Server configuration

the configuration is read from system properties, environment variables, …​.

A comma separated list of gav to locate the components


Default value: ${home}/documentations. A component translation repository. This is where you put your documentation translations. Their name must follow the pattern documentation_${container-id}_language.adoc where ${container-id} is the component jar name (without the extension and version, generally the artifactId).


Default value: true. Should the component extensions add required dependencies.


If you deploy some extension, where they can create their dependencies if needed.


Default value: 180000. Timeout for extension initialization at startup, since it ensures the startup wait extensions are ready and loaded it allows to control the latency it implies.


A property file where the value is a gav of a component to register (complementary with coordinates)

Default value: true. Should the /documentation endpoint be activated. Note that when called on localhost the doc is always available.

Default value: true. Should the /api/v1/environment endpoint be activated. It shows some internal versions and git commit which are not always desirable over the wire.


Default value: -. Accepted tokens in Authorization header for remote calls to secured endpoints (/api/v1/environment or /documentation).


Default value: false. If set it will replace any message for exceptions. Set to false to use the actual exception message.


The local maven repository used to locate components and their dependencies


Default value: false. Should the all requests/responses be logged (debug purposes - only work when running with CXF).

Default value: securityNoopHandler. How to validate a command/request. Accepted values: securityNoopHandler.

Default value: securityNoopHandler. How to validate a connection. Accepted values: securityNoopHandler.


A folder available for the server - don’t forget to mount it in docker if you are using the image - which accepts subfolders named as component plugin id (generally the artifactId or jar name without the version, ex: jdbc). Each family folder can contain:

  • a file which will be merged with component configuration system (see services). This properties file enables the function userJar(xxxx) to replace the jar named xxxx by its virtual gav (groupId:artifactId:version),

  • a list of jars which will be merged with component family classpath


Default value: auto. Should the implicit artifacts be provisionned to a m2. If set to auto it tries to detect if there is a m2 to provision - recommended, if set to skip it is ignored, else it uses the value as a m2 path.

Configuration mechanism

The configuration uses Microprofile Config for most entries. It means it can be passed through system properties and environment variables (by replacing dots with underscores and making the keys uppercase).

To configure a Docker image rather than a standalone instance, Docker Config and secrets integration allow you to read the configuration from files. You can customize the configuration of these integrations through system properties, as described below in this document.

Also note that Docker integration provides a secure: support to encrypt values when required. it also works for system properties.

Docker Config


configuration location. Defaults to /.


file name prefixes to take into account. Defaults to nothing, which means that all prefixes but the common UNIx exclusions are taken into account.

For example, creating a / file makes its content available under the key.

Docker Secrets


secrets location. Defaults to /run/secrets.

For example, creating a /run/secrets/ file makes its content available under the key.

Secure values support

A security mechanism allows to use a ciphered value instead of a clear value for passing sensitive data (password, secret, token, etc.).

It relies on org.talend.sdk.component.configuration.converter.secured.ConfigurationMain, which allows you to:

  1. create a master_key file

  2. encrypt a value

  3. decrypt a value (for testing purposes)

A master password is stored and obfuscated in a master_key file. The algorithm AES/CBC/PKCS5Padding ciphers the value and encodes the result in base64. This mechanism allows to manage the value as plain text and easily pass it through all potential ways you can set the configuration.

The secure values support is managed through the org.talend.sdk.component:secured-string-converter artifact. You can find it for released versions on Central.

The command examples in the sections below assume you have set the alias in your profile:

alias tssc="java -cp secured-string-converter.jar org.talend.sdk.component.configuration.converter.secured.ConfigurationMain"

If it is not the case, replace tssc by the full command.

Generating the master key

To generate the master key, use the provided configuration in the org.talend.sdk.component:secured-string-converter artifact:

tssc --master-key /path/to/my_master_key [secret-value]
Set the talend.component.server.configuration.master_key.location system property on the server to ensure it uses this master key. Make sure that only the applications needing this key can read it.

Encrypting a value

To encrypt a value, use the provided configuration in the org.talend.sdk.component:secured-string-converter artifact:

tssc --encrypt /path/to/my_master_key my_credential_to_encrypt

Decrypting a value

To decrypt a value, use the provided configuration in the org.talend.sdk.component:secured-string-converter artifact:

tssc --decrypt /path/to/my_master_key secure:my_credential_to_encrypt
Scroll to top