Skip to main content

Privacera Documentation

Custom Data Access Server properties

The following table contains the list of custom properties that can be configured for the Data Access Server. To use a custom property from the table, add it to one of the following YML files in the custom-vars folder configured as per your environment:

  • vars.dataserver.aws.yml

  • vars.dataserver.azure.yml

  • vars.dataserver.gcp.yml

Property

Description

Values

Default Value

DATASERVER_ENABLE

DATASERVER_INSTALL

DATASERVER_IMAGE_NAME

DATASERVER_IMAGE_TAG

DATASERVER_HTTP_HOSTNAME

DATASERVER_HTTP_PORT

Property to change the default port number for a non-secured Data Acess Server.

8181

DATASERVER_PROXY_SSL

Set the property to enable/disable Data Access Server Proxy SSL

true, false

true

DATASERVER_HTTPS_HOSTNAME

DATASERVER_HTTPS_PORT

Property to change the default port number for a secured Data Access Server.

8282

DATASERVER_HTTPS_KEYSTORE_FILE

DATASERVER_HTTPS_KEYSTORE_TYPE

DATASERVER_HTTPS_KEYSTORE_ALIAS

DATASERVER_HTTPS_KEYSTORE_PASSWORD

DATASERVER_HTTPS_KEYMANAGER_FACTORY_TYPE

DATASERVER_SSL_TRUSTSTORE_PASSWORD

DATASERVER_SSL_SELF_SIGNED

Set the value of the property to false to use signed certificate for Data Access Server.

true

DATASERVER_HOST_NAME

Signed DNS name for Data Access Server.

DATASERVER_SSL_SIGNED_PEM_FULL_CHAIN

The SSL certificates chain that consists of root certificates and intermediate certificate.

DATASERVER_SSL_SIGNED_PEM_PRIVATE_KEY

Signed certificate authority private key.

DATASERVER_SSL_SIGNED_CERT_FORMAT

Signed certificate key format.

The format is .pem.

DATASERVER_INTERNAL_HOST_NAME

DATASERVER_PROXY_PORT

DATASERVER_PROTOCOL

DATASERVER_PROTOCOL_URL

DATASERVER_SVC_IP

DATASERVER_EXTERNAL_HOST

DATASERVER_EXTERNAL_HOSTNAMES

Comma-separated list of multiple external DNS names for the Data Access Server.

DATASERVER_URL

DATASERVER_EXTERNAL_URL

DATASERVER_CLOUD_PROVIDER

DATASERVER_USE_CLOUDACCESSMGR

DATASERVER_PORTAL_BASEURL

DATASERVER_PORTAL_LOGIN_USER_NAME

DATASERVER_PORTAL_LOGIN_USER_PASS

DATASERVER_SSL_KEYSTORE

DATASERVER_SSL_KEYSTORE_PASSWORD

DATASERVER_TOKENSIGNER_KEYSTORE_FILE

DATASERVER_TOKENSIGNER_KEYSTORE_TYPE

DATASERVER_KEYSTORE_ALIAS

DATASERVER_KEYSTORE_PASSWORD

DATASERVER_MAC_ALGORITHM

DATASERVER_RANGER_AUTH_ENABLED

DATASERVER_ENCRYPT_SECRETS

DATASERVER_SECURE_JCEKS_FILE_PATHS

DATASERVER_SECURE_JCEKS_KEYS

DATASERVER_SECURE_JCEKS_KEYPREFIX

DATASERVER_ENCRYPT_PROPS_LIST

DATASERVER_AWS_SERVICES

DATASERVER_AWS_REGION

DATASERVER_AWS_S3_MULTI_ACCOUNT_ACCESS_ENABLE

Property to enable or disable the AWS S3 multiple IAM role support in Data Access Server.

true, false

false

DATASERVER_AWS_S3_MULTI_ACCOUNT_DEFAULT_IAM

Property to set the role ARN of the AWS S3 bucket. The default IAM role will be used, if IAM Role mapping is not found for any s3 bucket This bucket can be a shared bucket containing common artifacts or resources.

DATASERVER_AWS_S3_MULTI_ACCOUNT_MAPPING

Property to define the mapping between role ARNs and buckets. You can add comma-separated buckets. Set the mapping as shown below:

DATASERVER_AWS_S3_MULTI_ACCOUNT_MAPPING:-"<role-arn>|<bucketA,bucketB*>"-"<role-arn>|<bucketC*,bucketD>"

DATA_SERVER_AWS_S3_ENCRYPTION_ENABLE

Property to enable or disable the AWS S3 bucket encryption support.

true,false

false

DATA_SERVER_AWS_S3_ENCRYPTION_MAPPING

Property to set the mapping of S3 buckets, encryption SSE type, and SSE key (base64 encoded ). For example, "bucketC*,BucketD|SSE-KMS|<base64 encoded sse key>".

The base64-encoded encryption key should be set for the following:

  • Encryption type is set to SSE-KMS and customer managed CMKs is used for encryption.

  • Encryption type is set to SSE-C.

Example of the mapping of S3 buckets:

DATA_SERVER_AWS_S3_ENCRYPTION_MAPPING:-"bucketB|SSE-KMS"-"bucketC*,BucketD|SSE-KMS|<base64encodedssekey>"-"bucketE*|SSE-C|<base64encodedssekey>"

DATASERVER_S3_AWS_API_KEY

DATASERVER_S3_AWS_SECRET_KEY

DATASERVER_ATHENA_S3_USE_S3POLICY

DATASERVER_ATHENA_RESULTS_STORAGE_URL

DATASERVER_ATHENA_RESULTS_STORAGE_ENCRYPT_OPTION

DATASERVER_ATHENA_RESULTS_STORAGE_ENCRYPT_KMS_KEY

DATASERVER_V2_S3_ENDPOINT_ENABLE

DATASERVER_V2_S3_ENDPOINT_HOST

DATASERVER_V2_S3_ENDPOINT_PORT

DATASERVER_V2_S3_ENDPOINT_SSL

DATASERVER_AZURE_SERVICES

DATASERVER_AZURE_TENANTID

DATASERVER_AZURE_CLIENTID

DATASERVER_AZURE_SUBSCRIPTION_ID

DATASERVER_AZURE_RESOURCE_GROUP

DATASERVER_AZURE_CLIENT_SECRET

DATASERVER_AZURE_GEN2_SHARED_KEY_AUTH

DATASERVER_AZURE_ACCT_SHARED_KEY_PAIRS

DATASERVER_AZURE_ACCOUNT_NAME

DATASERVER_AZURE_SHARED_KEY

DATASERVER_AZURE_KERBEROS_KEYTAB

DATASERVER_AZURE_KERBEROS_PRINCIPAL

DATASERVER_AZURE_KERBEROS_USER

DATASERVER_GCP_SERVICES

DATASERVER_GCP_CREDENTIAL_FILE_PATH

DATASERVER_S3_CREDENTIAL_PROVIDER_PATH

DATASERVER_SUPERUSERS

DATASERVER_JWT_OAUTH_ENABLE

DATASERVER_JWT_TOKEN_ISSUER

DATASERVER_JWT_TOKEN_SUBJECT

DATASERVER_JWT_TOKEN_SECRET

DATASERVER_JWT_TOKEN_PUBLICKEY

DATASERVER_AUTHENTICATION_SOURCES

DATASERVER_AUTHENTICATION_IMPL_PROVIDERS

DATASERVER_MYLDAP_LDAP_URL

DATASERVER_MYLDAP_LDAP_USER_SEARCHFILTER

DATASERVER_MYLDAP_LDAP_USER_DNPATTERN

DATASERVER_MYLDAP_LDAP_REFERRAL

DATASERVER_MYLDAP_LDAP_BIND_DN

DATASERVER_MYLDAP_LDAP_BIND_PASSWORD

DATASERVER_MYLDAP_LDAP_BASE_DN

DATASERVER_MYAD_AD_URL

DATASERVER_MYAD_AD_USER_SEARCHFILTER

DATASERVER_MYAD_AD_REFERRAL

DATASERVER_MYAD_AD_BIND_DN

DATASERVER_MYAD_AD_BIND_PASSWORD

DATASERVER_MYAD_AD_BASE_DN

DATASERVER_DATABRICKS_ALLOWED_URLS

Comma-separated list of allowable Databricks URLs. For example:

DATASERVER_DATABRICKS_ALLOWED_URLS: "https://nvirginia.cloud.databricks.com,https://your.single.tenent.databricks.url"

DATASERVER_AWS_STS_ROLE

DATASERVER_V2_WORKDER_THREADS

Number of worker threads to process inbound connection.

20

DATASERVER_V2_CHANNEL_CONNECTION_BACKLOG

Maximum queue size for inbound connection.

128

DATASERVER_V2_CHANNEL_CONNECTION_POOL

Enable connection pool for outbound request.

true, false

false

DATASERVER_V2_FRONT_CHANNEL_IDLE_TIMEOUT

Idle timeout for inbound connection.

60

DATASERVER_V2_BACK_CHANNEL_IDLE_TIMEOUT

Idle timeout for outbound connection and will take effect only if the connection pool enabled.

60

DATASERVER_METRICS_PREFIX

DATASERVER_METRICS_GRAPHITE_ENABLE

DATASERVER_METRICS_GRAPHITE_HOST

DATASERVER_METRICS_GRAPHITE_PORT

DATASERVER_METRICS_GRAPHITE_INTERVAL

DATASERVER_TUNNEL_PORT

DATASERVER_K8S_LOADBALANCER_EXTERNAL

DATASERVER_K8S_ANNOTATION_LOADBALANCER_ANNOTATION

DATASERVER_K8S_PVC_NAME

DATASERVER_K8S_PVC_STORAGE_SIZE_MB

DATASERVER_K8S_PVC_STORAGE_SIZE

DATASERVER_K8S_STORAGE_PROVISIONER

DATASERVER_K8S_SC_NAME

DATASERVER_K8S_PV_ENCRYPTED

DATASERVER_K8S_PV_KEY

DATASERVER_K8S_MEM_LIMITS

DATASERVER_K8S_MEM_REQUESTS

DATASERVER_K8S_CPU_LIMITS

DATASERVER_K8S_CPU_REQUESTS

DATASERVER_PASSWORDS_LIST

Memory Variables

DATASERVER_HEAP_MIN_MEMORY_MB

Minimum Java Heap memory in MB used by Data Access Server. For example: DATASERVER_HEAP_MIN_MEMORY_MB: "1024"

DATASERVER_HEAP_MIN_MEMORY

Minimum Java Heap memory used by Data Access Server. Setting this value will override DATASERVER_HEAP_MIN_MEMORY_MB. For example: DATASERVER_HEAP_MIN_MEMORY: "1g"

DATASERVER_HEAP_MAX_MEMORY_MB

Maximum Java Heap memory in MB used by Data Access Server. For example: DATASERVER_HEAP_MAX_MEMORY_MB: "1024"

DATASERVER_HEAP_MAX_MEMORY

Maximum Java Heap memory used by Data Access Server. Setting this value will override DATASERVER_HEAP_MAX_MEMORY_MB. For example: DATASERVER_HEAP_MAX_MEMORY: "1g"

DATASERVER_K8S_MEM_REQUESTS_MB

Minimum amount of Kubernetes memory in MB to be requested by Data Access Server. For example: DATASERVER_K8S_MEM_REQUESTS_MB: "1024"

DATASERVER_K8S_MEM_REQUESTS

Minimum amount of Kubernetes memory to be used by Data Acess Server. Setting this value will override DATASERVER_K8S_MEM_REQUESTS_MB. For example: DATASERVER_K8S_MEM_REQUESTS: "1G"

DATASERVER_K8S_MEM_LIMITS_MB

Maximum amount of Kubernetes memory in MB to be requested by Data Acess Server. For example: DATASERVER_K8S_MEM_LIMITS_MB: "1024"

DATASERVER_K8S_MEM_LIMITS

Maximum amount of Kubernetes memory to be used by Data Acess Server. Setting this value will override DATASERVER_K8S_MEM_LIMITS_MB. For example: DATASERVER_K8S_MEM_LIMITS: "1G".

DATASERVER_CPU_MIN

Minimum amount of Kubernetes CPU to be requested by Data Acess Server. For example: DATASERVER_CPU_MIN: "0.5"

DATASERVER_CPU_MAX

Maximum amount of Kubernetes CPU to be used by Data Acess Server. For example: DATASERVER_CPU_MAX: "0.5"