Tenant registry configuration

These configuration properties are available only in the multitenant edition of the Connect2id server. They are located in

WEB-INF/tenants.properties

Any property in the configuration file can be overridden with a Java system property, e.g. by setting the optional -D argument at JVM startup:

-Dtenants.apiAccessTokenSHA256=a442bdc6e6b89bb4631766faab3a1a46a5a9abbc96256c4566e34cd3535c9c4b

The external configuration guide has tips for setting system properties from environment variables, local files and other locations.

tenants.apiAccessTokenSHA256

The access token for the tenant registry web API, represented by its SHA-256 hash (in hexadecimal format). The hashed storage is intended to prevent accidental leakage of the token through configuration files, logs, etc. The token is of type Bearer, non-expiring and must contain at least 32 random alphanumeric characters to make brute force guessing impractical.

Additional access tokens, to facilitate token roll-over or for other needs, can be configured by appending a dot (.) with a unique label to the property name, e.g. as tenants.apiAccessTokenSHA256.1=abc....

The hash for a token with value ztucZS1ZyFKgh0tUEruUtiSTXhnexmd6:

tenants.apiAccessTokenSHA256=cca68b8b82bcf0b96cb826199429e50cd95a042f8e8891d1ac56ab135d096633