• TOC

Service configuration structure

The recommended configuration format is YAML. The below sections describe the officially supported configuration options that influence various aspects of the service functionality. The service may support options other than the ones listed below, but those are not a part of the public API and may be changed or deleted at any time.


AA uses a standard server.port property to configure the port to expose the REST API at.

  port: <integer>   # Server port used to expose the REST API at


The below parameters configure AA’s connection to NATS.

NOTE For security reasons NATS username and password are sourced from the environment variables.

  urls: <comma separated list of URL>   # NATS connection URLs. 'nats://nats:4222' by default.

Management / Logging

To control the AA management interface, use the following configuration options.

  debug: <boolean>        # Enables debug level logging, false by default (disabled).
    disabled: <boolean>   # Disables the monitoring interface entirely. False by default (enabled).

Data persistence interface

AA uses [PostgreSQL][postgresql] for persisting actions and their webhooks.

    host: <string>        # PostgreSQL host. PostgreSQL host. "aa-postgresql" by default. Also can be set with the KAA_POSTGRESQL_HOST environment variable.
    port: <string>        # PostgreSQL port. 5432 by default. Also can be set with the KAA_POSTGRESQL_PORT environment variable.
    username: <string>    # PostgreSQL user. "aa" by default. Also can be set with the KAA_POSTGRESQL_USERNAME environment variable.
    password: <string>    # PostgreSQL password. "aa" by default. Also can be set with the KAA_POSTGRESQL_PASSWORD environment variable.
    database: <string>    # PostgreSQL database. "aa" by default. Also can be set with the KAA_POSTGRESQL_DATABASE environment variable.
    sslMode: <string>     # PostgreSQL SSL mode ("disable", "require", "verify-ca", "verify-full"). "disable" by default. Also can be set with the KAA_POSTGRESQL_SSL_MODE environment variable.
    max-open-connections: <int>   # Maximum number of open connections to PostgreSQL. 100 by default. Also can be set with the KAA_POSTGRESQL_MAX_OPEN_CONNECTIONS environment variable.

Authentication, authorization, and multi-tenancy

AA’s REST API security is implemented according to [OAuth2][oauth2] protocol with a UMA profile. Authentication and authorization is handled within the scope of a given Kaa tenant. Each tenant has a separate OAuth 2.0 issuer, managed by [the Kaa Tenant Manager][TM]. When multi-tenancy is disabled, all authentication and authorization is conducted in the default system tenant (“kaa”).

AA security is controlled with the following configuration options (for security reasons it is advised to set these via environment variables).

    enabled: <boolean>      # Enables authentication and authorization. False by default.
    client-id: <string>     # Client ID for making requests in the system tenant scope.
    client-secret: <string> # Client secret for making requests in the system tenant scope.
      public-url: <string>  # OAuth 2.0 issuer public URL for the system tenant ("kaa").
      private-url: <string> # OAuth 2.0 issuer private URL for the system tenant ("kaa").
      enabled: <boolean>    # Enables multitenancy via integration with the Kaa Tenant Manager. Only effective when is set to true. False by default.
        url: <string>       # URL of the Kaa Tenant Manager that provides security configurations for tenants. "http://tenant-manager" by default.


AA supports integration with Kaa Tekton for centralized application configuration management. The below configuration options set up the integration interface.

    enabled: <boolean>  # Enables Tekton integration. False by default.
    url: <string>       # URL of the Tekton service. "http://tekton" by default.

Default configuration

Summarizing the above, the default AA configuration is as follows. Note that no Kaa service instances are defined by default—you have to configure those for any specific Kaa-based solution.

  port: 80

  urls: nats://nats:4222

  debug: true
    disabled: false

    host: aa-postgresql
    port: 5432
    username: aa
    password: aa
    database: aa
    sslMode: disable
    max-open-connections: 100

    enabled: false

    enabled: false
    url: https://tekton