Several services include configurable settings that can be customized. Below are the configuration values available for each service.

## How to update configuration

The configuration values can be changed by setting helm chart values while deploying the helm chart using `--set configuration.<Configuration Key>=<Configuration value>`. 
For example, to set `ASPNETCORE_SHUTDOWNTIMEOUTSECONDS` value to 90 seconds and set `RATELIMITING__MaxMessageCount` value to 300 messages, the helm command looks like below -

```
helm upgrade --install cdrplatform-sync-api cdrplatform-sync-api \
--set configuration.ASPNETCORE_SHUTDOWNTIMEOUTSECONDS=90 \
--set configuration.RATELIMITING__MaxMessageCount=300
```

## API Access

| Configuration Key | Description | Valid Values |
|--|--|--|
| ASPNETCORE_SHUTDOWNTIMEOUTSECONDS | Specifies the amount of time to wait for Web Host to shut down. | Any valid integer |
| AuthenticationScheme | Authentication Scheme for the API Access. | None, Bearer, Basic |
| Authentication__Schemes__Bearer__ValidAudiences__0 |  Valid audience for API Access when AuthenticationScheme is set to Bearer| Any valid string ( e.g. api://cdrplatform-api-access) |
| Authentication__Schemes__Bearer__ValidIssuer | Valid Issuer when AuthenticationScheme is set to Bearer | `https://sts.windows.net/\<tenant-id>/` |
| Authentication__Schemes__Bearer__Authority | Authority for the API Access  when AuthenticationScheme is set to Bearer | `https://login.microsoftonline.com/\<tenant-id>/v2.0/` |
| CLIENTS__Policy__BaseAddress | The base URL the proxy Policy Management API requests to | ```http://policy-api:8080``` |
| CLIENTS__License__BaseAddress | The base URL the proxy License Management API requests to| ```http://license-management.license-management.svc.cluster.local:8080``` |
| CLIENTS__SyncApi__BaseAddress | The base URL the proxy Sync API requests to | ```http://api:8080``` |
| CLIENTS__AsyncApi__BaseAddress | The base URL the proxy Async API requests to | ```http://async-api:8080``` |
| CLIENTS__IcapProfile__BaseAddress | The base URL to proxy ICAP Profile Management requests to | ```http://policy-api:8080``` |

## Sync API

| Configuration Key | Description | Valid Values |
|--|--|--|
| ASPNETCORE_SHUTDOWNTIMEOUTSECONDS | Specifies the amount of time to wait for Web Host to shut down. | Any valid integer |
| RATELIMITING__MaxMessageCount | The max number of messages allowed on the request queue before rate limiting kicks in  | Any valid integer |
| ARCHIVE__MaxLevel | Maximum layers of nested archives that will be processed [more info](/halo/glasswall-halo-archive-support) | Positive integer |
| ARCHIVE__MaxFileCount | Maximum file count allowed in an archive before failure [more info](/halo/glasswall-halo-archive-support) | Positive integer |
| ARCHIVE__MaxArchiveCount | Maximum nested archive count allowed in an archive before failure [more info](/halo/glasswall-halo-archive-support) | Positive integer |
| ARCHIVE__MaxUnpackedSizeBytes | Maximum allowed size of unpacked files from an archive before failure [more info](/halo/glasswall-halo-archive-support) | Positive integer (in bytes) |

## Engine

| Configuration Key | Description | Valid Values |
|--|--|--|
| DOTNET_SHUTDOWNTIMEOUTSECONDS | Specifies the amount of time to wait for Host to shut down. | Any valid integer |
| QUEUE__RetryLimit | Specifies the amount of times to retry Async requests | Any valid integer |
| ReversingLabs__Endpoint | ReversingLabs File Reputation API endpoint. | https://data.reversinglabs.com/api/databrowser/malware_presence/query |
| ReversingLabs__Timeout | Timeout in seconds used when contacting the ReversingLabs File Reputation API _(defaults to 100 seconds)_. | Any valid integer

## Portal Access

| Configuration Key | Description | Valid Values |
|--|--|--|
| AuthenticationScheme | Authentication Scheme for the Portal Access API | None, Bearer |
| Authentication__Schemes__Bearer__ValidAudiences__0 | Valid audience for Portal Access API. Set to the Application (client) ID of the `cdrplatform-portal-access` app registration. | Any valid string |
| Authentication__Schemes__Bearer__ValidIssuer | Valid issuer for the Portal Access API | `https://sts.windows.net/\<tenant-id>/` |
| Authentication__Schemes__Bearer__Authority | Authority  for the Portal Access API | `https://login.microsoftonline.com/\<tenant-id>/v2.0/` |
| REBUILD__RequireAuthenticatedUser | Determines whether users must be authenticated to perform rebuild requests. Defaults to false. | true/false |

## Portal

| Configuration Key | Description | Valid Values |
|--|--|--|
| BackendUrl | Domain of the CDR Platform API | https://\<domain-name> (A valid string) |
| OIDC.ProviderOptions.Authority | Authority  for the Portal service | `https://login.microsoftonline.com/\<tenant-id>/v2.0` |
| OIDC.ProviderOptions.ClientId | Client ID of the Portal App registration (cdrplatform-portal-client) | A valid string |
| OIDC.ProviderOptions.RedirectUri | Redirect URI after SSO Login | `https://\<domain-name>/authentication/login-callback` |
| OIDC.ProviderOptions.PostLogoutRedirectUri | Redirect URI after Logout | `https://\<domain-name>/authentication/logout-callback` |
| REBUILD.RequireAuthenticatedUser | Determines whether users must be authenticated access the "Clean a file" page. Defaults to false. | true/false |

## License Management
| Configuration Key | Description | Valid Values |
|--|--|--|
| ASPNETCORE_SHUTDOWNTIMEOUTSECONDS | Specifies the amount of time to wait for Web Host to shut down. | Any valid integer |
| DATABASE__Provider | The database provider used for caching purposes | Mongo / Cosmos |
| DATABASE__DatabaseName | The name of the database which will be created in Mongo / Cosmos | A valid string depending on provider | |
| DATABASE__ConnectionString | Connection string to the Mongo or Cosmos database | A valid connection string for the configured provider |

## Cleanup
| Configuration Key | Description | Valid Values |
|--|--|--|
| DOTNET_SHUTDOWNTIMEOUTSECONDS | Specifies the amount of time to wait for Host to shut down. | Any valid integer |
| CleanupAmount | Specifies the amount of files to clean up per cron job. This can be set via `--set cron.CleanupAmount=5000`| Any valid integer |
| maxAge | Specifies the max age of files to keep in storage. This can be set via `--set cron.maxAge=01.00:00:00` | Any valid Timespan |
| schedule | Specifies the cron schedule for the cleanup cron job to run on. This can be set via `--set cron.schedule=0 */1 * * *` | Any valid cron schedule expression |  

## ICAP

| Configuration Key | Description | Valid Values |
|--|--|--|
| ASPNETCORE_SHUTDOWNTIMEOUTSECONDS | Specifies the amount of time to wait for Host to shut down. | Any valid integer |
| ICAP__ServiceHeader | An Identifier that gets inserted into ICAP headers.  | Any valid string, defaults to 'Glasswall ICAP Server 1.0"' |
| ICAP__OptionsTTL | The amount of time in seconds which an ICAP options response sent by the server is valid to the icap client. | Any valid integer that the icap client supports |
| ICAP__IdleTimeout | Defaults to infinite. Sets a deadline indicating how long the client must take before the server will end the connection | A valid timespan e.g 00:00:30 |
| CACHE__MaxSizeInMb | The amount of data in megabytes which the ICAP server will store inside its cache for rebuilt files | Defaults to 1Gb "1000" |
| DATABASE__Provider | The database provider used for caching purposes | Mongo / Cosmos |
| DATABASE__DatabaseName | The name of the database which will be created in Mongo / Cosmos | A valid string depending on provider | |
| DATABASE__ConnectionString | Connection string to the Mongo or Cosmos database | A valid connection string for the configured provider |
| CERTIFICATE__VerificationFlags | Flags used to customize certificate chain verification in the ICAP server. Please see [X509VerificationFlags](https://learn.microsoft.com/en-us/dotnet/api/system.security.cryptography.x509certificates.x509verificationflags?view=net-8.0) for an explanation of the verification flags. | A valid integer within the enum range |
| PROFILE__UseFallback | Boolean flag that indicates whether or not to use a fallback profile when the Policy API cannot be contacted. | 'true' to enable the fallback profile or 'false' to disable it. By default, this is 'false' |

## Async API
| Configuration Key | Description | Valid Values |
|--|--|--|
| ASPNETCORE_SHUTDOWNTIMEOUTSECONDS | Specifies the amount of time to wait for Web Host to shut down. | Any valid integer |
| ARCHIVE__MaxLevel | Maximum layers of nested archives that will be processed [more info](/halo/glasswall-halo-archive-support) | Positive integer |
| ARCHIVE__MaxFileCount | Maximum file count allowed in an archive before failure [more info](/halo/glasswall-halo-archive-support) | Positive integer |
| ARCHIVE__MaxArchiveCount | Maximum nested archive count allowed in an archive before failure [more info](/halo/glasswall-halo-archive-support) | Positive integer |
| ARCHIVE__MaxUnpackedSizeBytes | Maximum allowed size of unpacked files from an archive before failure [more info](/halo/glasswall-halo-archive-support) | Positive integer (in bytes) |
| DATABASE__Provider | Specifies which Database provider to use when storing Async Requests | `Mongo`, `Cosmos` (Defaults to `Mongo`) |
| DATABASE__DatabaseName | The name of the database which will be created in Mongo / Cosmos | A valid string depending on provider | |
| DATABASE__ConnectionString | Connection string to the Mongo or Cosmos database | A valid connection string for the configured provider |
| QUEUE__MessageDelayInMs | Time in Milliseconds before the result of an ASYNC request is cleaned up. This should be set lower than the maxAge Timespan of the Cleanup service. | Any valid positive integer. The maximum value is `(2^32)-1 milliseconds` which is just under 50 days. |

## Tally Accumulator
| Configuration Key | Description | Valid Values |
|--|--|--|
| DATABASE__Provider | Specifies which Database provider to use when storing Async Requests | `Mongo`, `Cosmos` (Defaults to `Mongo`) |
| DATABASE__DatabaseName | The name of the database which will be created in Mongo / Cosmos | A valid string depending on provider | |
| DATABASE__ConnectionString | Connection string to the Mongo or Cosmos database | A valid connection string for the configured provider |

## Policy API
| Configuration Key | Description | Valid Values |
|--|--|--|
| DATABASE__Provider | Specifies which Database provider to use when storing Async Requests | `Mongo`, `Cosmos` (Defaults to `Mongo`) |
| DATABASE__DatabaseName | The name of the database which will be created in Mongo / Cosmos | A valid string depending on provider | |
| DATABASE__ConnectionString | Connection string to the Mongo or Cosmos database | A valid connection string for the configured provider |

## Metrics Collation (Deprecated)
> As of version 2.6.2 of Halo, the Metrics Collation service is no longer required.

| Configuration Key | Description | Valid Values |
|--|--|--|
| DATABASE__Provider | Specifies which Database provider to use when storing Async Requests | `Mongo`, `Cosmos` (Defaults to `Mongo`) |
| DATABASE__DatabaseName | The name of the database which will be created in Mongo / Cosmos | A valid string depending on provider | |
| DATABASE__ConnectionString | Connection string to the Mongo or Cosmos database | A valid connection string for the configured provider |

## Metrics Projection
| Configuration Key | Description | Valid Values |
|--|--|--|
| DATABASE__Provider | Specifies which Database provider to use when storing Async Requests | `Mongo`, `Cosmos` (Defaults to `Mongo`) |
| DATABASE__DatabaseName | The name of the database which will be created in Mongo / Cosmos | A valid string depending on provider | |
| DATABASE__ConnectionString | Connection string to the Mongo or Cosmos database | A valid connection string for the configured provider |

## Storage Monitor
| Configuration Key | Description | Valid Values |
|--|--|--|
| DATABASE__Provider | Specifies which Database provider to use when storing monitor data | `Mongo`, `Cosmos` (Defaults to `Mongo`) |
| DATABASE__DatabaseName | The name of the database which will be created in Mongo / Cosmos | A valid string depending on provider |
| DATABASE__ConnectionString | Connection string to the Mongo or Cosmos database | A valid connection string for the configured provider |
| GRAPHAPI__ClientId | Client ID for Microsoft Graph API authentication | A valid GUID |
| GRAPHAPI__ClientSecret | Client secret for Microsoft Graph API authentication | A valid secret string |
| GRAPHAPI__TenantId | Tenant ID for Microsoft Graph API authentication | A valid GUID |
| GRAPHAPI__MonitorValidationDelay | Delay before validating Graph API monitor subscriptions | A valid timespan (Defaults to `00:00:30`) |
| GRAPHAPI__SubscriptionDuration | Duration for Graph API subscriptions before auto-renewal | A valid timespan (Defaults to `2.00:00:00`) |
| GRAPHAPI__TenantName | The name of the Azure tenant used by Graph API | A valid tenant name - e.g `Glasswall` |
| CLIENTS__SyncApi__Timeout | Timeout for calls to the Sync API | A valid timespan (Defaults to `00:03:00`) |
| ENABLE_OUTLOOK_BANNER | Enables or disables the Outlook banner feature | `true`, `false` (Defaults to `false`) |
| EXCHANGEONLINE__AppId | Application ID for Exchange Online authentication | A valid GUID - Required if `ENABLE_OUTLOOK_BANNER` is set to `true` |
| EXCHANGEONLINE__Organization | The Exchange Online organization domain | A valid `.onmicrosoft.com` domain - Required if `ENABLE_OUTLOOK_BANNER` is set to `true` |
| EXCHANGEONLINE__DistributionGroupName | Name given to the distribution group created in Exchange Online | A valid string (Defaults to `GWStorageMonitoringUsers`) |
| EXCHANGEONLINE__TransportRuleName | Name given to the mail flow rule which will apply the banner to those in the distribution group | A valid string (Defaults to `Glasswall Attachment Processing Notice`)|
| EXCHANGEONLINE__DistributionListSyncHaloUri | Base URI for the Storage Monitor's API for retrieving monitors | A valid URI (Defaults to `http://localhost:8080` - The Storage Monitor's default HTTP port) |
| EXCHANGEONLINE__DistributionListSyncCronSchedule | Schedule for the Monitor/Banner sync job to run on | A valid cron expression (Defaults to `0 */3 * * *` or `At the beginning of every 3rd hour`) |
| MONITORING__BlockUnprocessedAttachments | Whether to block Email attachments in Outlook that have not been processed | `true`, `false` (Defaults to `true`) |
| MONITORING__ProcessUnsupportedExtensions | Specifies whether to send files with unsupported file type extensions to the Sync API for processing | `true`, `false` |
| MONITORING__HealthcheckCronSchedule | Cron schedule for running health checks | A valid cron expression (Defaults to `0 */3 * * *` or `At the beginning of every 3rd hour`) |
| MONITORING__MaxDegreeOfParallelism | Maximum number of parallel monitoring operations | A positive integer (Defaults to `5`) |
| MONITORING__MonitorLastSeenThreshold | Threshold duration after which a monitor is considered inactive | A valid timespan (Defaults to `03:00:00`) |