--- security: # everything that's related to authentication auth: cookie: same-site: # decides if the optimize auth cookie has the same site cookie flag set enabled: true token: # Optimize uses token-based authentication to keep track of which users are # logged in. Define when a token is supposed to expire. lifeMin: 60 # Optional secret used to sign authentication tokens, it's recommended to use at least a 64 character secret. # If set `null` a random secret will be generated with each startup of Optimize. secret: null # List of user ids that are granted full permission to all collections, reports & dashboards # Note: For reports these users are still required to be granted access to the corresponding process/decision # definitions in Camunda BPM Admin superUserIds: [] # Here you can define HTTP response headers that Optimize can send in its responses # to increase the security of your application. # Find more information here: https://owasp.org/www-project-secure-headers/ responseHeaders: # HTTP Strict Transport Security (HSTS) is a web security policy mechanism which helps to protect websites # against protocol downgrade attacks and cookie hijacking. # More HSTS: # The time, in seconds, that the browser should remember that this site is only to be accessed using HTTPS. # If you set the number to a negative value no HSTS header is sent. max-age: 31536000 # If this optional parameter is specified, this rule applies to all of the site’s subdomains as well. includeSubDomains: true # This header enables the cross-site scripting (XSS) filter in your browser. # Can have one of the following options: # * 0: Filter disabled. # * 1: Filter enabled. If a cross-site scripting attack is detected, in order to stop the attack, # the browser will sanitize the page. # * 1; mode=block: Filter enabled. Rather than sanitize the page, when a XSS attack is detected, the browser will # prevent rendering of the page. # * 1; report=http://[YOURDOMAIN]/your_report_URI: Filter enabled. The browser will sanitize the page and # report the violation. This is a Chromium function utilizing CSP # violation reports to send details to a URI of your choice. X-XSS-Protection: 1; mode=block # Setting this header will prevent the browser from interpreting files as a different MIME type to # what is specified in the Content-Type HTTP header (e.g. treating text/plain as text/css). X-Content-Type-Options: true # A Content Security Policy (CSP) has significant impact on the way browsers render pages. # By default Optimize uses the base-uri directive which restricts the URLs that can be used to the Optimize pages. # Find more details: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy Content-Security-Policy: base-uri 'self' container: # A host name or IP address, to identify a specific network interface on # which to listen. host: localhost ports: # A port number that will be used by Optimize to process HTTP connections. # If set to null, ~ or left empty, http connections won't be accepted. http: 8090 # A port number that will be used by Optimize to process # secure HTTPS connections. https: 8091 # HTTPS requires an SSL Certificate. When you generate an SSL Certificate, # you are creating a keystore file and a keystore password for use when the # browser interface connects keystore: location: keystore.jks password: optimize # configuration of status reporting web socket status: # max number of threads\sessions that will be kept to report status connections: max: 10 # Optional url to access Optimize (used for links to Optimize in e.g. alert emails) accessUrl: null # Configuration for engines used to import data. Please note that you have to have at # least one engine configured at all times. engines: # An alias of the engine, which will be used for internal purposes like # logging and displaying which data belong to which engine. 'camunda-bpm': # The process engines name on the platform, this is the unique engine identifier on the platforms REST API. name: default # A default tenant to the be injected on data from this engine where no tenant is configured in the engine itself. # This property is only relevant in the context of a `One Process Engine Per Tenant`. # For details consult the Multi-Tenancy documentation. defaultTenant: # the id used for this default tenant on persisted entities id: null # the name used for this tenant when displayed in the UI name: null #A base URL that will be used for connections to the Camunda Engine REST API. rest: "http://localhost:8080/engine-rest" # Determines whether this instance of Optimize should import definition & historical data from this engine. importEnabled: true # Determines whether this instance of Optimize should convert historical data to event data # usable for event based processes. eventImportEnabled: false authentication: # Toggles basic authentication on or off. When enabling basic # authentication, please be aware that you also need to adjust the values # of the user and password. # Also note, when enabled, it is required that the user has # * READ & READ_HISTORY permission on the Process and Decision Definition resources # * READ permission on the Authorization, Group, User, Deployment & Tenant resources # to enable users to log in and Optimize to import the engine data. enabled: false # When basic authentication is enabled, this password is used to # authenticate against the engine. password: '' # When basic authentication is enabled, this user is used to authenticate # against the engine. user: '' # The webapps configuration allows Optimize to directly link # to the other Camunda Web Applications, e.g. to jump from # Optimize directly to a dedicated process instance in Cockpit webapps: # Defines the endpoint where to find the camunda webapps for the given engine endpoint: "http://localhost:8080/camunda" # Enables/disables linking to other Camunda Web Applications enabled: true engine-commons: connection: #Maximum time without connection to the engine, Optimize should wait #until a time out is triggered. A value of zero means to wait an # infinite amount of time. timeout: 0 read: # Maximum time a request to the engine should last, # before a timeout triggers. A value of zero means to wait an # infinite amount of time. timeout: 0 import: data: activity-instance: # Determines the page size for historic activity instance fetching. maxPageSize: 10000 incident: # Determines the page size for historic incident fetching. maxPageSize: 10000 process-definition-xml: # Determines the page size for process definition xml model # fetching. Should be a low value, as large models will lead to # memory or timeout problems. maxPageSize: 2 process-definition: # Determines the page size for process definition fetching. maxPageSize: 10000 process-instance: # Determines the maximum page size for historic process instance fetching. maxPageSize: 10000 variable: # Determines the page size for historic variable instance fetching. maxPageSize: 10000 user-task-instance: # Determines the page size for historic user task instance fetching maxPageSize: 10000 identity-link-log: # Determines the page size for identity link log fetching. maxPageSize: 10000 decision-definition-xml: # Determines the page size for decision definition xml model # fetching. Should be a low value, as large models will lead to # memory or timeout problems. maxPageSize: 2 decision-definition: # Determines the page size for decision definition fetching. maxPageSize: 10000 decision-instance: # Determines the page size for historic decision instance fetching. maxPageSize: 10000 tenant: # Determines the page size for tenants fetching. maxPageSize: 10000 group: # Determines the page size for groups fetching. maxPageSize: 10000 authorization: # Determines the page size for authorizations fetching. maxPageSize: 10000 dmn: # Determines if the DMN/decision data, such as decision definitions and instances # should be imported. enabled: true user-task-worker: # Determines if the user task worker data, such as assignee or candidate group of # a user task, should be imported. enabled: true # This sub-section controls to what extent and how Optimize fetches and displays metadata of user task workers. # The particular metadata is first-, last name and the email of the users or the names of the candidate groups. # The data is displayed in the context of reports when grouping/distributing by assignees/candidateGroups or # when filtering on them. metadata: # Determines whether Optimize imports and displays assignee user metadata, otherwise only the user id is shown. includeUserMetaData: true # Cron expression for when to fully refresh the internal metadata cache, it defaults to every third hour. # Otherwise deleted assignees/candidateGroups or metadata changes are not reflected in Optimize. cronTrigger: '0 */3 * * *' # The max page size when multiple users or groups are iterated during the metadata refresh. maxPageSize: 10000 # The entry limit of the cache that holds the metadata, if you need more entries you can increase that limit. # When increasing the limit, keep in mind to account for that by increasing the JVM heap memory as well. # Please refer to the technical guide on how to configure the heap size. maxEntryLimit: 100000 # Number of threads being used to process the import jobs per data type that are writing data to elasticsearch. elasticsearchJobExecutorThreadCount: 1 # Adjust the queue size of the import jobs per data type that store data to elasticsearch. # A too large value might cause memory problems. elasticsearchJobExecutorQueueSize: 5 handler: backoff: # Interval which is used for the backoff time calculation. initial: 1000 # Once all pages are consumed, the import service component will # start scheduling fetching tasks in increasing periods of time, # controlled by 'backoff' counter. # This property sets maximal backoff interval in seconds max: 30 #States how often the import index should be stored to Elasticsearch. importIndexStorageIntervalInSec: 10 # the time interval the import backs off from the current tip of the time, to reread potentially missed concurrent writes currentTimeBackoffMilliseconds: 10000 # The identity sync enables Optimize to build up a in memory cache containing Optimize authorized users & groups. # This data is used in the collection permissions to allow convenient search capabilities # and to display member meta-data such as first name, last name or email. identitySync: # Whether to include metaData (firstName, lastName, email) when synchronizing users includeUserMetaData: true # Cron expression for when the identity sync should run, defaults to every second hour. cronTrigger: '0 */2 * * *' # The max page size when multiple users or groups are iterated during the import. maxPageSize: 10000 # The entry limit of the cache, if you need more entries you can increase that limit. # When increasing the limit, keep in mind to account for that by increasing the JVM heap memory as well. # Please refer to the technical guide on how to configure the heap size. maxEntryLimit: 100000 # everything that is related with configuring Elasticsearch or creating # a connection to it. es: connection: # Maximum time without connection to Elasticsearch, Optimize should # wait until a time out triggers. timeout: 10000 # a list of Elasticsearch nodes Optimize can connect to. If you have built # an Elasticsearch cluster with several nodes it is recommended to define # several connection points in case one node fails. nodes: # the address/hostname under which the Elasticsearch node is available. - host: 'localhost' # A port number used by Elasticsearch to accept HTTP connections. httpPort: 9200 # HTTP forward proxy configuration proxy: # whether an HTTP proxy should be used for requests to elasticsearch enabled: false # the host of the proxy to use host: null # the port of the proxy to use port: null # whether this proxy is using a secured connection sslEnabled: false # Elasticsearch security settings security: # the basic auth (x-pack) username username: null # the basic auth (x-pack) password password: null # SSL/HTTPS secured connection settings ssl: # path to a PEM encoded file containing the certificate (or certificate chain) # that will be presented to clients when they connect. certificate: null # A list of paths to PEM encoded CA certificate files that should be trusted, e.g. ['/path/to/ca.crt']. # Note: if you are using a public CA that is already trusted by the Java runtime, # you do not need to set the certificate_authorities. certificate_authorities: [] # used to enable or disable TLS/SSL for the HTTP connection enabled: false # Maximum time a request to elasticsearch should last, before a timeout # triggers. scrollTimeout: 60000 settings: # the maximum number of buckets returned for an aggregation aggregationBucketLimit: 1000 index: # the prefix prepended to all Optimize index and alias names # NOTE: Changing this after Optimize was already run before, will create new empty indexes prefix: 'optimize' # How often should the data replicated in case of node failure. number_of_replicas: 1 # How many shards should be used in the cluster for process instance and decision instance indices. # All other indices will be made up of a single shard # NOTE: this property only applies the first time Optimize is started and # the schema/mapping is deployed on Elasticsearch. If you want to take # this property to take effect again, you need to delete all indexes (with it all data) # and restart Optimize. number_of_shards: 5 # How long Elasticsearch waits until the documents are available # for search. A positive value defines the duration in seconds. # A value of -1 means that a refresh needs to be done manually. refresh_interval: 2s # Optimize uses nested documents to store list information such as activities or variables belonging to a # process instance. So this setting defines the maximum number of activities/variables that a single # process instance can contain. This limit helps to prevent out of memory errors and should be used with care. nested_documents_limit: 10000 plugin: # Defines the directory path in the local Optimize file system which should be checked for plugins directory: './plugin' variableImport: # Look in the given base package list for variable import adaption plugins. # If empty, the import is not influenced. basePackages: [] engineRestFilter: # Look in the given base package list for engine rest filter plugins. # If empty, the REST calls are not influenced. basePackages: [] authenticationExtractor: # Looks in the given base package list for authentication extractor plugins. # If empty, the standard Optimize authentication mechanism is used. basePackages: [] decisionInputImport: # Look in the given base package list for Decision input import adaption plugins. # If empty, the import is not influenced. basePackages: [] decisionOutputImport: # Look in the given base package list for Decision output import adaption plugins. # If empty, the import is not influenced. basePackages: [] serialization: # Define a custom date format that should be used for # fetching date data from the engine(should be the same as in the engine) engineDateFormat: yyyy-MM-dd'T'HH:mm:ss.SSSZ alerting: quartz: jobStore: 'org.quartz.simpl.RAMJobStore' email: # A switch to control email sending process. enabled: false # Email address that can be used to send alerts address: '' # The smtp server name hostname: '' # The smtp server port. This one is also used as SSL port for the security connection. port: 587 # Define configuration properties for the authentication of the email server authentication: # A switch to control whether the email server requires authentication enabled: true # Username of your smtp server username: '' # Corresponding password to the given user of your smtp server password: '' # States how the connection to the server should be secured. # Possible values are 'NONE', 'STARTTLS' or 'SSL/TLS' securityProtocol: 'NONE' export: csv: # Maximum number of records returned by CSV export # Note: Increasing this value comes at a memory cost for the Optimize application that varies based on the actual data. # As a rough guideline, an export of a 50000 records raw data report containing 8 variables on each instance # can cause temporary heap memory peaks of up to ~200MB with the actual CSV file having a size of ~20MB. # Please adjust the heap memory accordingly. limit: 1000 sharing: # decides if the sharing feature of Optimize can be used in the UI. enabled: true historyCleanup: # cron expression for when the cleanup should run cronTrigger: '0 1 * * *' # default time to live (ttl) for data, when reached the corresponding process/decision/event instances will get cleaned up # Format is ISO_8601 duration https://en.wikipedia.org/wiki/ISO_8601#Durations ttl: 'P2Y' processDataCleanup: # switch for the camunda process data cleanup, defaults to false enabled: false # type of process data cleanup to perform, possible values: # 'all' - delete everything related to the process instance # 'variables' - only delete associated variables of a process instance cleanupMode: 'all' # Defines the batch size in which camunda engine process instance data gets cleaned up # may be reduced if requests fail due to request size constraints batchSize: 10000 # process definition specific configuration parameters that will overwrite the general parameters (ttl, processDataCleanupMode) # for the specific processDefinition key perProcessDefinitionConfig: # 'myProcessDefinitionKey': # ttl: 'P2M' # cleanupMode: 'variables' decisionDataCleanup: # switch for the camunda decision data cleanup, defaults to false enabled: false # decision definition specific configuration parameters that will overwrite the general parameters (ttl) # for the specific decisionDefinition key perDecisionDefinitionConfig: # 'myDecisionDefinitionKey': # ttl: 'P2M' ingestedEventCleanup: # switch for the ingested event data cleanup, defaults to false enabled: false locales: # all locales available # Note: for others than the default there must be a .json file available under ./config/localization. availableLocales: ['en', 'de'] # the fallback locale is used if there is a locale requested that is not available in availableLocales fallbackLocale: 'en' ui: header: # determines the color theme of the text in the header. Currently 'dark' and 'light' are supported. textColor: 'dark' # Path to the logo that is displayed in the header of Optimize. # Path can be: # * relative: starting from the config folder you can provide a relative path. # * absolute: full path in the file system. # # Supported image formats can be found here: # https://developer.mozilla.org/en-US/docs/Web/HTML/Element/img#Supported_image_formats pathToLogoIcon: 'logo/camunda_icon.svg' # a hex encoded color that should be used as background color for the header. Default color is white. backgroundColor: '#FFFFFF' eventBasedProcess: # A list of userIds that are authorized to manage (Create, Update, Publish & Delete) event based processes. authorizedUserIds: [] # A list of groupIds that are authorized to manage (Create, Update, Publish & Delete) event based processes. authorizedGroupIds: [] eventImport: # Determines whether this Optimize instance performs event based process instance import. enabled: false # The batch size of events being correlated to process instances of event based processes. maxPageSize: 10000 eventIngestion: # Secret token to be provided on the Ingestion REST API when ingesting data. # If set `null` a random token will be generated with each startup of Optimize and logged. accessToken: null # Content length limit for an ingestion REST API Bulk request in bytes. # Requests will be rejected when exceeding that limit. # Defaults to 10MB. maxBatchRequestBytes: 10485760 # The maximum number of requests to the event ingestion endpoint that can be served at a time maxRequests: 5 eventIndexRollover: # scheduleIntervalInMinutes specifies how frequently the rollover API should be called to see if a rollover of the # event index is required (whether the rollover is triggered depends on the conditions specified by maxIndexSizeGB). scheduleIntervalInMinutes: 10 # A rollover is triggered when the size of the current event index matches or exceeds the maxIndexSizeGB threshold. maxIndexSizeGB: 50 telemetry: # Sets the initial property value of telemetry configuration once when it has never been enabled/disabled before. # Telemetry can later be enabled/disabled in the UI by superusers initializeTelemetry: false