Platform Manager

About the Platform Manager

Platform Manager is used to administer the Axual platform. It is used to perform tasks like:

Apply topic configuration
Allow producer/consumer to access a topic
Synchronize Instance

Available Docker Configurations

Name Possible Values Required Description

Name	Possible Values	Required	Description
`SPRING_DATASOURCE_URL`	A string of jdbc url "no default"	Yes	Specifies the JDBC URL used to connect to any database.
`SPRING_DATASOURCE_NAME`	A string defining the datasource name default value: fluxdb	No	This is typically used when you have multiple data sources in your application. It provides a name or identifier for the datasource.
`SPRING_DATASOURCE_DRIVER-CLASS-NAME`	A string defining the datasource driverClassName com.mysql.cj.jdbc.Driver \| org.mariadb.jdbc.Driver "no default"	No	Specifies the fully-qualified class name of the JDBC driver that should be used for the database connection.
`SPRING_DATASOURCE_USERNAME`	A string defining the username "no default"	Yes	This sets the username used to authenticate with the database.
`SPRING_DATASOURCE_PASSWORD`	A string defining the password "no default"	Yes	This sets the password for the database connection.
`SPRING_JPA_HIBERNATE_DATABASE-PLATFORM`	org.hibernate.dialect.MariaDBDialect \| org.hibernate.dialect.MySQLDialect "no default"	Yes	This is used to specify the SQL dialect that should be used by JPA and Hibernate when generating or interpreting SQL statements for a specific database.
`SPRING_JPA_HIBERNATE_DDL-AUTO`	none \| validate \| update \| create \| create-drop Default value: validate	No	controls the behavior of database schema generation and modification during application startup. none: This is the default value. It means that no schema generation or modification is done by Hibernate. You are responsible for managing the database schema manually. validate: Hibernate validates the existing schema against the current entity mappings. It will not make any changes to the schema, but it will report any discrepancies or errors. update: Hibernate updates the schema automatically based on the entity mappings. It will create tables, columns, and constraints if they don’t exist in the database. However, it will not drop any tables or columns that are no longer needed. create: Hibernate creates the schema from scratch during application startup. It will drop and re-create the tables every time the application starts. Be cautious with this option as it can result in data loss in a production environment. create-drop: Similar to create, but it also drops the schema when the application shuts down. This is typically used for testing and development environments.
`SPRING_FLYWAY_VENDOR`	mysql/mariadb Default value: mariadb	No	This is used to specify the database vendor for which Flyway should generate or apply database migration scripts.
`VAULT_ENABLED`	A boolean value [true \| false] "no default"	Yes	Controls supporting Vault for persisting application credentials.
`VAULT_URI`	A valid uri "no default"	Conditionally Yes	Specifies the uri of the Vault. It is mandatory only if `VAULT_ENABLED=true`
`VAULT_ROLE-ID`	A valid RoleId "no default"	Conditionally Yes	Role ID is used to identify the specific AppRole configured in Vault that the application is using for authentication. It is mandatory only if `VAULT_ENABLED=true`
`VAULT_SECRET-ID`	A valid secretId "no default"	Conditionally Yes	The Secret ID is a secret token associated with a particular Role ID that proves the application’s identity and authorization to access secrets. It is mandatory only if `VAULT_ENABLED=true`
`AZURE_KEY-VAULT_ENABLED`	A boolean value [true \| false] Default value: false	No	Controls supporting Azure Key Vault for governance. if it’s enabled, the `GOVERNANCE_VAULT_ENABLED` property should be set to `false` and vice versa.
`AZURE_KEY-VAULT_URI`	A valid uri "no default"	Conditionally Yes	Specifies the URI or endpoint of the Azure Key Vault instance. It is mandatory only if `AZURE_KEY-VAULT_ENABLED=true`.
`AZURE_KEY-VAULT_LOGIN-URI`	A valid uri Default value: https://login.microsoftonline.com/	Conditionally Yes	Specifies the URI for Azure AD login. It is mandatory only if `AZURE_KEY-VAULT_ENABLED=true`.
`AZURE_KEY-VAULT_SCOPE`	The base URL for Azure Key Vault containing granted permissions Default value: https://vault.azure.net	Conditionally Yes	Specifies the scope of the Azure Key Vault instance. It represents the specific resources and operations that our application is authorized to access within Azure Key Vault. It is mandatory only if `AZURE_KEY-VAULT_ENABLED=true`
`AZURE_KEY-VAULT_CLIENT-ID`	A valid clientId "no default"	Conditionally Yes	Specifies the Azure AD client ID associated with this application. The client ID identifies this application when it interacts with Azure Key Vault. It is mandatory only if `AZURE_KEY-VAULT_ENABLED=true`
`AZURE_KEY-VAULT_CLIENT-KEY`	A valid clientKey "no default"	Conditionally Yes	Represents the client secret or client key associated with our application. It is mandatory only if `AZURE_KEY-VAULT_ENABLED=true`
`AZURE_KEY-VAULT_TENANT-ID`	A valid tenantId "no default"	Conditionally Yes	specifies the Azure AD tenant ID. It is mandatory only if `AZURE_KEY-VAULT_ENABLED=true`
`SERVER_HTTP2_ENABLED`	A boolean value [true \| false] Default value: false	No	Is used in the configuration of a web server to enable or disable HTTP/2 support
`SERVER_SSL_ENABLED`	A boolean value [true \| false] Default value: true	No	Enables SSL/TLS support for secure communication
`SERVER_SSL_KEY_STORE`	A string of file path to the key-store "no default"	Conditionally Yes	Specifies the file path to the Java KeyStore (JKS) file that contains the server’s SSL certificate and private key, is mandatory only if `SERVER_SSL_ENABLED=true`
`SERVER_SSL_KEY_PASSWORD`	A string defining the password "no default"	Conditionally Yes	Specifies the password needed to access the private key within the keystore, is mandatory only if `SERVER_SSL_ENABLED=true`
`SERVER_SSL_ENABLED-PROTOCOLS`	A comma separated list of these values [TLSv1.0, TLSv1.1, TLSv1.2, TLSv1.3] "no default"	Conditionally Yes	Specifies the list of allowed SSL/TLS protocols, is mandatory only if `SERVER_SSL_ENABLED=true`
`AXUAL_API_AVAILABLE_AUTH_METHODS`	A comma seperated list of String containing these items : SSL,SCRAM_SHA_256,SCRAM_SHA_512,PLAIN Default value: SSL	No	Specifies the available authentication methods which can be used for applications to be authenticated while getting access to topics.
`AXUAL_MULTI_TENANT`	A boolean value [true \| false] Default value: true	No	Specifies if the cluster is multi-tenant or not. In case it is set to `true`, the cluster will be shared among multiple tenants
`AXUAL_DEFAULT_ROLES`	A comma seperated List of strings containing default user roles. The list of existing roles in Axual is as follows: SUPER_ADMIN, TENANT_ADMIN, APPLICATION_ADMIN, STREAM_ADMIN, ENVIRONMENT_ADMIN, APPLICATION_AUTHOR, STREAM_AUTHOR, ENVIRONMENT_AUTHOR, BILLING_INTERNAL, BILLING_VIEWER Default value: APPLICATION_AUTHOR, ENVIRONMENT_AUTHOR, STREAM_AUTHOR	No	Specifies the default roles which can be automatically granted to a user when a new user is created
`AXUAL_DEFAULT_PARTITIONS`	A valid number Default value: 2	No	Specifies the number of partitions per each topic. Must be at least 1 and at most 120000
`AXUAL_DEFAULT_REPLICATION_FACTOR`	A valid number "no default"	Yes	Specifies how many copies (replicas) of each partition of a Kafka topic should be maintained across different broker nodes. It’s a crucial factor for ensuring fault tolerance and high availability in Kafka clusters
`AXUAL_DEFAULT_SEGMENT_TIME`	A valid number (time in milliseconds) Default value: 604800000 (7 days)	No	Controls the period of time after which Kafka will force the log to roll even if the segment file isn’t full to ensure that retention can delete or compact old data
`AXUAL_DEFAULT_RETENTION_TIME`	A valid number (time in milliseconds) Default value: 604800000 (7 days)	No	Controls the maximum time Kafka will retain a log before discarding old log segments to free up space if the retention policy is equal to “delete”. This represents an SLA on how soon consumers must read their data. If set to `-1`, no time limit is applied
`AXUAL_DEFAULT_CLEANUP_POLICY`	delete \| compact \| delete,compact \| compact,delete Default value: delete	No	Specifies the cleanup policy for log segments in a topic. This property determines when log segments can be deleted to reclaim disk space. delete: This is the default cleanup policy. When this policy is applied, Kafka will delete log segments as soon as they are no longer needed for any active consumers or replication. compact: This policy is used for log compaction. With this policy, Kafka retains the latest value for each unique key in the log and deletes older versions of the same key. Log compaction is often used for Kafka topics that store changelog or event sourcing data, ensuring that the latest state of each key is always available. delete,compact: This policy combines both deletion and compaction. It deletes log segments that are no longer needed by any active consumers while also performing log compaction on the remaining data. compact,delete: Similar to the previous option, this policy combines both deletion and compaction, but it prioritizes log compaction before deletion
`AXUAL_DEFAULT_ENVIRONMENT_COLOR`	A string defining a hexadecimal color code Default value: "#80affe"	No	Specifies the default color of environment in UI
`AXUAL_BILLING_ENABLED`	A boolean value [true \| false] Default value: false	No	This is used to enable billing component
`AXUAL_CSRF_ENABLED`	A boolean value [true \| false] Default value: false	No	This is used for enabling Cross-Site Request Forgery (CSRF) protection
`AXUAL_ALLOW_OVERLAPPING_CA`	A boolean value [true \| false] Default value: false	No	Allows Using one CERTIFICATE AUTHORITY (CA) on multiple tenants if it’s set to `true`
`AXUAL_VALIDATE_DUPLICATE_SCHEMAS`	A boolean value [true \| false] Default value: true	No	Controls validation of a duplicate schema. If it’s set to `false`, the `/schemas/check-parse` API won’t check the uniqueness of the uploaded schema-version
`AXUAL_CREATE_STREAM_DISABLE_TIME`	A valid number [0, …] Default value: 0	No	Controls Disabling the StreamConfig resource creation for the specified time in minutes.
`AXUAL_CLIENT_SOCKET_TIMEOUT`	A valid number Default value: 90000	No	Specifies the maximum amount of time in milliseconds that a client will wait for a response from a server before considering the operation as timed out or failed
`AXUAL_SECURITY_DOCS-USERNAME`	A string defining the username Default value: axual	No	This sets the username used to authenticate with the docs
`AXUAL_SECURITY_DOCS-PASSWORD`	A string defining the password Default value: notsecret	No	This sets the password used to authenticate with the docs
`AXUAL_SECURITY_TRUST_STORE`	A string of file path to the trust-store "no default"	Yes	Specifies the file path to the trust store
`AXUAL_SECURITY_TRUST_STORE_PASSWORD`	A string defining the password "no default"	Yes	Specifies the password required to access and manipulate the trust store
`AXUAL_SECURITY_HEADER-BASED-AUTH`	A boolean value [true \| false] Default value: false	No	Controls using OAuth2 mechanism for securing APIs. If it’s set to `true`, disables OAuth2 and relies on headers passed from API Gateway. It should be enabled only when Platform Manager is behind a secured API Gateway.
`AXUAL_SECURITY_AUTH-MODE`	AUTH0 \| KEYCLOAK "no default"	Yes	Specifies the IAM service provider. if `AXUAL_SECURITY_HEADER-BASED-AUTH=true` this property must be set to `AUTH0`
`AXUAL_SECURITY_AUTH0-ISSUER`	The Issuer URL for Auth0 "no default"	Conditionally Yes	Is used to configure the Issuer URL for Auth0 when integrating Auth0 as an identity and authentication provider. It is required only `AXUAL_SECURITY_HEADER-BASED-AUTH=true` AND `AXUAL_SECURITY_AUTH-MODE=AUTH0`
`AXUAL_SECURITY_AUTH0-AUDIENCE`	AUTH0 \| KEYCLOAK "no default"	Conditionally Yes	Specifies the "audience" or "audience identifier" to which authentication and authorization requests are directed. It is required only `AXUAL_SECURITY_HEADER-BASED-AUTH=true` AND `AXUAL_SECURITY_AUTH-MODE=AUTH0`
`AXUAL_KEYCLOAK_AUTH_SERVER_URL`	The URL of the Keycloak authentication server "no default"	Conditionally Yes	Represents the base URL of the Keycloak authentication server. The application would use this URL to interact with Keycloak’s authentication and authorization services. It is required only `AXUAL_SECURITY_HEADER-BASED-AUTH=true` AND `AXUAL_SECURITY_AUTH-MODE=KEYCLOAK`
`AXUAL_CONNECT_AVAILABLE`	A boolean value [true \| false] Default value: false	Conditionally Yes	Controls the direct connection to Axual-Connect
`AXUAL_CONNECT_INSTANCE-CONNECT-CREDENTIALS_[tenantShortName-instanceShortName]_AUTHORIZER`	basic Default value: basic	Conditionally Yes	Specifies the type of authorization per tenant-instance, is mandatory if `AXUAL_CONNECT_AVAILABLE=true`
`AXUAL_CONNECT_INSTANCE-CONNECT-CREDENTIALS_[tenantShortName-instanceShortName]_USERNAME`	A string defining the username "no default"	Conditionally Yes	This sets the username per tenant-instance used to authenticate with the Axual-Connect, is mandatory if `AXUAL_CONNECT_AVAILABLE=true`
`AXUAL_CONNECT_INSTANCE-CONNECT-CREDENTIALS_[tenantShortName-instanceShortName]_PASSWORD`	A string defining the password "no default"	Conditionally Yes	This sets the password per tenant-instance used to authenticate with the Axual-Connect, is mandatory if `AXUAL_CONNECT_AVAILABLE=true`
`AXUAL_DEFAULT-CLUSTER-PATTERN_TOPIC-RESOLVER`	A string of fully-qualified class name of topicResolver Default value: "io.axual.common.resolver.TopicPatternResolver"	No	Specifies the fully-qualified class name of topicResolver which is used for resolving topics.
`AXUAL_DEFAULT-CLUSTER-PATTERN_TOPIC-PATTERN`	A string of topic pattern ["{topic}" \| "{environment}-{topic}" \| {instance}-{environment}-{topic} \| {tenant}-{instance}-{environment}-{topic} ] Default value: "{topic}"	No	Specifies the topic pattern for any kafka cluster owned by a Tenant and not having a defined topic pattern. This pattern is used when resolving the kafka topic name. "{topic}" this pattern means that the cluster does not support multi-environment, multi-instance and multi-tenant "{environment}-{topic}" this pattern means that the cluster is a multi-environment one and combination of `environment-topic` identifies a unique topic "{instance}-{environment}-{topic}" this pattern means that the cluster is a multi-environment and multi-instance one and combination of `instance-environment-topic` identifies a unique topic "{tenant}-{instance}-{environment}-{topic}" this pattern means that the cluster is a multi-environment, multi-instance and multi-tenant and combination of `tenant-instance-environment-topic` identifies a unique topic
`AXUAL_DEFAULT-CLUSTER-PATTERN_GROUP-ID-RESOLVER`	A string of fully-qualified class name of groupIdResolver Default value: "io.axual.common.resolver.GroupPatternResolver"	No	Specifies the fully-qualified class name of groupIdResolver which is used for resolving groups.
`AXUAL_DEFAULT-CLUSTER-PATTERN_GROUP-ID-PATTERN`	A string of groupId pattern ["{group}" \| "{environment}-{group}" \| {instance}-{environment}-{group} \| {tenant}-{instance}-{environment}-{group} ] Default value: "{group}"	No	Specifies the groupId pattern for any kafka cluster owned by a Tenant and not having a defined groupId pattern. This pattern is used when resolving the group name. "{group}" this pattern means that this cluster does not support multi-environment, multi-instance and multi-tenant "{environment}-{group}" this pattern means that the cluster is a multi-environment one and combination of `environment-group` identifies a unique group "{instance}-{environment}-{group}"this pattern means that the cluster is a multi-environment and multi-instance one and combination of `instance-environment-group` identifies a unique group. "{tenant}-{instance}-{environment}-{group}" this pattern means that the cluster is a multi-environment, multi-instance and multi-tenant and combination of `tenant-instance-environment-group` identifies a unique group
`AXUAL_DEFAULT-CLUSTER-PATTERN_TRANSACTIONAL-ID-RESOLVER`	A string of fully-qualified class name of transactionalIdResolver Default value: "io.axual.common.resolver.TransactionalIdPatternResolver"	No	Specifies the fully-qualified class name of transactionalIdResolver which is used for resolving transactions.
`AXUAL_DEFAULT-CLUSTER-PATTERN_TRANSACTIONAL-ID-PATTERN`	A string of transactionalId pattern ["{transactional.id}" \| "{environment}-{transactional.id}" \| {instance}-{environment}-{transactional.id} \| {tenant}-{instance}-{environment}-{transactional.id} ] Default value: "{transactional.id}"	No	Specifies the transactionalId pattern for any kafka cluster owned by a Tenant and not having a defined transactionalId pattern. This pattern is used when resolving the transactional.id. "{transactional.id}" this pattern means that the cluster does not support multi-environment, multi-instance and multi-tenant "{environment}-{transactional.id}" this pattern means that the cluster is multi-environment and combination of `environment-transactionalId-` identifies a unique prefixed transactional.id "{instance}-{environment}-{transactional.id}" this pattern means that the cluster is multi-environment and multi-instance and combination of `instance-environment-transactionalId-` identifies a unique prefixed transactional.id "{tenant}-{instance}-{environment}-{transactional.id}" this pattern means that the cluster is multi-environment, multi-instance and multi-tenant and combination of `tenant-instance-environment-transactionalId-` identifies a unique prefixed transactional.id
`AXUAL_DEFAULT-CLUSTER-PATTERN_MULTI-TENANT-TOPIC-PATTERN`	A string of multi-tenant topic pattern Default value: "{tenant}-{instance}-{environment}-{topic}"	No	Specifies the topic pattern for any kafka cluster not owned by a Tenant and not having a defined topic pattern. This pattern is used when resolving the kafka topic name. "{tenant}-{instance}-{environment}-{topic}" this pattern means that the cluster is a multi-environment, multi-instance and multi-tenant and combination of `tenant-instance-environment-topic` identifies a unique topic.
`AXUAL_DEFAULT-CLUSTER-PATTERN_MULTI-TENANT-GROUP-ID-PATTERN`	A string of multi-tenant groupId pattern Default value: "{tenant}-{instance}-{environment}-{group}"	No	Specifies the groupId pattern for any kafka cluster not owned by a Tenant and not having a defined groupId pattern. This pattern is used when resolving the kafka group name. "{tenant}-{instance}-{environment}-{group}" this pattern means that the cluster is a multi-environment, multi-instance and multi-tenant and combination of `tenant-instance-environment-group` identifies a unique group.
`AXUAL_DEFAULT-CLUSTER-PATTERN_MULTI-TENANT-TRANSACTIONAL-ID-PATTERN`	A string of multi-tenant transactionalId pattern Default value: "{tenant}-{instance}-{environment}-{transactional.id}"	No	Specifies the transactionalId pattern for any kafka cluster not owned by a Tenant and not having a defined transactionalId pattern. This pattern is used when resolving the transactionalId. "{tenant}-{instance}-{environment}-{transactional.id}" this pattern means that the cluster is multi-environment, multi-instance and multi-tenant and combination of `tenant-instance-environment-transactionalId-` identifies a unique prefixed transactional.id.
`GOVERNANCE_VAULT_ENABLED`	A boolean value [true \| false] Default value: false	Conditionally Yes	Controls supporting Hashicorp Key Vault for governance to persist application credentials. If it’s enabled, the `AZURE_KEY-VAULT_ENABLED` should be set to `false` and vice versa
`GOVERNANCE_VAULT_URI`	A valid uri "no default"	Conditionally Yes	Specifies the URI or endpoint of the Hashicorp Vault instance. It is mandatory only if `GOVERNANCE_VAULT_ENABLED=true`
`GOVERNANCE_VAULT_ROLE-ID`	A valid RoleId "no default"	Conditionally Yes	Role ID is used to identify the specific AppRole configured in Hashicorp Vault that the application is using for authentication. It is mandatory only if `GOVERNANCE_VAULT_ENABLED=true`
`GOVERNANCE_VAULT_SECRET-ID`	A valid secretId "no default"	Conditionally Yes	The Secret ID is a secret token associated with a particular Role ID that proves the application’s identity and authorization to access secrets. It is mandatory only if `GOVERNANCE_VAULT_ENABLED=true`
`GOVERNANCE_VAULT_PATH`	A string defining path Default value: "governance"	Conditionally Yes	Defines the specific path within Vault’s storage hierarchy where the application expects to read or write secrets or other data. It is mandatory only if `GOVERNANCE_VAULT_ENABLED=true`
`GOVERNANCE_VAULT_NAMESPACE`	A string defining the namespace "no default"	Conditionally Yes	Specifies the Vault namespace to use. A Vault namespace allows you to create isolated environments within a Vault server, is mandatory if `GOVERNANCE-VAULT_ENABLED=true`
`SCHEDULER_RECONCILIATION_CONNECT_PLUGINS_CRON`	A string defining a cron expression Default value: "0 * /12 ? *" (every 12 hours)	No	Specifies the schedule or frequency at which `reconciling plugins of managed instances` task should be executed
`SCHEDULER_RECONCILIATION_CONNECT_DEPLOYMENTS_CRON`	A string defining a cron expression Default value: "0 * /6 ? *" (every 6 hours)	No	Specifies the schedule or frequency at which `reconciling deployments of managed instances` task should be executed
`CONNECTOR-VAULT_ENABLED`	A boolean value [true \| false] Default value: false	Conditionally Yes	Controls supporting Vault for persisting connectors secrets per tenant-instance
`CONNECTOR-VAULT_INSTANCES_[tenantShortName-instanceShortName]_URI`	The URI of the vault "no default"	Conditionally Yes	Specifies the URI or endpoint of the Hashicorp Vault per tenant-instance, is mandatory if `CONNECTOR-VAULT_ENABLED=true`
`CONNECTOR-VAULT_INSTANCES_[tenantShortName-instanceShortName]_ROLE-ID`	A valid RoleId "no default"	Conditionally Yes	Role ID is used to identify the specific AppRole per tenant-instance configured in Hashicorp Vault that the application is using for authentication, is mandatory if `CONNECTOR-VAULT_ENABLED=true`
`CONNECTOR-VAULT_INSTANCES_[tenantShortName-instanceShortName]_SECRET-ID`	A valid secretId "no default"	Conditionally Yes	The Secret ID is a secret token associated with a particular Role ID per tenant-instance that proves the application’s identity and authorization to access secrets, is mandatory if `CONNECTOR-VAULT_ENABLED=true`
`CONNECTOR-VAULT_INSTANCES_[tenantShortName-instanceShortName]_NAMESPACE`	A string defining the namespace "no default"	Conditionally Yes	Specifies the Vault namespace per tenant-instance to use. A Vault namespace allows you to create isolated environments within a Vault server, is mandatory if `CONNECTOR-VAULT_ENABLED=true`
`CONNECTOR-VAULT_INSTANCES_[tenantShortName-instanceShortName]_CONNECTORS-PATH`	A string defining path "no default"	Conditionally Yes	Specifies a path within Vault per tenant-instance where connectors or secrets may be stored or managed, is mandatory if `CONNECTOR-VAULT_ENABLED=true`
`CONNECTOR-VAULT_INSTANCES_[tenantShortName-instanceShortName]_PRIVATE-KEY-NAME`	A string defining the privateKey name "no default"	Conditionally Yes	Specifies the name of a private key per tenant-instance within Vault, is mandatory if `CONNECTOR-VAULT_ENABLED=true`
`CONNECTOR-VAULT_INSTANCES_[tenantShortName-instanceShortName]_CERT-CHAIN-KEY-NAME`	A string defining the certChainKey name "no default"	Conditionally Yes	Specifies the name of a certificate chain or certificate-related resource per tenant-instance within Vault per tenant-instance, is mandatory if `CONNECTOR-VAULT_ENABLED=true`

SPRING_DATASOURCE_URL

A string of jdbc url
"no default"

Yes

Specifies the JDBC URL used to connect to any database.

SPRING_DATASOURCE_NAME

A string defining the datasource name
default value: fluxdb

This is typically used when you have multiple data sources in your application. It provides a name or identifier for the datasource.

SPRING_DATASOURCE_DRIVER-CLASS-NAME

A string defining the datasource driverClassName
com.mysql.cj.jdbc.Driver | org.mariadb.jdbc.Driver
"no default"

Specifies the fully-qualified class name of the JDBC driver that should be used for the database connection.

SPRING_DATASOURCE_USERNAME

A string defining the username
"no default"

Yes

This sets the username used to authenticate with the database.

SPRING_DATASOURCE_PASSWORD

A string defining the password
"no default"

Yes

This sets the password for the database connection.

SPRING_JPA_HIBERNATE_DATABASE-PLATFORM

org.hibernate.dialect.MariaDBDialect | org.hibernate.dialect.MySQLDialect
"no default"

Yes

This is used to specify the SQL dialect that should be used by JPA and Hibernate when generating or interpreting SQL statements for a specific database.

SPRING_JPA_HIBERNATE_DDL-AUTO

none | validate | update | create | create-drop
Default value: validate

controls the behavior of database schema generation and modification during application startup.
none: This is the default value. It means that no schema generation or modification is done by Hibernate. You are responsible for managing the database schema manually.
validate: Hibernate validates the existing schema against the current entity mappings. It will not make any changes to the schema, but it will report any discrepancies or errors.
update: Hibernate updates the schema automatically based on the entity mappings. It will create tables, columns, and constraints if they don’t exist in the database. However, it will not drop any tables or columns that are no longer needed.
create: Hibernate creates the schema from scratch during application startup. It will drop and re-create the tables every time the application starts. Be cautious with this option as it can result in data loss in a production environment.
create-drop: Similar to create, but it also drops the schema when the application shuts down. This is typically used for testing and development environments.

SPRING_FLYWAY_VENDOR

mysql/mariadb
Default value: mariadb

This is used to specify the database vendor for which Flyway should generate or apply database migration scripts.

VAULT_ENABLED

A boolean value [true | false]
"no default"

Yes

Controls supporting Vault for persisting application credentials.

VAULT_URI

A valid uri
"no default"

Conditionally Yes

Specifies the uri of the Vault. It is mandatory only if VAULT_ENABLED=true

VAULT_ROLE-ID

A valid RoleId
"no default"

Conditionally Yes

Role ID is used to identify the specific AppRole configured in Vault that the application is using for authentication. It is mandatory only if VAULT_ENABLED=true

VAULT_SECRET-ID

A valid secretId
"no default"

Conditionally Yes

The Secret ID is a secret token associated with a particular Role ID that proves the application’s identity and authorization to access secrets. It is mandatory only if VAULT_ENABLED=true

AZURE_KEY-VAULT_ENABLED

A boolean value [true | false]
Default value: false

Controls supporting Azure Key Vault for governance. if it’s enabled, the GOVERNANCE_VAULT_ENABLED property should be set to false and vice versa.

AZURE_KEY-VAULT_URI

A valid uri
"no default"

Conditionally Yes

Specifies the URI or endpoint of the Azure Key Vault instance. It is mandatory only if AZURE_KEY-VAULT_ENABLED=true.

AZURE_KEY-VAULT_LOGIN-URI

A valid uri
Default value: https://login.microsoftonline.com/

Conditionally Yes

Specifies the URI for Azure AD login. It is mandatory only if AZURE_KEY-VAULT_ENABLED=true.

AZURE_KEY-VAULT_SCOPE

The base URL for Azure Key Vault containing granted permissions
Default value: https://vault.azure.net

Conditionally Yes

Specifies the scope of the Azure Key Vault instance. It represents the specific resources and operations that our application is authorized to access within Azure Key Vault. It is mandatory only if AZURE_KEY-VAULT_ENABLED=true

AZURE_KEY-VAULT_CLIENT-ID

A valid clientId
"no default"

Conditionally Yes

Specifies the Azure AD client ID associated with this application. The client ID identifies this application when it interacts with Azure Key Vault. It is mandatory only if AZURE_KEY-VAULT_ENABLED=true

AZURE_KEY-VAULT_CLIENT-KEY

A valid clientKey
"no default"

Conditionally Yes

Represents the client secret or client key associated with our application. It is mandatory only if AZURE_KEY-VAULT_ENABLED=true

AZURE_KEY-VAULT_TENANT-ID

A valid tenantId
"no default"

Conditionally Yes

specifies the Azure AD tenant ID. It is mandatory only if AZURE_KEY-VAULT_ENABLED=true

SERVER_HTTP2_ENABLED

A boolean value [true | false]
Default value: false

Is used in the configuration of a web server to enable or disable HTTP/2 support

SERVER_SSL_ENABLED

A boolean value [true | false]
Default value: true

Enables SSL/TLS support for secure communication

SERVER_SSL_KEY_STORE

A string of file path to the key-store
"no default"

Conditionally Yes

Specifies the file path to the Java KeyStore (JKS) file that contains the server’s SSL certificate and private key, is mandatory only if SERVER_SSL_ENABLED=true

SERVER_SSL_KEY_PASSWORD

A string defining the password
"no default"

Conditionally Yes

Specifies the password needed to access the private key within the keystore, is mandatory only if SERVER_SSL_ENABLED=true

SERVER_SSL_ENABLED-PROTOCOLS

A comma separated list of these values [TLSv1.0, TLSv1.1, TLSv1.2, TLSv1.3]
"no default"

Conditionally Yes

Specifies the list of allowed SSL/TLS protocols, is mandatory only if SERVER_SSL_ENABLED=true

AXUAL_API_AVAILABLE_AUTH_METHODS

A comma seperated list of String containing these items : SSL,SCRAM_SHA_256,SCRAM_SHA_512,PLAIN
Default value: SSL

Specifies the available authentication methods which can be used for applications to be authenticated while getting access to topics.

AXUAL_MULTI_TENANT

A boolean value [true | false]
Default value: true

Specifies if the cluster is multi-tenant or not. In case it is set to true, the cluster will be shared among multiple tenants

AXUAL_DEFAULT_ROLES

A comma seperated List of strings containing default user roles.
The list of existing roles in Axual is as follows: SUPER_ADMIN, TENANT_ADMIN, APPLICATION_ADMIN, STREAM_ADMIN, ENVIRONMENT_ADMIN, APPLICATION_AUTHOR, STREAM_AUTHOR, ENVIRONMENT_AUTHOR, BILLING_INTERNAL, BILLING_VIEWER
Default value: APPLICATION_AUTHOR, ENVIRONMENT_AUTHOR, STREAM_AUTHOR

Specifies the default roles which can be automatically granted to a user when a new user is created

AXUAL_DEFAULT_PARTITIONS

A valid number
Default value: 2

Specifies the number of partitions per each topic. Must be at least 1 and at most 120000

AXUAL_DEFAULT_REPLICATION_FACTOR

A valid number
"no default"

Yes

Specifies how many copies (replicas) of each partition of a Kafka topic should be maintained across different broker nodes. It’s a crucial factor for ensuring fault tolerance and high availability in Kafka clusters

AXUAL_DEFAULT_SEGMENT_TIME

A valid number (time in milliseconds)
Default value: 604800000 (7 days)

Controls the period of time after which Kafka will force the log to roll even if the segment file isn’t full to ensure that retention can delete or compact old data

AXUAL_DEFAULT_RETENTION_TIME

A valid number (time in milliseconds)
Default value: 604800000 (7 days)

Controls the maximum time Kafka will retain a log before discarding old log segments to free up space if the retention policy is equal to “delete”. This represents an SLA on how soon consumers must read their data. If set to -1, no time limit is applied

AXUAL_DEFAULT_CLEANUP_POLICY

delete | compact | delete,compact | compact,delete
Default value: delete

Specifies the cleanup policy for log segments in a topic. This property determines when log segments can be deleted to reclaim disk space. delete: This is the default cleanup policy. When this policy is applied, Kafka will delete log segments as soon as they are no longer needed for any active consumers or replication.
compact: This policy is used for log compaction. With this policy, Kafka retains the latest value for each unique key in the log and deletes older versions of the same key. Log compaction is often used for Kafka topics that store changelog or event sourcing data, ensuring that the latest state of each key is always available.
delete,compact: This policy combines both deletion and compaction. It deletes log segments that are no longer needed by any active consumers while also performing log compaction on the remaining data.
compact,delete: Similar to the previous option, this policy combines both deletion and compaction, but it prioritizes log compaction before deletion

AXUAL_DEFAULT_ENVIRONMENT_COLOR

A string defining a hexadecimal color code
Default value: "#80affe"

Specifies the default color of environment in UI

AXUAL_BILLING_ENABLED

A boolean value [true | false]
Default value: false

This is used to enable billing component

AXUAL_CSRF_ENABLED

A boolean value [true | false]
Default value: false

This is used for enabling Cross-Site Request Forgery (CSRF) protection

AXUAL_ALLOW_OVERLAPPING_CA

A boolean value [true | false]
Default value: false

Allows Using one CERTIFICATE AUTHORITY (CA) on multiple tenants if it’s set to true

AXUAL_VALIDATE_DUPLICATE_SCHEMAS

A boolean value [true | false]
Default value: true

Controls validation of a duplicate schema. If it’s set to false, the /schemas/check-parse API won’t check the uniqueness of the uploaded schema-version

AXUAL_CREATE_STREAM_DISABLE_TIME

A valid number [0, …]
Default value: 0

Controls Disabling the StreamConfig resource creation for the specified time in minutes.

AXUAL_CLIENT_SOCKET_TIMEOUT

A valid number
Default value: 90000

Specifies the maximum amount of time in milliseconds that a client will wait for a response from a server before considering the operation as timed out or failed

AXUAL_SECURITY_DOCS-USERNAME

A string defining the username
Default value: axual

This sets the username used to authenticate with the docs

AXUAL_SECURITY_DOCS-PASSWORD

A string defining the password
Default value: notsecret

This sets the password used to authenticate with the docs

AXUAL_SECURITY_TRUST_STORE

A string of file path to the trust-store
"no default"

Yes

Specifies the file path to the trust store

AXUAL_SECURITY_TRUST_STORE_PASSWORD

A string defining the password
"no default"

Yes

Specifies the password required to access and manipulate the trust store

AXUAL_SECURITY_HEADER-BASED-AUTH

A boolean value [true | false]
Default value: false

Controls using OAuth2 mechanism for securing APIs. If it’s set to true, disables OAuth2 and relies on headers passed from API Gateway. It should be enabled only when Platform Manager is behind a secured API Gateway.

AXUAL_SECURITY_AUTH-MODE

AUTH0 | KEYCLOAK
"no default"

Yes

Specifies the IAM service provider. if AXUAL_SECURITY_HEADER-BASED-AUTH=true this property must be set to AUTH0

AXUAL_SECURITY_AUTH0-ISSUER

The Issuer URL for Auth0
"no default"

Conditionally Yes

Is used to configure the Issuer URL for Auth0 when integrating Auth0 as an identity and authentication provider. It is required only AXUAL_SECURITY_HEADER-BASED-AUTH=true AND AXUAL_SECURITY_AUTH-MODE=AUTH0

AXUAL_SECURITY_AUTH0-AUDIENCE

AUTH0 | KEYCLOAK
"no default"

Conditionally Yes

Specifies the "audience" or "audience identifier" to which authentication and authorization requests are directed. It is required only AXUAL_SECURITY_HEADER-BASED-AUTH=true AND AXUAL_SECURITY_AUTH-MODE=AUTH0

AXUAL_KEYCLOAK_AUTH_SERVER_URL

The URL of the Keycloak authentication server
"no default"

Conditionally Yes

Represents the base URL of the Keycloak authentication server. The application would use this URL to interact with Keycloak’s authentication and authorization services. It is required only AXUAL_SECURITY_HEADER-BASED-AUTH=true AND AXUAL_SECURITY_AUTH-MODE=KEYCLOAK

AXUAL_CONNECT_AVAILABLE

A boolean value [true | false]
Default value: false

Conditionally Yes

Controls the direct connection to Axual-Connect

AXUAL_CONNECT_INSTANCE-CONNECT-CREDENTIALS_[tenantShortName-instanceShortName]_AUTHORIZER

basic
Default value: basic

Conditionally Yes

Specifies the type of authorization per tenant-instance, is mandatory if AXUAL_CONNECT_AVAILABLE=true

AXUAL_CONNECT_INSTANCE-CONNECT-CREDENTIALS_[tenantShortName-instanceShortName]_USERNAME

A string defining the username
"no default"

Conditionally Yes

This sets the username per tenant-instance used to authenticate with the Axual-Connect, is mandatory if AXUAL_CONNECT_AVAILABLE=true

AXUAL_CONNECT_INSTANCE-CONNECT-CREDENTIALS_[tenantShortName-instanceShortName]_PASSWORD

A string defining the password
"no default"

Conditionally Yes

This sets the password per tenant-instance used to authenticate with the Axual-Connect, is mandatory if AXUAL_CONNECT_AVAILABLE=true

AXUAL_DEFAULT-CLUSTER-PATTERN_TOPIC-RESOLVER

A string of fully-qualified class name of topicResolver
Default value: "io.axual.common.resolver.TopicPatternResolver"

Specifies the fully-qualified class name of topicResolver which is used for resolving topics.

AXUAL_DEFAULT-CLUSTER-PATTERN_TOPIC-PATTERN

A string of topic pattern ["{topic}" | "{environment}-{topic}" | {instance}-{environment}-{topic} | {tenant}-{instance}-{environment}-{topic} ]
Default value: "{topic}"

Specifies the topic pattern for any kafka cluster owned by a Tenant and not having a defined topic pattern.
This pattern is used when resolving the kafka topic name.
"{topic}" this pattern means that the cluster does not support multi-environment, multi-instance and multi-tenant
"{environment}-{topic}" this pattern means that the cluster is a multi-environment one and combination of environment-topic identifies a unique topic
"{instance}-{environment}-{topic}" this pattern means that the cluster is a multi-environment and multi-instance one and combination of instance-environment-topic identifies a unique topic
"{tenant}-{instance}-{environment}-{topic}" this pattern means that the cluster is a multi-environment, multi-instance and multi-tenant and combination of tenant-instance-environment-topic identifies a unique topic

AXUAL_DEFAULT-CLUSTER-PATTERN_GROUP-ID-RESOLVER

A string of fully-qualified class name of groupIdResolver
Default value: "io.axual.common.resolver.GroupPatternResolver"

Specifies the fully-qualified class name of groupIdResolver which is used for resolving groups.

AXUAL_DEFAULT-CLUSTER-PATTERN_GROUP-ID-PATTERN

A string of groupId pattern ["{group}" | "{environment}-{group}" | {instance}-{environment}-{group} | {tenant}-{instance}-{environment}-{group} ]
Default value: "{group}"

Specifies the groupId pattern for any kafka cluster owned by a Tenant and not having a defined groupId pattern.
This pattern is used when resolving the group name.
"{group}" this pattern means that this cluster does not support multi-environment, multi-instance and multi-tenant
"{environment}-{group}" this pattern means that the cluster is a multi-environment one and combination of environment-group identifies a unique group
"{instance}-{environment}-{group}"this pattern means that the cluster is a multi-environment and multi-instance one and combination of instance-environment-group identifies a unique group.
"{tenant}-{instance}-{environment}-{group}" this pattern means that the cluster is a multi-environment, multi-instance and multi-tenant and combination of tenant-instance-environment-group identifies a unique group

AXUAL_DEFAULT-CLUSTER-PATTERN_TRANSACTIONAL-ID-RESOLVER

A string of fully-qualified class name of transactionalIdResolver
Default value: "io.axual.common.resolver.TransactionalIdPatternResolver"

Specifies the fully-qualified class name of transactionalIdResolver which is used for resolving transactions.

AXUAL_DEFAULT-CLUSTER-PATTERN_TRANSACTIONAL-ID-PATTERN

A string of transactionalId pattern ["{transactional.id}" | "{environment}-{transactional.id}" | {instance}-{environment}-{transactional.id} | {tenant}-{instance}-{environment}-{transactional.id} ]
Default value: "{transactional.id}"

Specifies the transactionalId pattern for any kafka cluster owned by a Tenant and not having a defined transactionalId pattern.
This pattern is used when resolving the transactional.id.
"{transactional.id}" this pattern means that the cluster does not support multi-environment, multi-instance and multi-tenant
"{environment}-{transactional.id}" this pattern means that the cluster is multi-environment and combination of environment-transactionalId- identifies a unique prefixed transactional.id
"{instance}-{environment}-{transactional.id}" this pattern means that the cluster is multi-environment and multi-instance and combination of instance-environment-transactionalId- identifies a unique prefixed transactional.id
"{tenant}-{instance}-{environment}-{transactional.id}" this pattern means that the cluster is multi-environment, multi-instance and multi-tenant and combination of tenant-instance-environment-transactionalId- identifies a unique prefixed transactional.id

AXUAL_DEFAULT-CLUSTER-PATTERN_MULTI-TENANT-TOPIC-PATTERN

A string of multi-tenant topic pattern
Default value: "{tenant}-{instance}-{environment}-{topic}"

Specifies the topic pattern for any kafka cluster not owned by a Tenant and not having a defined topic pattern.
This pattern is used when resolving the kafka topic name.
"{tenant}-{instance}-{environment}-{topic}" this pattern means that the cluster is a multi-environment, multi-instance and multi-tenant and combination of tenant-instance-environment-topic identifies a unique topic.

AXUAL_DEFAULT-CLUSTER-PATTERN_MULTI-TENANT-GROUP-ID-PATTERN

A string of multi-tenant groupId pattern Default value: "{tenant}-{instance}-{environment}-{group}"

Specifies the groupId pattern for any kafka cluster not owned by a Tenant and not having a defined groupId pattern.
This pattern is used when resolving the kafka group name.
"{tenant}-{instance}-{environment}-{group}" this pattern means that the cluster is a multi-environment, multi-instance and multi-tenant and combination of tenant-instance-environment-group identifies a unique group.

AXUAL_DEFAULT-CLUSTER-PATTERN_MULTI-TENANT-TRANSACTIONAL-ID-PATTERN

A string of multi-tenant transactionalId pattern Default value: "{tenant}-{instance}-{environment}-{transactional.id}"

Specifies the transactionalId pattern for any kafka cluster not owned by a Tenant and not having a defined transactionalId pattern.
This pattern is used when resolving the transactionalId.
"{tenant}-{instance}-{environment}-{transactional.id}" this pattern means that the cluster is multi-environment, multi-instance and multi-tenant and combination of tenant-instance-environment-transactionalId- identifies a unique prefixed transactional.id.

GOVERNANCE_VAULT_ENABLED

A boolean value [true | false]
Default value: false

Conditionally Yes

Controls supporting Hashicorp Key Vault for governance to persist application credentials. If it’s enabled, the AZURE_KEY-VAULT_ENABLED should be set to false and vice versa

GOVERNANCE_VAULT_URI

A valid uri
"no default"

Conditionally Yes

Specifies the URI or endpoint of the Hashicorp Vault instance. It is mandatory only if GOVERNANCE_VAULT_ENABLED=true

GOVERNANCE_VAULT_ROLE-ID

A valid RoleId
"no default"

Conditionally Yes

Role ID is used to identify the specific AppRole configured in Hashicorp Vault that the application is using for authentication. It is mandatory only if GOVERNANCE_VAULT_ENABLED=true

GOVERNANCE_VAULT_SECRET-ID

A valid secretId
"no default"

Conditionally Yes

The Secret ID is a secret token associated with a particular Role ID that proves the application’s identity and authorization to access secrets. It is mandatory only if GOVERNANCE_VAULT_ENABLED=true

GOVERNANCE_VAULT_PATH

A string defining path
Default value: "governance"

Conditionally Yes

Defines the specific path within Vault’s storage hierarchy where the application expects to read or write secrets or other data. It is mandatory only if GOVERNANCE_VAULT_ENABLED=true

GOVERNANCE_VAULT_NAMESPACE

A string defining the namespace
"no default"

Conditionally Yes

Specifies the Vault namespace to use. A Vault namespace allows you to create isolated environments within a Vault server, is mandatory if GOVERNANCE-VAULT_ENABLED=true

SCHEDULER_RECONCILIATION_CONNECT_PLUGINS_CRON

A string defining a cron expression
Default value: "0 * */12 ? * *" (every 12 hours)

Specifies the schedule or frequency at which reconciling plugins of managed instances task should be executed

SCHEDULER_RECONCILIATION_CONNECT_DEPLOYMENTS_CRON

A string defining a cron expression
Default value: "0 * */6 ? * *" (every 6 hours)

Specifies the schedule or frequency at which reconciling deployments of managed instances task should be executed

CONNECTOR-VAULT_ENABLED

A boolean value [true | false]
Default value: false

Conditionally Yes

Controls supporting Vault for persisting connectors secrets per tenant-instance

CONNECTOR-VAULT_INSTANCES_[tenantShortName-instanceShortName]_URI

The URI of the vault
"no default"

Conditionally Yes

Specifies the URI or endpoint of the Hashicorp Vault per tenant-instance, is mandatory if CONNECTOR-VAULT_ENABLED=true

CONNECTOR-VAULT_INSTANCES_[tenantShortName-instanceShortName]_ROLE-ID

A valid RoleId
"no default"

Conditionally Yes

Role ID is used to identify the specific AppRole per tenant-instance configured in Hashicorp Vault that the application is using for authentication, is mandatory if CONNECTOR-VAULT_ENABLED=true

CONNECTOR-VAULT_INSTANCES_[tenantShortName-instanceShortName]_SECRET-ID

A valid secretId
"no default"

Conditionally Yes

The Secret ID is a secret token associated with a particular Role ID per tenant-instance that proves the application’s identity and authorization to access secrets, is mandatory if CONNECTOR-VAULT_ENABLED=true

CONNECTOR-VAULT_INSTANCES_[tenantShortName-instanceShortName]_NAMESPACE

A string defining the namespace
"no default"

Conditionally Yes

Specifies the Vault namespace per tenant-instance to use. A Vault namespace allows you to create isolated environments within a Vault server, is mandatory if CONNECTOR-VAULT_ENABLED=true

CONNECTOR-VAULT_INSTANCES_[tenantShortName-instanceShortName]_CONNECTORS-PATH

A string defining path
"no default"

Conditionally Yes

Specifies a path within Vault per tenant-instance where connectors or secrets may be stored or managed, is mandatory if CONNECTOR-VAULT_ENABLED=true

CONNECTOR-VAULT_INSTANCES_[tenantShortName-instanceShortName]_PRIVATE-KEY-NAME

A string defining the privateKey name
"no default"

Conditionally Yes

Specifies the name of a private key per tenant-instance within Vault, is mandatory if CONNECTOR-VAULT_ENABLED=true

CONNECTOR-VAULT_INSTANCES_[tenantShortName-instanceShortName]_CERT-CHAIN-KEY-NAME

A string defining the certChainKey name
"no default"

Conditionally Yes

Specifies the name of a certificate chain or certificate-related resource per tenant-instance within Vault per tenant-instance, is mandatory if CONNECTOR-VAULT_ENABLED=true

Vault Namespace

In case you are using Hashicorp Vault Enterprise and you are using namespaces to organize your secrets, you need to update the Platform Manager deployment with a reference for namespace.

Configure Platform Manager with Vault Namespace

Using Axual Helm Charts

Edit the values.yaml file in your working directory with the namespace you want to use.

#Update NAMESPACE for your vault
mgmt:
  api:
    axual:
      vault:
        namespace: [NAMESPACE] # Vault Enterprise Namespace

Authentication Methods

The authentication methods provided by the platform can be configured through the configuration of Platform Manager. By default, only SSL is configured as supported authentication methods. Find out below how additional authentication methods (e.g. SASL_SCRAM_256) can be supported for applications connecting to the platform.

Enabling additional authentication methods

From 2022.3, Platform Manager supports SSL connections by default.
SCRAM_SHA_256, SCRAM_SHA_512, and OAUTH_BEARER are available only after their support is enabled on the broker level.

Using Axual Helm Charts

Edit the values.yaml for your management stack and add the following configuration

OAUTH_BEARER is available only after its support is enabled on the broker level.
This authentication method is only available with Axual Helm Charts

mgmt:
  api:
    axual:
      availableAuthMethods: 'SSL, SCRAM_SHA_512, SCRAM_SHA_256, OAUTH_BEARER'

Connect Reconciliation Jobs

When Connect support has been enabled, the Platform Manager uses two jobs to keep plugins and deployments in sync.

The plugins job retrieves the available plugins from an Axual Connect instance and updates the Self-Service.

The deployments job retrieves the connector status in an Axual Connect instance and compares it with the application deployment status, if they do not match, it updates the application deployment status in the Self-Service.

Using Axual Helm Charts

Edit the values.yaml for your management stack and add the following configuration to change the Quarts expressions.

mgmt:
  api:
    operationManager:
      reconciliation:
        connect:
          # Define how often the plugins job will run
          plugins:
            cron: [YOUR_QUARTZ_CRON_EXPRESSION]
          # Define how often the deployments job will run
          deployments:
            cron: [YOUR_QUARTZ_CRON_EXPRESSION]

Using TLS/SSL between Platform Manager and Remote DB

To use TLS/SSL between Remote DB and Platform Manager follow the steps below:

Change useSSL=true in platform/charts/mgmt/charts/api/values.yaml for Platform Manager

mgmt:
  api:
    spring:
      datasource:
        urlSuffix:
          useSsl: true

Add enabledTLSProtocols to urlSuffix as a comma-separated list, for example: enabledTLSProtocols=TLSv1.2,TLSv1.3
```
mgmt:
  api:
    spring:
      datasource:
        urlSuffix:
          enabledTLSProtocols: TLSv1.2,TLSv1.3
```
When enabling TLSv1.3 for DB connection, we need to be sure that TLSv1.3 is a valid client and https protocols in the jvmArguments"
```
mgmt:
  api:
    jvmArguments: "-Djdk.tls.client.protocols=TLSv1.2,TLSv1.3 -Dhttps.protocols=TLSv1.2,TLSv1.3"
```