id-repository-default.properties

# Follow properites have their values assigned via 'overrides' environment variables of config server docker.
# DO NOT define these in any of the property files.  They must be passed as env variables.  Refer to config-server
# helm chart:
# db.dbuser.password 
# mosip.crereq.client.secret
# mosip.creser.client.secret
# mosip.regproc.client.secret
# mosip.kernel.tokenid.uin.salt
# mosip.kernel.tokenid.partnercode.salt
# idrepo.websub.vid.credential.update.secret
# keycloak.internal.url
# s3.accesskey 
# s3.region
# s3.secretkey

management.endpoint.restart.enabled=true

# Database hostname below is assuming postgres is running inside cluster in 'postgres' namespace
# If database is external to production, provide the DNS or ip of the host and port 
mosip.idrepo.db.url=postgres-postgresql.postgres
mosip.idrepo.db.port=5432
mosip.idrepo.db.identity.db-name=mosip_idrepo
mosip.idrepo.db.identity.username=idrepouser
mosip.idrepo.db.identity.password=${db.dbuser.password}
mosip.idrepo.db.vid.db-name=mosip_idmap
mosip.idrepo.db.vid.username=idmapuser
mosip.idrepo.db.vid.password=${db.dbuser.password}
mosip.idrepo.objectstore.account-name=idrepo
mosip.idrepo.objectstore.bucket-name=${s3.pretext.value:}idrepo
mosip.idrepo.objectstore.adapter-name=s3Adapter

#IDRepo identity/vid service authentication details
mosip.idrepo.auth.client-id=mosip-idrepo-client
mosip.idrepo.auth.secret-key=${mosip.idrepo.client.secret}
mosip.idrepo.auth.app-id=idrepo

# For auditing
mosip.idrepo.application.name=ID-Repository
mosip.idrepo.application.version.pattern=^v\\d+(\\.\\d+)?$
# Configuration for +/- time period adjustment in minutes for the request time validation, so that 
#the requests originating from a system that is not in time-sync will be accepted for the time period
mosip.idrepo.datetime.future-time-adjustment=2
# Reference IDs of base keys used for encryption/decryption
mosip.idrepo.crypto.refId.uin=uin
mosip.idrepo.crypto.refId.uin-data=identity_data
mosip.idrepo.crypto.refId.demo-doc-data=demographic_data
mosip.idrepo.crypto.refId.bio-doc-data=biometric_data


# Limit the number of async threads created in IDRepo services. This count is divided into 4 thread groups configured in IdRepoConfig.class
mosip.idrepo.active-async-thread-count=100

# Logging of thread queue done based on below value in ms. Logging is done only if queue value of any one thread group crosses below specified threshold.
mosip.idrepo.monitor-thread-queue-in-ms=600000
mosip.idrepo.max-thread-queue-threshold=100

## Kernel retry
# The retry limit excluding the first attempt before attempting for retries. Default is set to 5.
kernel.retry.attempts.limit=5
# The initial interval to be used for exponential backoff in milli seconds. If the exponential backoff is disabled by setting 'kernel.retry.exponential.backoff.multiplier' value as 1, this initial interval will be used as the fixed backoff interval for every retries. Default value is 200 millisecs
kernel.retry.exponential.backoff.initial.interval.millisecs=100
# The multiplier for exponential backoff intreval. A double value greater than or equal to 1. Setting to 1 will make it to fixed backoff, more than 1 will apply exponential backoff. Default is 1.0 (fixed backoff). For exponential backoff the suggested value is 1.5 or 2. The next backoff interval is calculated with the formula: NextBackOffInterval = initialInterval * Math.pow(multiplier, retryCount)
kernel.retry.exponential.backoff.multiplier=1.5
kernel.retry.exponential.backoff.max.interval.millisecs=1000
# Whether to traverse to the root cause exception from the exception thrown and use the same root cause to decide whether to retry or not. Default is true.
kernel.retry.traverse.root.cause.enabled=false
#Comma separated List of fully qualified Exceptions which are retryable (inclusion list). Their subclasses will also be considered in the evaluation.
kernel.retry.retryable.exceptions=io.mosip.idrepository.core.exception.IdRepoRetryException
#Comma separated List of fully qualified Exceptions which are not-retryable (exclusion list). Their subclasses will also be considered in the evaluation.
kernel.retry.nonretryable.exceptions=

## Identity service
# Application version expected in the request
mosip.idrepo.identity.application.version=v1
# Application ids expected in the requests
mosip.idrepo.identity.id.create=mosip.id.create
mosip.idrepo.identity.id.read=mosip.id.read
mosip.idrepo.identity.id.update=mosip.id.update
mosip.identity.get.drafts.id=mosip.identity.get.drafts
mosip.identity.get.drafts.version=1.0

#database mappings for identity service
mosip.idrepo.identity.db.url=jdbc:postgresql://${mosip.idrepo.db.url}:${mosip.idrepo.db.port}/${mosip.idrepo.db.identity.db-name}
mosip.idrepo.identity.db.username=${mosip.idrepo.db.identity.username}
mosip.idrepo.identity.db.password=${mosip.idrepo.db.identity.password}
mosip.idrepo.identity.db.driverClassName=org.postgresql.Driver
# Path of UIN expected in the input idrepo request. This path is based on Identity schema.
mosip.idrepo.identity.json.path=identity.UIN
# UIN status value which is stored in database for newly inserted UIN/active UINs.
mosip.idrepo.identity.uin-status.registered=ACTIVATED
# List of allowed UIN status in ID-Repo 
mosip.idrepo.identity.uin-status=ACTIVATED,BLOCKED,DEACTIVATED 

# idobjectvalidator
# Class name of the referenceValidator. Commenting or removing this property will disable reference validator.
mosip.kernel.idobjectvalidator.referenceValidator=io.mosip.kernel.idobjectvalidator.impl.IdObjectReferenceValidator

# VID
# Application version expected in the request
mosip.idrepo.vid.application.version=v1
# Application ids expected in the requests
mosip.idrepo.vid.id.create=mosip.vid.create
mosip.idrepo.vid.id.read=mosip.vid.read
mosip.idrepo.vid.id.update=mosip.vid.update
mosip.idrepo.vid.id.regenerate=mosip.vid.regenerate 
mosip.idrepo.vid.id.reactivate=mosip.vid.reactivate
mosip.idrepo.vid.id.deactivate=mosip.vid.deactivate
# Database mapping for VID service
mosip.idrepo.vid.db.url=jdbc:postgresql://${mosip.idrepo.db.url}:${mosip.idrepo.db.port}/${mosip.idrepo.db.vid.db-name}
mosip.idrepo.vid.db.username=${mosip.idrepo.db.vid.username}
mosip.idrepo.vid.db.password=${mosip.idrepo.db.vid.password}
mosip.idrepo.vid.db.driverClassName=org.postgresql.Driver
# VID status value which is stored in database for newly inserted VID/active VIDs.
mosip.idrepo.vid.active-status=ACTIVE
# VID status for which unlimited txn is not allowed
mosip.idrepo.vid.unlimited-txn-status=USED
# VID status which are allowed for VID regeneration
mosip.idrepo.vid.regenerate.allowed-status=ACTIVE,REVOKED,EXPIRED,USED
# List of allowed VID status in ID-Repo 
mosip.idrepo.vid.allowedstatus=ACTIVE,REVOKED,EXPIRED,USED,INVALIDATED,DEACTIVATED
# VID status value which is stored in database for deactivated VIDs. Used in deactivate-all-vids api.
mosip.idrepo.vid.deactive-status=DEACTIVATED
# VID status value which is stored in database for reactivated VIDs. Used in reactivate-all-vids api.
mosip.idrepo.vid.reactive-status=ACTIVE

#RID
# Application version expected in the request
mosip.idrepo.rid.get.version=1.0
# Application ids expected in the requests
mosip.idrepo.rid.get.id=mosip.idrepo.rid.get

# Config server url
mosip.idrepo.mosip-config-url=${spring.cloud.config.uri}/${spring.application.name}/${spring.profiles.active}/${spring.cloud.config.label}/
# VID policy schema against which VID policy is validated
mosip.idrepo.vid.policy-schema-url=${mosip.idrepo.mosip-config-url}mosip-vid-policy-schema.json
# VID policy based on which VID is created
mosip.idrepo.vid.policy-file-url=${mosip.idrepo.mosip-config-url}mosip-vid-policy.json

# Default type of VID to be created automatically while publishing UIN
mosip.idrepo.draft-vid.default-type-to-create=PERPETUAL

## Rest servies 
mosip.idrepo.audit.rest.uri=${mosip.kernel.auditmanager.url}/v1/auditmanager/audits
mosip.idrepo.audit.rest.httpMethod=POST
mosip.idrepo.audit.rest.headers.mediaType=application/json

mosip.idrepo.encryptor.rest.uri=${mosip.kernel.keymanager.url}/v1/keymanager/encrypt
mosip.idrepo.encryptor.rest.httpMethod=POST
mosip.idrepo.encryptor.rest.headers.mediaType=application/json
mosip.idrepo.encryptor.rest.timeout=100

mosip.idrepo.decryptor.rest.uri=${mosip.kernel.keymanager.url}/v1/keymanager/decrypt
mosip.idrepo.decryptor.rest.httpMethod=POST
mosip.idrepo.decryptor.rest.headers.mediaType=application/json
mosip.idrepo.decryptor.rest.timeout=100

mosip.idrepo.vid-service.rest.uri=${mosip.idrepo.vid.url}/idrepository/v1/vid/uin/{uin}
mosip.idrepo.vid-service.rest.httpMethod=GET
mosip.idrepo.vid-service.rest.headers.mediaType=application/json
mosip.idrepo.vid-service.rest.timeout=100

mosip.idrepo.retrieve-uin-by-vid.rest.uri=${mosip.idrepo.vid.url}/idrepository/v1/vid/{vid}
mosip.idrepo.retrieve-uin-by-vid.rest.httpMethod=GET
mosip.idrepo.retrieve-uin-by-vid.rest.headers.mediaType=application/json
mosip.idrepo.retrieve-uin-by-vid.rest.timeout=100

# in minutes
mosip.iam.adapter.validate-expiry-check-rate=15
# in minutes
mosip.iam.adapter.renewal-before-expiry-interval=15
#this should be false if you don?t use the self token restTemplate from auth adapter true if you do (needed for websubclient).
mosip.iam.adapter.self-token-renewal-enable=true
mosip.auth.filter_disable=false

mosip.idrepo.bio-extractor-service.rest.uri=${mosip.mock.biosdk.url}/biosdk-service/{extractionFormat}/extracttemplates
mosip.idrepo.bio-extractor-service.rest.httpMethod=POST
mosip.idrepo.bio-extractor-service.rest.headers.mediaType=application/json
mosip.idrepo.bio-extractor-service.rest.timeout=100

mosip.idrepo.syncdata-service.rest.uri=${mosip.kernel.masterdata.url}/v1/masterdata/idschema/latest
mosip.idrepo.syncdata-service.rest.httpMethod=GET
mosip.idrepo.syncdata-service.rest.headers.mediaType=application/json
mosip.idrepo.syncdata-service.rest.timeout=100

mosip.idrepo.pmp.partner.rest.uri=${mosip.pms.partnermanager.url}/v1/partnermanager/partners?partnerType=Online_Verification_Partner
mosip.idrepo.pmp.partner.rest.httpMethod=GET
mosip.idrepo.pmp.partner.rest.headers.mediaType=application/json
mosip.idrepo.pmp.partner.rest.timeout=100

mosip.idrepo.credential.request.rest.uri=${mosip.idrepo.credrequest.generator.url}/v1/credentialrequest/requestgenerator
mosip.idrepo.credential.request.rest.httpMethod=POST
mosip.idrepo.credential.request.rest.headers.mediaType=application/json
mosip.idrepo.credential.request.rest.timeout=100

mosip.idrepo.credential.cancel-request.rest.uri=${mosip.idrepo.credrequest.generator.url}/v1/credentialrequest/cancel/{requestId}
mosip.idrepo.credential.cancel-request.rest.httpMethod=GET
mosip.idrepo.credential.cancel-request.rest.headers.mediaType=application/json
mosip.idrepo.credential.cancel-request.rest.timeout=100

## Credential status job
# Fixed delay time after which job will be triggered again to process the created/updated credential details.
mosip.idrepo.credential-status-update-job.fixed-delay-in-ms=10000

# Dummy partner id used to create a credential request record in credential_request_status.
# Credential won't be issued for the below provided. id-repository-credential-feeder will utilize
# the credential request with below partner id to issue credential to new IDA partners.
idrepo-dummy-online-verification-partner-id=MOVP

mosip.idrepo.retrieve-by-uin.rest.uri=${mosip.idrepo.identity.url}/idrepository/v1/identity/idvid/{uin}
mosip.idrepo.retrieve-by-uin.rest.httpMethod=GET
mosip.idrepo.retrieve-by-uin.rest.headers.mediaType=application/json
mosip.idrepo.retrieve-by-uin.rest.timeout=100

mosip.idrepo.vid-generator.rest.uri=${mosip.kernel.idgenerator.url}/v1/idgenerator/vid
mosip.idrepo.vid-generator.rest.httpMethod=GET
mosip.idrepo.vid-generator.rest.headers.mediaType=application/json
mosip.idrepo.vid-generator.rest.timeout=100

## Websub
mosip.idrepo.websub.vid-credential-update.callback-url=${mosip.idrepo.identity.url}/idrepository/v1/identity/callback/vid_credential_status_update
mosip.idrepo.websub.vid-credential-update.topic=VID_CRED_STATUS_UPDATE
mosip.idrepo.websub.vid-credential-update.secret= ${idrepo.websub.vid.credential.update.secret}
mosip.idrepo.websub.credential-status-update.topic=CREDENTIAL_STATUS_UPDATE

## Auth adapter
mosip.iam.adapter.clientid.id-repository=${mosip.idrepo.auth.client-id}
mosip.iam.adapter.clientsecret.id-repository=${mosip.idrepo.auth.secret-key}
mosip.iam.adapter.appid.id-repository=${mosip.idrepo.auth.app-id}
mosip.authmanager.client-token-endpoint=${mosip.kernel.authmanager.url}/v1/authmanager/authenticate/clientidsecretkey

mosip.idrepo.uin-generator.rest.uri=${mosip.kernel.idgenerator.url}/v1/idgenerator/uin
mosip.idrepo.uin-generator.rest.httpMethod=GET
mosip.idrepo.uin-generator.rest.headers.mediaType=application/json
mosip.idrepo.uin-generator.rest.timeout=100

mosip.idrepo.draft-vid.rest.uri=${mosip.idrepo.vid.url}/idrepository/v1/draft/vid
mosip.idrepo.draft-vid.rest.httpMethod=POST
mosip.idrepo.draft-vid.rest.headers.mediaType=application/json
mosip.idrepo.draft-vid.rest.timeout=100

mosip.idrepo.update-vid.rest.uri=${mosip.idrepo.vid.url}/idrepository/v1/vid/{vid}
mosip.idrepo.update-vid.rest.httpMethod=PATCH
mosip.idrepo.update-vid.rest.headers.mediaType=application/json
mosip.idrepo.update-vid.rest.timeout=100

## Credential request generator
mosip.credential.service.database.hostname=postgres-postgresql.postgres
mosip.credential.service.database.port=5432

mosip.credential.service.jdbc.url=jdbc:postgresql://${mosip.credential.service.database.hostname}:${mosip.credential.service.database.port}/mosip_credential?currentSchema=credential
mosip.credential.service.jdbc.user=credentialuser
mosip.credential.service.jdbc.password=${db.dbuser.password}
mosip.credential.service.jdbc.driver=org.postgresql.Driver
hibernate.hbm2ddl.auto=none
spring.jpa.hibernate.ddl-auto=none
hibernate.dialect=org.hibernate.dialect.PostgreSQLDialect
hibernate.jdbc.lob.non_contextual_creation=true
hibernate.show_sql=false
# Token generator properties 
credential.request.token.request.appid=${mosip.idrepo.credential-req-generator.auth.app-id}
credential.request.token.request.clientId=${mosip.idrepo.credential-req-generator.auth.client-id}
credential.request.token.request.secretKey=${mosip.idrepo.credential-req-generator.auth.secret-key}
credential.request.token.request.version=1.0
credential.request.token.request.id=io.mosip.credentialrequestgenerator
credential.request.token.request.issuerUrl=${keycloak.internal.url}/auth/realms/mosip
mosip.credential.request.service.id=mosip.credential.request.generator
mosip.credential.request.datetime.pattern=yyyy-MM-dd'T'HH:mm:ss.SSS'Z'
mosip.credential.request.service.version=1.0

# Reference Id which is used for encryption/decryption of credential request using keymanager
mosip.credential.request.crypto-ref-id=credential_request

	## Batch job
# batch job time intervel in miliseconds
mosip.credential.request.job.timedelay=3000
#Reprocessing job timeintervel in miliseconds
mosip.credential.request.reprocess.job.timedelay=1200000
credential.request.type=auth
credential.request.retry.max.count=10
credential.request.reprocess.statuscodes=FAILED,RETRY
credential.batch.page.size=10
credential.request.process.locktimeout=60000
credential.request.reprocess.locktimeout=60000
credential.batch.status=NEW

## Rest services
CRDENTIALSERVICE=${mosip.idrepo.credential.service.url}/v1/credentialservice/issue
KEYBASEDTOKENAPI=${mosip.kernel.authmanager.url}/v1/authmanager/authenticate/clientidsecretkey
CALLBACKURL=${mosip.idrepo.credrequest.generator.url}/v1/credentialrequest/callback/notifyStatus
ENCRYPTION=${mosip.idrepo.encryptor.rest.uri}
DECRYPTION=${mosip.idrepo.decryptor.rest.uri}

# Websub
#Delay (in milliseconds) for subscription on application startup to avoid failure during intent verification by hub.
subscription-delay-secs=120000
# The time interval in seconds to schedule subscription of topics which is done as a
# work-around , By default the
# this property value is set to 0 that disables this workaround.
# To enable the resubscrition scheduling, this property should be assigned with a positive
# number like 1 * 60 * 60 = 3600 for one hour
resubscription-delay-secs=43200
WEBSUBSECRET=test

# Credential service
credential.service.token.request.appid=${mosip.idrepo.credential.auth.app-id}
credential.service.token.request.clientId=${mosip.idrepo.credential.auth.client-id}
credential.service.token.request.secretKey=${mosip.creser.client.secret}
credential.service.token.request.id=io.mosip.credentialstore
# Credential formatter properties 
mosip.credential.vc.datetime.pattern=yyyy-MM-dd'T'HH:mm:ss'Z'
mosip.credential.service.datetime.pattern=yyyy-MM-dd'T'HH:mm:ss.SSS'Z'
mosip.credential.service.service.id=mosip.credential.store
mosip.credential.service.service.version=1.0
credential.service.credentialtype.file=CredentialType.json
credential.service.mvel.file=credentialdata.mvel
credential.service.dob.format=yyyy/MM/dd
mosip.credential.service.credential.schema=MOSIPVerifiableCredential
mosip.credential.service.type.name=mosip
mosip.credential.service.type.namespace=mosip
credentialType.formatter.AUTH=IdAuthProvider
credentialType.formatter.QRCODE=QrCodeProvider
credentialType.formatter.MOSIP=CredentialProvider
credentialType.formatter.EUIN=QrCodeProvider
credentialType.formatter.REPRINT=QrCodeProvider
credentialType.formatter.EUIN_WITH_QR=QrCodeProvider
credentialType.formatter.EUIN_WITH_FACEQR=QrCodeProvider
mosip.credential.service.format.id=http://mosip.io/credentials/
mosip.credential.service.format.issuer=https://mosip.io/issuers/
mosip.credential.service.application.id=PARTNER
mosip.credential.service.includeCertificateHash=true
mosip.credential.service.includeCertificate=true
mosip.credential.service.includePayload=false
mosip.credential.service.share.prependThumbprint=false
mosip.credential.service.retry.maxAttempts=3
mosip.credential.service.retry.maxDelay=100

IDREPOGETIDBYID=${mosip.idrepo.identity.url}/idrepository/v1/identity/idvid
mosip.data.share.protocol=http
mosip.data.share.internal.domain.name=datashare.datashare
CREATEDATASHARE=/v1/datashare/create
KEYMANAGER_JWTSIGN=${mosip.kernel.keymanager.url}/v1/keymanager/jwtSign
KEYMANAGER_ENCRYPT_PIN=${mosip.kernel.keymanager.url}/v1/keymanager/encryptWithPin
KEYMANAGER_ENCRYPT_ZK=${mosip.kernel.keymanager.url}/v1/keymanager/zkEncrypt
PARTNER_POLICY=${mosip.pms.partnermanager.url}/v1/partnermanager/partners/{partnerId}/credentialtype/{credentialType}/policies
PARTNER_EXTRACTION_POLICY=${mosip.pms.partnermanager.url}/v1/partnermanager/partners/{partnerId}/bioextractors/{policyId}
credential.service.token.request.issuerUrl=${keycloak.internal.url}/auth/realms/mosip

# BioSDK service
mosip.biosdk.default.service.url=${mosip.mock.biosdk.url}/biosdk-service
# The fully qualified Class Name of the BIO SDK API implemented for Finger modality 
# This class will be loaded in runtime, the containing jar should be available in classpath
mosip.biometric.sdk.providers.finger.mosip-ref-impl-sdk-client.classname=io.mosip.biosdk.client.impl.spec_1_0.Client_V_1_0
# The version of the BIO SDK API implemeted for Finger modality
mosip.biometric.sdk.providers.finger.mosip-ref-impl-sdk-client.version=0.9
mosip.biometric.sdk.providers.finger.mosip-ref-impl-sdk-client.format.url.mock-1.1=${mosip.biosdk.default.service.url}
# The default URL will be taken if no format specified in the extraction or the incoming extraction format is not configured. 
# If the below default configuration is not configured, the one of the configured url will be used as the default URL. 
# If no URL is configured, the default URL will be taken from the environment variable 'mosip_biosdk_service'.
mosip.biometric.sdk.providers.finger.mosip-ref-impl-sdk-client.format.url.default=${mosip.biosdk.default.service.url}

# The fully qualified Class Name of the BIO SDK API implemented for Iris modality 
# This class will be loaded in runtime, the containing jar should be available in classpath
mosip.biometric.sdk.providers.iris.mosip-ref-impl-sdk-client.classname=io.mosip.biosdk.client.impl.spec_1_0.Client_V_1_0
# The version of the BIO SDK API implemeted for Iris modality
mosip.biometric.sdk.providers.iris.mosip-ref-impl-sdk-client.version=0.9
mosip.biometric.sdk.providers.iris.mosip-ref-impl-sdk-client.format.url.mock-1.1=${mosip.biosdk.default.service.url}

# The fully qualified Class Name of the BIO SDK API implemented for Face modality 
# This class will be loaded in runtime, the containing jar should be available in classpath
mosip.biometric.sdk.providers.face.mosip-ref-impl-sdk-client.classname=io.mosip.biosdk.client.impl.spec_1_0.Client_V_1_0
# The version of the BIO SDK API implemeted for Face modality
mosip.biometric.sdk.providers.face.mosip-ref-impl-sdk-client.version=0.9
mosip.biometric.sdk.providers.face.mosip-ref-impl-sdk-client.format.url.mock-1.1=${mosip.biosdk.default.service.url}

# Credential issuance Event properties
id-repo-ida-event-type-namespace=mosip
id-repo-ida-event-type-name=ida
id-repo-ida-credential-type=auth
id-repo-ida-credential-recepiant=IDA

# Kernel token ID generator properties
mosip.kernel.tokenid.uin.salt=${mosip.kernel.uin.salt}
mosip.kernel.tokenid.partnercode.salt=${mosip.kernel.partnercode.salt}

# Enabling below property will start logging performance logs in identity and vid service
mosip.idrepo.aspect-logging.enabled=false

auth.server.admin.allowed.audience=mosip-regproc-client,mosip-prereg-client,mosip-admin-client,mosip-crereq-client,mosip-creser-client,mosip-datsha-client,mosip-ida-client,mosip-resident-client,mosip-reg-client,mpartner-default-print,mosip-idrepo-client,mpartner-default-auth,mosip-syncdata-client,mosip-masterdata-client,mosip-idrepo-client,mosip-pms-client,mosip-hotlist-client,opencrvs-partner,mpartner-default-digitalcard,mpartner-default-mobile,mosip-signup-client
#openapi properties to sort tag and operations of id-repository services
springdoc.swagger-ui.tagsSorter=alpha
springdoc.swagger-ui.operationsSorter=alpha

# Object store
object.store.s3.accesskey=${s3.accesskey}
object.store.s3.secretkey=${s3.secretkey}
## For Minio: object.store.s3.url=http://minio.minio:9000
## For AWS: object.store.s3.url=s3.${s3.region}.amazonaws.com
object.store.s3.url=http://minio.minio:9000
object.store.s3.region=${s3.region}
object.store.s3.readlimit=10000000

# Roles
mosip.role.idrepo.credentialrequest.postrequestgenerator=CREDENTIAL_REQUEST,ID_REPOSITORY
mosip.role.idrepo.credentialrequest.postv2requestgeneratorrid=CREDENTIAL_REQUEST,ID_REPOSITORY
mosip.role.idrepo.credentialrequest.getcancelrequestid=CREDENTIAL_REQUEST,ID_REPOSITORY
mosip.role.idrepo.credentialrequest.getgetrequestid=CREDENTIAL_REQUEST
mosip.role.idrepo.credentialrequest.getgetrequestids=CREDENTIAL_REQUEST
mosip.role.idrepo.credentialrequest.putretriggerrequestid=CREDENTIAL_REQUEST
mosip.role.idrepo.credentialservice.postissue=CREDENTIAL_REQUEST
mosip.role.idrepo.identity.postidrepo=REGISTRATION_PROCESSOR,ID_REPOSITORY
mosip.role.idrepo.identity.getidvidid=REGISTRATION_PROCESSOR,RESIDENT,REGISTRATION_ADMIN,REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,ID_AUTHENTICATION,ID_REPOSITORY
mosip.role.idrepo.identity.patchidrepo=REGISTRATION_PROCESSOR,ID_REPOSITORY
mosip.role.idrepo.identity.getauthtypesstatusindividualidtypeindividualid=RESIDENT,ID_REPOSITORY
mosip.role.idrepo.identity.postauthtypesstatus=RESIDENT,ID_REPOSITORY
mosip.role.idrepo.identity.postdraftcreateregistrationId=REGISTRATION_PROCESSOR,ID_REPOSITORY
mosip.role.idrepo.identity.patchdraftupdateregistrationId=REGISTRATION_PROCESSOR,ID_REPOSITORY
mosip.role.idrepo.identity.getdraftpublishregistrationId=REGISTRATION_PROCESSOR,ID_REPOSITORY
mosip.role.idrepo.identity.deletedraftdiscardregistrationId=REGISTRATION_PROCESSOR,ID_REPOSITORY,RESIDENT
mosip.role.idrepo.identity.draftregistrationId=REGISTRATION_PROCESSOR,ID_REPOSITORY
mosip.role.idrepo.identity.getdraftregistrationId=REGISTRATION_PROCESSOR,ID_REPOSITORY
mosip.role.idrepo.identity.putdraftextractbiometricsregistrationId=REGISTRATION_PROCESSOR,ID_REPOSITORY
mosip.role.idrepo.identity.remainingUpdateCountByIndividualId=RESIDENT,ID_REPOSITORY
mosip.role.idrepo.identity.getRidByIndividualId=RESIDENT,ID_REPOSITORY
mosip.role.idrepo.vid.postvid=RESIDENT,REGISTRATION_PROCESSOR,ID_REPOSITORY
mosip.role.idrepo.vid.getvid=REGISTRATION_PROCESSOR,ID_AUTHENTICATION,RESIDENT,ID_REPOSITORY
mosip.role.idrepo.vid.getviduin=REGISTRATION_PROCESSOR,ID_REPOSITORY,RESIDENT
mosip.role.idrepo.vid.patchvid=ID_AUTHENTICATION,REGISTRATION_PROCESSOR,RESIDENT,ID_REPOSITORY
mosip.role.idrepo.vid.postvidregenerate=RESIDENT,ID_REPOSITORY
mosip.role.idrepo.vid.postviddeactivate=RESIDENT,ID_REPOSITORY
mosip.role.idrepo.vid.postvidreactivate=RESIDENT,ID_REPOSITORY
mosip.role.idrepo.vid.postdraftvid=REGISTRATION_PROCESSOR,ID_REPOSITORY
mosip.role.idrepo.identity.getdraftUIN=RESIDENT,ID_REPOSITORY

mosip.mask.function.identityAttributes=convertToMaskData

mosip.credential.service.fetch-identity.type=bio

mosip.idrepo.credential.request.enable-convention-based-id=false
mosip.idrepo.credential-request-v2.rest.uri=${mosip.idrepo.credrequest.generator.url}/v1/credentialrequest/v2/requestgenerator/{rid}
mosip.idrepo.credential-request-v2.rest.httpMethod=POST
mosip.idrepo.credential-request-v2.rest.headers.mediaType=application/json
mosip.idrepo.credential-request-v2.rest.timeout=100

# It is recommended to not support UIN based authentication (both external & internal)
# To stop issuing UIN+credential to IDA set flag to true otherwise set the flag to false to issue UIN+credential to IDA.
mosip.idrepo.identity.disable-uin-based-credential-request=false
# Field Id as in the identity schema will be the key and value is the actual postfix to append. Empty values are also supported.
# This configuration is considered only when mentioned fieldId is marked to be a handle in the identity schema and it is one of the selectedHandle in the ID-object.
mosip.identity.fieldid.handle-postfix.mapping={'phone':'@phone'}
mosip.idrepo.identity.max-request-time-deviation-seconds=60
#Enable this property only when to check cache log
#logging.level.org.springframework.cache=TRACE
# By default, it is false. To enable force merge of data, change it to true.
mosip.idrepo.create-identity.enable-force-merge=false

mosip.identity.get.excluded.attribute.list=UIN,verifiedAttributes,IDSchemaVersion