                      url: "https://..."
Custom properties
Custom properties are useful to add custom information to the Cluster details page in Console. A custom property contains a description and multiple links.
The following example shows one custom property for a cluster:
console:
  overrideConfiguration:
    camunda:
      console:
        customerId: "new-customer-id"
        managed:
          releases:
            - name: camunda-platform
              namespace: camunda-platform
              custom-properties:
                - description: "Useful links to Camunda resources."
                  links:
                    - name: "Camunda Blog"
                      url: "https://camunda.com/blog/"
                    - name: "Camunda Docs"
                      url: "https://docs.camunda.io"
Using a different OpenID Connect (OIDC) authentication provider than Keycloak
By default, Console uses Keycloak to provide authentication. You can use a different OIDC provider by following the steps described in the OIDC connection guide.
Monitoring
To help understand how Console operates, we expose the following endpoints by default:
| Endpoint | Port | Path | 
|---|---|---|
| Metrics endpoint with default Prometheus metrics | 9100 | /prometheus | 
| Readiness probe | 9100 | /health/readiness | 
| Liveness probe | 9100 | /health/liveness | 
Troubleshooting
| Problem | Solution | 
|---|---|
| Invalid parameter: redirect_uri | Ensure the correct redirect URL is configured for the application Console in Identity. The redirect URL must match the Console URL. | 
| JWKS for authentication is not reachable | To verify a user's access token the JWKS needs to be reachable. Make sure the environment variable KEYCLOAK_INTERNAL_BASE_URLis set correctly. | 
| Console shows error 401 | Make sure the logged-in user has the role Consoleassigned in the Identity service. |