entici

Configuration

The configuration is handled via one single .env file. A template file is available. This page gives an overview of all available configuration parameters.

Basic Configuration

NameDescriptionDefault Value
VERSIONVersion of this instance.-
LOG_LEVELLog level for application logging. This only applies to self-developed code.INFO
Template with default values
##### Version of this instance.
VERSION=5.1.1-RELEASE
LOG_LEVEL=INFO

Server Configuration

NameDescriptionDefault Value
SERVER_NAMEHostname for the server, e.g. example.de-
SERVER_PORTPort for the server.443
KEYCLOAK_SERVER_NAMEURL of the Keycloak server, .e.g https://keycloak.example. Avoid trailing slashes.-
KEYCLOAK_SERVER_TYPEKeycloak server type (Internal or External). Internal is not supported for productive use.External
KEYCLOAK_ADMIN_PWPassword for the Keycloak admin user (required if KEYCLOAK_SERVER_TYPE is set to Internal)-
DOCKER_REGISTRY_PREFIXDocker registry prefix, e.g. artifactory.medic.uni-tuebingen.de/docker-release/-
Template with default values
###################################################################
###################### Server configuration #######################
###################################################################

##### Hostname
# Example: tc03.ext.difuture.imedis.med.tum.de
SERVER_NAME=

##### Port
SERVER_PORT=443

##### URL of the keycloak server
# Example: https://keycloak.example
# Note: Avoid trailing slashes!
KEYCLOAK_SERVER_NAME=

#### Keycloak server type (Internal or External)
# Default: External.
# Note: Use Internal only for testing purposes.
KEYCLOAK_SERVER_TYPE=External

##### Password for the keycloak admin user (must be set if 'KEYCLOAK_SERVER_TYPE'==Internal)
KEYCLOAK_ADMIN_PW=

##### Docker registry prefix (mind the tailing slash!)
# Example: artifactory.medic.uni-tuebingen.de/docker-release/
DOCKER_REGISTRY_PREFIX=

Keycloak Configuration

These parameter values match the predefined realm and thus in most cases can be kept as is. They might have to be changed in case the realm is configured manually.

KEYCLOAK_CLIENT_CLIENT_ID_FOR_INTERFACE=trustcenter-interface
KEYCLOAK_CLIENT_RESOURCE_ID_FOR_INTERFACE=trustcenter-facade

KEYCLOAK_CLIENT_RESOURCE_ID_FOR_LEVEL_1_PSN_SERVICE=backend-entitylist
KEYCLOAK_CLIENT_RESOURCE_ID_FOR_LEVEL_1_DEPSN_SERVICE=entitylist-depsn-service
KEYCLOAK_CLIENT_RESOURCE_ID_FOR_LEVEL_1_WEBAPP=entitylist-webapp

KEYCLOAK_CLIENT_RESOURCE_ID_FOR_LEVEL_2_PSN_SERVICE=backend-pseudonymization
KEYCLOAK_CLIENT_RESOURCE_ID_FOR_LEVEL_2_DEPSN_SERVICE=psns-depsn-service
KEYCLOAK_CLIENT_RESOURCE_ID_FOR_LEVEL_2_WEBAPP=pseudonymization-webapp

Monitoring Configuration

NameDescriptionDefault Value
GF_SECURITY_ADMIN_PASSWORDGrafana admin password.-
PROMETHEUS_GLOBAL_SCRAPE_INTERVALPrometheus scrape interval.120s
MONITORING_METRIC_RESOURCE_COUNT_PATIENTNumber of patients.true
MONITORING_METRIC_RESOURCE_COUNT_ENCOUNTERNumber of encounters.true
MONITORING_METRIC_RESOURCE_COUNT_REFERENCENumber of other resources.true
MONITORING_METRIC_PSEUDONYM_COUNT_PATIENTNumber of patient pseudonyms per target system.true
MONITORING_METRIC_PSEUDONYM_COUNT_ENCOUNTERNumber of encounter pseudonyms per target system.true
MONITORING_METRIC_PSEUDONYM_COUNT_REFERENCENumber of reference pseudonyms per target system.true
MONITORING_METRIC_DEPSN_COUNTNumber of DEPSN operations.true
MONITORING_SCHEDULING_ENABLEDIndicates if scheduling for multi gauge metrics is enabled.true
MONITORING_SCHEDULING_DELAYDelay in milliseconds for monitoring scheduling.1000
Template with default values
# Grafana admin password
GF_SECURITY_ADMIN_PASSWORD=

# Prometheus scrape interval
PROMETHEUS_GLOBAL_SCRAPE_INTERVAL=120s

############################################## Simple Gauge Metrics
# Number of patients
MONITORING_METRIC_RESOURCE_COUNT_PATIENT=true
# Number of encounter
MONITORING_METRIC_RESOURCE_COUNT_ENCOUNTER=true
# Number of other resources
MONITORING_METRIC_RESOURCE_COUNT_REFERENCE=true

############################################### Multi Gauge metrics

# Number of patient pseudonyms per target system
MONITORING_METRIC_PSEUDONYM_COUNT_PATIENT=true
# Number of encounter pseudonyms per target system
MONITORING_METRIC_PSEUDONYM_COUNT_ENCOUNTER=true
# Number of reference pseudonyms per target system
MONITORING_METRIC_PSEUDONYM_COUNT_REFERENCE=true
# Number of depsn operations
MONITORING_METRIC_DEPSN_COUNT=true

# Required for multi gauge metrics
MONITORING_SCHEDULING_ENABLED=true
MONITORING_SCHEDULING_DELAY=1000

Mail Service Configuration

NameDescriptionDefault Value
MAIL_SERVICE_ENABLEDEnable or disable mail service globally.false
MAIL_SERVICE_HOSTMail server host name, e.g. postout.lrz.de.-
MAIL_SERVICE_PORTMail server port, e.g. 587.-
MAIL_SERVICE_USERNAMEUsername associated with the mail server account.-
MAIL_SERVICE_PASSWORDPassword associated with the mail server account.-
MAIL_SERVICE_FROM_EMAILEmail address associated with the mail server account.-
MAIL_SERVICE_TO_EMAILRecipients; a list of email addresses in the correct format, separated by ‘,’, e.g. “user1@tum.de,user2@tum.de”.-
Template with default values
# Enable or disable mail service globally
MAIL_SERVICE_ENABLED=false
# Mail server host name, e.g. postout.lrz.de
MAIL_SERVICE_HOST=
# Mail server port, e.g. 587
MAIL_SERVICE_PORT=
# Username associated with the mail server account
MAIL_SERVICE_USERNAME=
# Password associated with the mail server account
MAIL_SERVICE_PASSWORD=
# Email address associated with the mail server account
MAIL_SERVICE_FROM_EMAIL=
# Recipients; a list of email addresses in the correct format, separated by ',', e.g. "user1@tum.de,user2@tum.de"
MAIL_SERVICE_TO_EMAIL=

Program Configuration

NameDescriptionDefault Value
SPRING_SECURITY_USER_NAMESpring security user name.-
SPRING_SECURITY_USER_PWSpring security password.-
TC_INTERFACE_CLIENT_SECRETClient secret of the Keycloak client trustcenter-interface. Needs to be looked up in the Keycloak server defined in KEYCLOAK_SERVER_NAME.-
PSN_PARALLELISM_LEVELNumber of parallel threads used for pseudonymization.
Minimum: 1
Maximum: \(0.5*num\_processors\)		8
Template with default values
#### Spring security user
SPRING_SECURITY_USER_NAME=

#### Spring security password
SPRING_SECURITY_USER_PW=

#### Client secret of the keycloak client 'trustcenter-interface'
# Needs to be looked up in the keycloak server defined in 'KEYCLOAK_SERVER_NAME'
TC_INTERFACE_CLIENT_SECRET=

#### Number of parallel threads used for pseudonymization
# Minimum: 1
# Default: 8
# Maximum: 0.5*#available processors
PSN_PARALLELISM_LEVEL=

Entity List Configuration

NameDescriptionDefault Value
LEVEL_1_PSNS_ENABLE_MASTERDATAFlag indicating whether to process masterdata.true
LEVEL_1_PSNS_LIMITLimit on the search result, the number of entries that will maximally be shown in the GUI.30
LEVEL_1_PSNS_ALPHABETSAlphabets used for pseudonym generation, e.g. “system-1:10:ABC;system-2:15:123ABC”.-
LEVEL_1_PSNS_DB_UNAMEDatabase username for Level-1 PSN Service.-
LEVEL_1_PSNS_DB_PWDatabase password for Level-1 PSN Service.-
LEVEL_1_PSNS_DB_ENC_PWEncryption password for the database in Level-1 PSN Service.-
LEVEL_1_PSNS_ENC_DEFAULT_CASE_ENABLEDFlag indicating whether pseudonyms should be encrypted by default if the target system is unknown.true
LEVEL_1_PSNS_ENC_TARGET_SYSTEMS_STRINGString containing target systems for which pseudonym encryption should be enabled or disabled.-
LEVEL_1_BF_ENABLEDFlag indicating if Bloomfilter is enabled.false
LEVEL_1_BF_BALANCED_SEEDBalanced seed for Bloomfilter.-
LEVEL_1_BF_BIRTH_DATE_SEEDBirth date seed for Bloomfilter.-
LEVEL_1_BF_BITS_PER_NGRAMBits per ngram for Bloomfilter.-
LEVEL_1_BF_FIRST_NAME_SEEDFirst name seed for Bloomfilter.-
LEVEL_1_BF_GENDER_SEEDGender seed for Bloomfilter.-
LEVEL_1_BF_LAST_NAME_SEEDLast name seed for Bloomfilter.-
LEVEL_1_BF_LENGTHLength of the Bloomfilter.-
Template with default values
###################################################################
###################### Level-1 PSN Service ########################
###################################################################

#### Flag indicating whether to process masterdata
# Note: In the default case, this flag should be set to 'true'. In that case, in addition
# to identifiers, patient masterdata will be stored. Only if this instance is to be used for
# second-level, or project-specific, pseudonymization, should this flag be set to 'false'.
LEVEL_1_PSNS_ENABLE_MASTERDATA=

#### Limit on the search result, the number of entries that will maximally be shown in the GUI
LEVEL_1_PSNS_SLIMIT=30

#### Alphabets used for pseudonym generation
# The string contains alphabets separated by ';'. The alphabets are comprised of the
# three components 'system', 'length' and 'chars' separated by ':'.
# Example: "system-1:10:ABC;system-2:15:123ABC"
LEVEL_1_PSNS_ALPHABETS=

############################ Database #############################

#### Username
LEVEL_1_PSNS_DB_UNAME=

#### Password
LEVEL_1_PSNS_DB_PW=

#### Encryption password
LEVEL_1_PSNS_DB_ENC_PW=

###################### Transport encryption #######################

#### Flag indicating whether pseudonyms (created from 'v1/process') should
# be encrypted by default. This flag applies to queries sent to 'v1/process' without specifying
# a target system or in case the target system is unknown.
# IF set to true, a public key 'default.pubkey' has to be provided in '/config/keys/entitylist'
LEVEL_1_PSNS_ENC_DEFAULT_CASE_ENABLED=true
#### String containing target system, for which pseudonym encryption should be enabled or disabled.
# Example: test-system;test-system-2 (systems have to be separated by semicolon.
# Important: IF a target system is specified here, a public key '<target-system>.pubkey' can be provided
# in '/config/keys/entitylist', which will then be used to encrypt the corresponding pseudonym. If no key
# is provided, encryption will be turned of for this target system.
LEVEL_1_PSNS_ENC_TARGET_SYSTEMS_STRING=

####################### Bloomfilter config ########################

LEVEL_1_BF_ENABLED=false
LEVEL_1_BF_BALANCED_SEED=
LEVEL_1_BF_BIRTH_DATE_SEED=
LEVEL_1_BF_BITS_PER_NGRAM=
LEVEL_1_BF_FIRST_NAME_SEED=
LEVEL_1_BF_GENDER_SEED=
LEVEL_1_BF_LAST_NAME_SEED=
LEVEL_1_BF_LENGTH=

Pseudonymization Service Configuration

NameDescriptionDefault Value
DOUBLE_PSEUDONYMIZATIONFlag indicating whether this instance should run with two-level pseudonymization.false
LEVEL_2_PSNS_LIMITLimit on the search result, the number of entries that will maximally be shown in the GUI.30
LEVEL_2_PSNS_ALPHABETSAlphabets used for pseudonym generation.-
LEVEL_2_PSNS_DB_UNAMEDatabase username for Level-2 PSN Service.-
LEVEL_2_PSNS_DB_PWDatabase password for Level-2 PSN Service.-
LEVEL_2_PSNS_DB_ENC_PWEncryption password for the database in Level-2 PSN Service.-
LEVEL_2_PSNS_ENC_DEFAULT_CASE_ENABLEDFlag indicating whether pseudonyms should be encrypted by default if the target system is unknown.true
LEVEL_2_PSNS_ENC_TARGET_SYSTEMS_STRINGString containing target systems for which pseudonym encryption should be enabled or disabled.-
Template with default values
###################################################################
###################### Level-2 PSN Service ########################
# Note: This whole section is only relevant, if one single trustcenter
# instance should perform 2-tier-pseudonymization (IDAT->PID, PID->PSN).
# In most cases, the remainder of the parameters can be omitted.
###################################################################

#### Flag indicating whether this instance should run with two-level pseudonymization
#### Set 'true' to enable. 'false' is default.
DOUBLE_PSEUDONYMIZATION=false

#### Limit on the search result, the number of entries that will maximally be shown in the GUI
LEVEL_2_PSNS_SLIMIT=30

#### Alphabets used for pseudonym generation
LEVEL_2_PSNS_ALPHABETS=

############################ Database #############################

#### Username
LEVEL_2_PSNS_DB_UNAME=

#### Password
LEVEL_2_PSNS_DB_PW=

#### Encryption password
LEVEL_2_PSNS_DB_ENC_PW=

###################### Transport encryption #######################

#### Flag indicating whether pseudonyms (created from 'v1/process') should
# be encrypted by default. This flag applies to queries sent to 'v1/process' without specifying
# a target system or in case the target system is unknown.
# IF set to true, a public key 'default.pubkey' has to be provided in '/config/keys/psns'
LEVEL_2_PSNS_ENC_DEFAULT_CASE_ENABLED=true
#### String containing target system, for which pseudonym encryption should be enabled or disabled.
# Example: test-system;test-system-2 (systems have to be separated by semicolon.
# Important: IF a target system is specified here, a public key '<target-system>.pubkey' can be provided
# in '/config/keys/psns', which will then be used to encrypt the corresponding pseudonym. If no key
# is provided, encryption will be turned of for this target system.
LEVEL_2_PSNS_ENC_TARGET_SYSTEMS_STRING=

Overview

NameAvailable since
VERSIONv3.0.0
LOG_LEVELv5.1.0
SERVER_NAMEv1.0.0
SERVER_PORTv1.0.0
KEYCLOAK_SERVER_NAMEv1.1.0
KEYCLOAK_SERVER_TYPEv1.1.0
KEYCLOAK_ADMIN_PWv1.2.1
DOCKER_REGISTRY_PREFIXv1.3.0
KEYCLOAK_CLIENT_CLIENT_ID_FOR_INTERFACEv4.0.0
KEYCLOAK_CLIENT_RESOURCE_ID_FOR_INTERFACEv4.0.0
KEYCLOAK_CLIENT_RESOURCE_ID_FOR_LEVEL_1_PSN_SERVICEv4.0.0
KEYCLOAK_CLIENT_RESOURCE_ID_FOR_LEVEL_1_DEPSN_SERVICEv4.0.0
KEYCLOAK_CLIENT_RESOURCE_ID_FOR_LEVEL_1_WEBAPPv4.0.0
KEYCLOAK_CLIENT_RESOURCE_ID_FOR_LEVEL_2_PSN_SERVICEv4.0.0
KEYCLOAK_CLIENT_RESOURCE_ID_FOR_LEVEL_2_DEPSN_SERVICEv4.0.0
KEYCLOAK_CLIENT_RESOURCE_ID_FOR_LEVEL_2_WEBAPPv4.0.0
GF_SECURITY_ADMIN_PASSWORDv5.0.0
PROMETHEUS_GLOBAL_SCRAPE_INTERVALv5.0.0
MONITORING_METRIC_RESOURCE_COUNT_PATIENTv5.0.0
MONITORING_METRIC_RESOURCE_COUNT_ENCOUNTERv5.0.0
MONITORING_METRIC_RESOURCE_COUNT_REFERENCEv5.0.0
MONITORING_METRIC_PSEUDONYM_COUNT_PATIENTv5.0.0
MONITORING_METRIC_PSEUDONYM_COUNT_ENCOUNTERv5.0.0
MONITORING_METRIC_PSEUDONYM_COUNT_REFERENCEv5.0.0
MONITORING_METRIC_DEPSN_COUNTv5.0.0
MONITORING_SCHEDULING_ENABLEDv5.0.0
MONITORING_SCHEDULING_DELAYv5.0.0
MAIL_SERVICE_ENABLEDv5.1.0
MAIL_SERVICE_HOSTv5.1.0
MAIL_SERVICE_PORTv5.1.0
MAIL_SERVICE_USERNAMEv5.1.0
MAIL_SERVICE_PASSWORDv5.1.0
MAIL_SERVICE_FROM_EMAILv5.1.0
MAIL_SERVICE_TO_EMAILv5.1.0
SPRING_SECURITY_USER_NAMEv1.1.0
SPRING_SECURITY_USER_PWv1.1.0
TC_INTERFACE_CLIENT_SECRETv1.1.0
PSN_PARALLELISM_LEVELv5.0.0
LEVEL_1_PSNS_ENABLE_MASTERDATAv1.1.0
LEVEL_1_PSNS_LIMITv1.1.0
LEVEL_1_PSNS_ALPHABETSv2.1.0
LEVEL_1_PSNS_DB_UNAMEv1.1.0
LEVEL_1_PSNS_DB_PWv1.1.0
LEVEL_1_PSNS_DB_ENC_PWv1.1.0
LEVEL_1_PSNS_ENC_DEFAULT_CASE_ENABLEDv3.0.0
LEVEL_1_PSNS_ENC_TARGET_SYSTEMS_STRINGv3.0.0
LEVEL_1_BF_ENABLEDv2.1.0
LEVEL_1_BF_BALANCED_SEEDv2.1.0
LEVEL_1_BF_BIRTH_DATE_SEEDv2.1.0
LEVEL_1_BF_BITS_PER_NGRAMv2.1.0
LEVEL_1_BF_FIRST_NAME_SEEDv2.1.0
LEVEL_1_BF_GENDER_SEEDv2.1.0
LEVEL_1_BF_LAST_NAME_SEEDv2.1.0
LEVEL_1_BF_LENGTHv2.1.0
DOUBLE_PSEUDONYMIZATIONv5.0.0
LEVEL_2_PSNS_LIMITv1.1.0
LEVEL_2_PSNS_ALPHABETSv2.1.0
LEVEL_2_PSNS_DB_UNAMEv1.1.0
LEVEL_2_PSNS_DB_PWv1.1.0
LEVEL_2_PSNS_DB_ENC_PWv1.1.0
LEVEL_2_PSNS_ENC_DEFAULT_CASE_ENABLEDv3.0.0
LEVEL_2_PSNS_ENC_TARGET_SYSTEMS_STRINGv3.0.0
Prev
API documentation
Next
Architecture