WRPR Configuration Reference
This reference documents the configuration variables used by the
one-wallet-relying-party-registry service.
info
As a Spring Boot application, the WRPR supports additional standard Spring Boot properties beyond those listed here. For comprehensive Spring Boot configuration options, refer to the Spring Boot Common Application Properties.
The variables documented below are either:
- Required for functionality
- Commonly configured for deployments
- Custom properties specific to Procivis One
Spring Database Configuration
| Variable | Type | Default | Description |
|---|---|---|---|
spring.datasource.url | string | - | Database connection URL (format: jdbc:mysql://${MYSQL_HOST}:port/${MYSQL_DB}) |
spring.datasource.username | string | - | Database username |
spring.datasource.password | string | - | Database password |
spring.datasource.hikari.connectionTimeout | integer | 30000 | Maximum time (ms) to wait for connection from pool |
spring.datasource.hikari.maximumPoolSize | integer | 10 | Maximum number of connections in the pool |
spring.flyway.enabled | boolean | true | Enable/disable Flyway database migrations |
spring.flyway.locations | string | classpath:db/migration | Location of Flyway migration scripts |
spring.jpa.hibernate.ddl-auto | string | - | Hibernate DDL auto mode (for example, validate, update, create) |
spring.jpa.open-in-view | boolean | true | Enable Open Session in View pattern |
See the mariadb docs for further configurations.
Server and HTTP Settings
| Variable | Type | Default | Description |
|---|---|---|---|
server.port | integer | 8080 | HTTP port for the application server |
server.tomcat.accessLogEnabled | boolean | false | Enable Tomcat access logging |
server.tomcat.accessLogPattern | string | - | Pattern for Tomcat access logs (for example, "%a %t %r %s %b") |
server.tomcat.relaxed-query-chars | string | - | Characters allowed in URL query strings without encoding |
spring.mvc.async.request-timeout | integer | - | Async request timeout in milliseconds (30 minutes recommended for large CSV exports) |
Service Integration
Core Integration
All WRPR deployments require integration with the Procivis One Core service.
| Variable | Type | Default | Description |
|---|---|---|---|
core.enabled | boolean | - | Enable Core service integration |
core.url | string | - | Core service base URL |
core.api.authentication | string | - | Authentication mode: UNSAFE_NONE, UNSAFE_STATIC, or STS |
core.api.staticToken | string | - | Static authentication token if using UNSAFE_STATIC mode (must match Core's app.authToken or ONE_app__authToken) |
core.history.export.entryLimit | integer | - | Maximum number of entries for history export operations |
Authentication
| Variable | Type | Default | Description |
|---|---|---|---|
auth.mode | string | - | Authentication mode: UNSAFE_NONE, UNSAFE_STATIC, or STS |
auth.staticToken | string | - | Static authentication token (if using UNSAFE_STATIC mode) |
auth.stsTokenValidation.aud | string | - | Expected audience claim for STS token validation |
auth.stsTokenValidation.iss | string | - | Expected issuer claim for STS token validation |
auth.stsTokenValidation.jwksUri | string | - | JWKS endpoint URL for STS token verification |
auth.stsTokenValidation.ttlJwks | integer | - | Time-to-live for cached JWKS keys (in seconds) |
technical.token → enabled | Boolean | - | Enable WRPR as a technical user of your IAM |
technical.token → iamTokenEndpointUrl | string | - | Issuer URL of your IAM provider. Used to validate tokens issued to WRPR. |
technical.token → clientId | string | - | Client ID of the WRPR service account in your IAM provider |
technical.token → clientSecret | string | - | Client secret of the WRPR service account in your IAM provider |
technical.token → stsTokenEndpointUrl | string | - | STS token issuer URL of your BFF service |
Application Configuration
| Variable | Type | Default | Description |
|---|---|---|---|
spring.application.name | string | - | Application name identifier |
spring.config.import | string | - | Import additional configuration files (for example, environment-specific properties) |
spring.profiles.active | string | - | Active Spring profile(s) |
spring.main.banner-mode | string | console | Spring Boot banner display mode |
app.version | string | - | Application version identifier |
app.configurationPath | string | - | Specify the path to the configuration file (for example: "/app/config.json") |
app.stacktrace.enabled | boolean | - | Enable/disable stacktrace in error responses |
type | string | - | Deployment environment type (for example, localdev) |
APIs
| Variable | Type | Default | Description |
|---|---|---|---|
app.enableExternalEndpoints | string | - | Enable publicly accessible endpoints for querying registered wallet-relying parties |
app.enableManagementEndpoints | string | - | Enable internal management endpoints: /api/* |
public-api.privateKey | string | - | Private key for signing JWTs of the public API |
public-api.aud | string | - | Audience to be specified in JWT header |
public-api.iss | string | - | Issuer to be specified in JWT header |
public-api.maxTokenValidity | string | - | Maximum validity in seconds of the JWTs |
Certificate Signing
| Variable | Type | Default | Description |
|---|---|---|---|
registrationCertificateProvider.certificatePolicy | url | - | URL for certificate policy |
registrationCertificateProvider.signer | string | - | Core config instance to use for signing Registration Certificates |
accessCertificateProvider.signer | string | - | Core config instance to use for signing Access Certificates |
History Configuration
| Variable | Type | Default | Description |
|---|---|---|---|
history.type | string | - | History storage backend type, only REMOTE_REST supported |
history.enabled | boolean | - | Enable/disable history; pushes to Core history endpoint |
Management and Monitoring
| Variable | Type | Default | Description |
|---|---|---|---|
management.endpoints.access.default | string | - | Default access level for management endpoints |
management.endpoint.health.probes.enabled | boolean | - | Enable Kubernetes health probes |
management.endpoint.health.access | string | - | Access level for health endpoint (for example, unrestricted) |
management.endpoint.info.access | string | - | Access level for info endpoint (for example, unrestricted) |
management.endpoint.prometheus.access | string | - | Access level for Prometheus metrics endpoint (for example, unrestricted) |
API Documentation (Springdoc)
| Variable | Type | Default | Description |
|---|---|---|---|
springdoc.show-actuator | boolean | - | Include Spring Boot Actuator endpoints in API docs |
springdoc.api-docs.version | string | - | OpenAPI specification version (for example, openapi_3_1) |
springdoc.packages-to-scan | string | - | Package names to scan for API documentation |
springdoc.paths-to-match | string | - | Path patterns to include in API documentation (comma-separated) |
springdoc.cache.disabled | boolean | - | Disable API documentation caching |
springdoc.swagger-ui.operations-sorter | string | - | Operation sorting method in Swagger UI (for example, alpha) |
Data Serialization
| Variable | Type | Default | Description |
|---|---|---|---|
spring.jackson.serialization.write_dates_as_timestamps | boolean | false | Serialize dates as timestamps vs ISO-8601 strings |
spring.jackson.deserialization.read-unknown-enum-values-using-default-value | boolean | false | Use default enum value when encountering unknown enum values during deserialization |
spring.jackson.default-property-inclusion | string | - | Default property inclusion strategy (for example, NON_NULL) |
Logging
| Variable | Type | Default | Description |
|---|---|---|---|
logging.level.org.springframework.security | string | - | Log level for Spring Security (for example, DEBUG, INFO, WARN) |