40 lines
1.4 KiB
Plaintext
40 lines
1.4 KiB
Plaintext
# StellaOps Policy Gateway configuration template.
|
|
# Copy to ../etc/policy-gateway.yaml (relative to the gateway content root)
|
|
# and adjust values to fit your environment. Environment variables prefixed with
|
|
# STELLAOPS_POLICY_GATEWAY_ override these values at runtime.
|
|
|
|
schemaVersion: 1
|
|
|
|
telemetry:
|
|
minimumLogLevel: Information
|
|
|
|
resourceServer:
|
|
authority: "https://authority.stella-ops.local"
|
|
metadataAddress: "https://authority.stella-ops.local/.well-known/openid-configuration"
|
|
audiences: [ "api://policy-gateway" ]
|
|
requiredScopes: [ "policy:read", "policy:author", "policy:review", "policy:approve", "policy:operate", "policy:simulate", "policy:run", "policy:activate" ]
|
|
requiredTenants: [ ]
|
|
bypassNetworks:
|
|
- "127.0.0.1/32"
|
|
- "::1/128"
|
|
requireHttpsMetadata: true
|
|
backchannelTimeoutSeconds: 30
|
|
tokenClockSkewSeconds: 60
|
|
|
|
policyEngine:
|
|
baseAddress: "https://policy-engine.stella-ops.local"
|
|
audience: "api://policy-engine"
|
|
clientCredentials:
|
|
enabled: true
|
|
clientId: "policy-gateway"
|
|
clientSecret: "change-me"
|
|
scopes: [ "policy:read", "policy:author", "policy:review", "policy:approve", "policy:operate", "policy:simulate", "policy:run", "policy:activate" ]
|
|
backchannelTimeoutSeconds: 30
|
|
dpop:
|
|
enabled: false
|
|
keyPath: "../etc/policy-gateway-dpop.pem"
|
|
keyPassphrase: ""
|
|
algorithm: "ES256"
|
|
proofLifetime: "00:02:00"
|
|
clockSkew: "00:00:30"
|