Configuration Options

Permguard consists of multiple services that make up the AuthZ Server. These services can be deployed as a single all-in-one instance or separately.

For production environments, using the all-in-one distribution is not recommended. A distributed deployment is preferred as it allows each service to scale independently, improving both flexibility and performance.

Each server provides a set of CLI options to configure startup parameters, runtime behaviors, and integrations, ensuring flexibility for diverse use cases.

Servers#

Regardless of the chosen distribution, the binary accepts the following options:

--debug: enables debug mode (default false).

--log-level: specifies the log level (default INFO, options DEBUG, INFO, WARN, ERROR, DPANIC, PANIC, FATAL).

--storage-engine-central: data storage engine to be used for central data (default sqlite).

Storage Engines: storage engine options are used to configure the storage engine responsible for data persistence in the services.

--server-appdata: directory to be used as application data (default ./).

server-zap#

--storage-zap-engine-central: data storage engine to be used for the ZAP central data. This overrides the --storage-engine-central option. Default: sqlite.

--server-zap-data-fetch-maxpagesize int: maximum number of items to fetch per request. (default 10000).

--server-zap-data-enable-default-creation bool: enables the creation of default entities (e.g., tenants, identity sources) during data creation. (default false).

--server-zap-grpc-port int: port to be used for exposing the zap grpc services. (default 9091).

server-pap#

--storage-pap-engine-central: data storage engine to be used for the PAP central data. This overrides the --storage-engine-central option. Default: sqlite.

--server-pap-data-fetch-maxpagesize int: maximum number of items to fetch per request. (default 10000).

--server-pap-grpc-port int: port to be used for exposing the pap grpc services. (default 9092).

server-pip#

--storage-pip-engine-central: data storage engine to be used for the PIP central data. This overrides the --storage-engine-central option. Default: sqlite.

--server-pip-data-fetch-maxpagesize int: maximum number of items to fetch per request. (default 10000).

--server-pip-grpc-port int: port to be used for exposing the pip grpc services. (default 9093).

server-pdp#

--storage-pdp-engine-central: data storage engine to be used for the PDP central data. This overrides the --storage-engine-central option. Default: sqlite.

--server-pdp-data-fetch-maxpagesize int: maximum number of items to fetch per request. (default 10000).

--server-pdp-grpc-port int: port to be used for exposing the pdp grpc services. (default 9094).

Provisioners#

Regardless of the chosen distribution, the binary accepts the following options:

--debug: enables debug mode (default false).

--log-level: specifies log level (default INFO, options DEBUG, INFO, WARN, ERROR, DPANIC, PANIC, FATAL).