rel/overlay/etc/default.ini

; Upgrading CouchDB will overwrite this file.
[vendor]
name = {{package_author_name}}

[couchdb]
uuid = {{uuid}}
; util_driver_dir =
; plugin_dir =
;os_process_timeout = 5000 ; 5 seconds. for view servers.
;max_dbs_open = 500
; Default security object for databases if not explicitly set
; everyone - same as couchdb 1.0, everyone can read/write
; admin_only - only admins can read/write
; admin_local - sharded dbs on :5984 are read/write for everyone,
;               local dbs on :5986 are read/write for admins only
;default_security = admin_only
; maintenance_mode = false
; uri_file =
; The speed of processing the _changes feed with doc_ids filter can be
; influenced directly with this setting - increase for faster processing at the
; expense of more memory usage.
;changes_doc_ids_optimization_threshold = 100
;
; Maximum database name length. The default setting is chosen for CouchDB < 4.x
; compatibility, where it was determined by the maximum file name size. On most
; current file systems that is 255, and with timestamp and ".couch" extension
; subtracted it ends up as 238.
;max_database_name_length = 238
;
; Maximum document ID length. Can be set to an integer or 'infinity'.
;max_document_id_length = infinity
;
; Limit maximum document size. Requests to create / update documents with a body
; size larger than this will fail with a 413 http error. This limit applies to
; requests which update a single document as well as individual documents from
; a _bulk_docs request. The size limit is approximate due to the nature of JSON
; encoding.
max_document_size = 8000000 ; bytes
;
; Maximum number of documents in a _bulk_docs request. Anything larger
; returns a 413 error for the whole request
;max_bulk_docs_count = 10000
;
; Maximum number of documents in a _bulk_get request. Anything larger
; returns a 413 error for the whole request
;max_bulk_get_count = 10000
;
; Maximum attachment size.
; max_attachment_size = infinity
;
; Enable this to only "soft-delete" databases when DELETE /{db} requests are
; made. This will place a .recovery directory in your data directory and
; move deleted databases/shards there instead. You can then manually delete
; these files later, as desired.
;enable_database_recovery = false
;
; Allow edits on the _security object in the user db. By default, it's disabled.
;users_db_security_editable = false

[chttpd]
; These settings affect the main, clustered port (5984 by default).
port = {{cluster_port}}
bind_address = 127.0.0.1
;backlog = 512
;socket_options = [{sndbuf, 262144}, {nodelay, true}]
;server_options = [{recbuf, undefined}]
;require_valid_user = false
; require_valid_user_except_for_up = false
; List of headers that will be kept when the header Prefer: return=minimal is included in a request.
; If Server header is left out, Mochiweb will add its own one in.
;prefer_minimal = Cache-Control, Content-Length, Content-Range, Content-Type, ETag, Server, Transfer-Encoding, Vary
;
; Limit maximum number of databases when tying to get detailed information using
; _dbs_info in a request
;max_db_number_for_dbs_info_req = 100

; set to true to delay the start of a response until the end has been calculated
;buffer_response = false

; authentication handlers
; authentication_handlers = {chttpd_auth, cookie_authentication_handler}, {chttpd_auth, default_authentication_handler}
; uncomment the next line to enable proxy authentication
; authentication_handlers = {chttpd_auth, proxy_authentication_handler}, {chttpd_auth, cookie_authentication_handler}, {chttpd_auth, default_authentication_handler}
; uncomment the next line to enable JWT authentication
; authentication_handlers = {chttpd_auth, jwt_authentication_handler}, {chttpd_auth, cookie_authentication_handler}, {chttpd_auth, default_authentication_handler}

; prevent non-admins from accessing /_all_dbs
; admin_only_all_dbs = true

; These options are moved from [httpd]
;secure_rewrites = true
;allow_jsonp = false

;enable_cors = false
;enable_xframe_options = false

; CouchDB can optionally enforce a maximum uri length;
;max_uri_length = 8000

;changes_timeout = 60000
;config_whitelist =
;rewrite_limit = 100
;x_forwarded_host = X-Forwarded-Host
;x_forwarded_proto = X-Forwarded-Proto
;x_forwarded_ssl = X-Forwarded-Ssl

; Maximum allowed http request size. Applies to both clustered and local port.
;max_http_request_size = 4294967296 ; 4GB

;[jwt_auth]
; List of claims to validate
; can be the name of a claim like "exp" or a tuple if the claim requires
; a parameter
; required_claims = exp, {iss, "IssuerNameHere"}
; roles_claim_name = https://example.com/roles
;
; [jwt_keys]
; Configure at least one key here if using the JWT auth handler.
; If your JWT tokens do not include a "kid" attribute, use "_default"
; as the config key, otherwise use the kid as the config key.
; Examples
; hmac:_default = aGVsbG8=
; hmac:foo = aGVsbG8=
; The config values can represent symmetric and asymmetrics keys.
; For symmetrics keys, the value is base64 encoded;
; hmac:_default = aGVsbG8= # base64-encoded form of "hello"
; For asymmetric keys, the value is the PEM encoding of the public
; key with newlines replaced with the escape sequence \n.
; rsa:foo = -----BEGIN PUBLIC KEY-----\nMIIBIjAN...IDAQAB\n-----END PUBLIC KEY-----\n
; ec:bar = -----BEGIN PUBLIC KEY-----\nMHYwEAYHK...AzztRs\n-----END PUBLIC KEY-----\n

[httpd]
port = {{backend_port}}
bind_address = 127.0.0.1
;authentication_handlers = {couch_httpd_auth, cookie_authentication_handler}, {couch_httpd_auth, default_authentication_handler}

; Options for the MochiWeb HTTP server.
;server_options = [{backlog, 128}, {acceptor_pool_size, 16}]
; For more socket options, consult Erlang's module 'inet' man page.
;socket_options = [{recbuf, undefined}, {sndbuf, 262144}, {nodelay, true}]
;socket_options = [{sndbuf, 262144}]

; These settings were moved to [chttpd]
; secure_rewrites, allow_jsonp, enable_cors, enable_xframe_options,
; max_uri_length, changes_timeout, config_whitelist, rewrite_limit,
; x_forwarded_host, x_forwarded_proto, x_forwarded_ssl, max_http_request_size

[ssl]
;port = 6984

[chttpd_auth]
;authentication_db = _users

; These options are moved from [couch_httpd_auth]
;authentication_redirect = /_utils/session.html
;require_valid_user = false
;timeout = 600 ; number of seconds before automatic logout
;auth_cache_size = 50 ; size is number of cache entries
;allow_persistent_cookies = true ; set to false to disallow persistent cookies
;iterations = 10 ; iterations for password hashing
;min_iterations = 1
;max_iterations = 1000000000
;password_scheme = pbkdf2
; List of Erlang RegExp or tuples of RegExp and an optional error message.
; Where a new password must match all RegExp.
; Example: [{".{10,}", "Password min length is 10 characters."}, "\\d+"]
;password_regexp = []
;proxy_use_secret = false
; comma-separated list of public fields, 404 if empty
;public_fields =
;secret =
;users_db_public = false
;cookie_domain = example.com
; Set the SameSite cookie property for the auth cookie. If empty, the SameSite property is not set.
;same_site =

; [chttpd_auth_cache]
; max_lifetime = 600000
; max_objects =
; max_size = 104857600

; [fabric]
; Custom FDB directory prefix. All the nodes of the same CouchDB instance
; should have a matching directory prefix in order to read and write the same
; data. Changes to this value take effect only on node start-up.
;fdb_directory = couchdb
;
; Enable or disable index auto-updater
;index_updater_enabled = true
;
; How long to wait from the first db update event until index building is
; triggered.
;index_updater_delay_msec = 60000
;
; How often to check if databases may need their indices updated.
;index_updater_resolution_msec = 10000
;
; Enable or disable automatic stale index removal in the auto-updater
;index_updater_remove_old_indices = false
;
; Byte size of binary chunks written to FDB values. Defaults to FDB max limit.
;binary_chunk_size = 100000
;
; Bulk docs transaction batch size in bytes
;update_docs_batch_size = 2500000

[couch_httpd_auth]
; WARNING! This only affects the node-local port (5986 by default).
; You probably want the settings under [chttpd].
;authentication_db = _users

; These settings were moved to [chttpd_auth]
; authentication_redirect, require_valid_user, timeout,
; auth_cache_size, allow_persistent_cookies, iterations, min_iterations,
; max_iterations, password_scheme, password_regexp, proxy_use_secret,
; public_fields, secret, users_db_public, cookie_domain, same_site

; Settings for view indexing
[couch_views]
; Enable custom reduce functions
;custom_reduce_enabled = true

; Maximum acceptors waiting to accept view indexing jobs
;max_acceptors = 5
;
; Maximum number of view indexing workers
;max_workers = 100
;
; The maximum allowed key size emitted from a view for a document (in bytes)
;key_size_limit = 8000
;
; The maximum allowed value size emitted from a view for a document (in bytes)
;value_size_limit = 64000
;
; The maximum size of B+Tree nodes used by the id btree
;id_btree_node_size = 100
;
; The maximum size of B+Tree nodes used by view btrees
;view_btree_node_size = 100

; Batch size sensing parameters
;
; Initial batch size in number of documents
;batch_initial_size = 100
;
; Size change when searching for the threshold
;batch_search_increment = 500
;
; Size change increment after hitting a threshold
;batch_sense_increment = 100
;
; Maximum transaction size in bytes
;batch_max_tx_size_bytes = 9000000
;
; Maximum transaction time used by the view indexer in
; milliseconds. This value should be set such that the indexing
; transaction GRVs would live long enough for clients waiting on the
; indexer to have be able re-use the same GRVs to emit include_docs
; bodies.
;batch_max_tx_time_msec = 1500
;
; Amount to reduce batch size when crossing a threshold;
;batch_thresold_penalty = 0.2

; Set the FDB transaction retry limit applied to the main indexing transaction
; for retriable errors. These errors include 1007 (transaction_too_old), 1020
; (commit conflict) and others. This value overrides the retry_limit setting
; from fdb transaction settings in the [fdb_tx_options] section. Setting this
; value may interfere with the batching algorithm as it's designed to adjust
; the batch size in response to erlfdb errors. A too large a value, would
; re-run the same transaction too many times in a row wasting resources.
; However, the value shouldn't be too small as in some cases the errors are
; recoverable such as when the FDB server fast-forwards time during the
; transaction system recovery.
;
;indexer_tx_retry_limit = 5

; CSP (Content Security Policy) Support for _utils
[csp]
;enable = true
; header_value = default-src 'self'; img-src 'self'; font-src *; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline';

[cors]
;credentials = false
; List of origins separated by a comma, * means accept all
; Origins must include the scheme: http://example.com
; You can't set origins: * and credentials = true at the same time.
;origins = *
; List of accepted headers separated by a comma
; headers =
; List of accepted methods
; methods =

; Configuration for a vhost
;[cors:http://example.com]
; credentials = false
; List of origins separated by a comma
; Origins must include the scheme: http://example.com
; You can't set origins: * and credentials = true at the same time.
;origins =
; List of accepted headers separated by a comma
; headers =
; List of accepted methods
; methods =

; Configuration for the design document cache
;[ddoc_cache]
; The maximum size of the cache in bytes
;max_size = 104857600 ; 100MiB
; The period each cache entry should wait before
; automatically refreshing in milliseconds
;refresh_timeout = 67000

[x_frame_options]
; Settings same-origin will return X-Frame-Options: SAMEORIGIN.
; If same origin is set, it will ignore the hosts setting
; same_origin = true
; Settings hosts will return X-Frame-Options: ALLOW-FROM https://example.com/
; List of hosts separated by a comma. * means accept all
; hosts =

[native_query_servers]
; erlang query server
; enable_erlang_query_server = false

; Changing reduce_limit to false will disable reduce_limit.
; If you think you're hitting reduce_limit with a "good" reduce function,
; please let us know on the mailing list so we can fine tune the heuristic.
[query_server_config]
; commit_freq = 5
;reduce_limit = true
;os_process_limit = 100
; os_process_idle_limit = 300
; os_process_soft_limit = 100
; Timeout for how long a response from a busy view group server can take.
; "infinity" is also a valid configuration value.
;query_limit = 268435456
;partition_query_limit = 268435456

[couch_eval.languages]
; The list of modules that implement the couch_eval
; beahvior for executing provided code in design
; documents.
;javascript = couch_js
;query = mango_eval

[mango]
; Set to true to disable the "index all fields" text index, which can lead
; to out of memory issues when users have documents with nested array fields.
;index_all_disabled = false
; Default limit value for mango _find queries.
;default_limit = 25
; Ratio between documents scanned and results matched that will
; generate a warning in the _find response. Setting this to 0 disables
; the warning.
;index_scan_warning_threshold = 10

[feature_flags]
; This enables any database to be created as a partitioned databases (except system db's).
; Setting this to false will stop the creation of paritioned databases.
; paritioned||allowed* = true will scope the creation of partitioned databases
; to databases with 'allowed' prefix.
; partitioned||* = true

[uuids]
; Known algorithms:
;   random - 128 bits of random awesome
;     All awesome, all the time.
;   sequential - monotonically increasing ids with random increments
;     First 26 hex characters are random. Last 6 increment in
;     random amounts until an overflow occurs. On overflow, the
;     random prefix is regenerated and the process starts over.
;   utc_random - Time since Jan 1, 1970 UTC with microseconds
;     First 14 characters are the time in hex. Last 18 are random.
;   utc_id - Time since Jan 1, 1970 UTC with microseconds, plus utc_id_suffix string
;     First 14 characters are the time in hex. uuids/utc_id_suffix string value is appended to these.
;algorithm = sequential
; The utc_id_suffix value will be appended to uuids generated by the utc_id algorithm.
; Replicating instances should have unique utc_id_suffix values to ensure uniqueness of utc_id ids.
;utc_id_suffix =
# Maximum number of UUIDs retrievable from /_uuids in a single request
;max_count = 1000

[attachments]
;compression_level = 8 ; from 1 (lowest, fastest) to 9 (highest, slowest), 0 to disable compression
;compressible_types = text/*, application/javascript, application/json, application/xml

[replicator]
; Number of actively running replications per replication backend node
;max_jobs = 500

; Scheduling interval in seconds
;interval_sec = 15

; Maximum number of replications to start and stop during rescheduling.
;max_churn = 100

; Max number of acceptors running per node. If they are available job slots
; left then up to these many acceptors are kept open.
;max_acceptors = 2

; The amount of jitter (in milliseconds) to apply to replication job acceptors.
; This will allow multiple acceptors to avoid generating too many transaction
; conflicts on busy clusters.
;accept_jitter = 2000

; Minimum time in seconds replication jobs will be left running before being
; rotated when all the schedule slots are filled. This migth be useful if
; max_jobs is very low, but jobs should be left running long enough to make at
; least some progress before being replaced
;min_run_time_sec = 60

; Health threshold is the minimum amount of time an unhealthy job should run
; crashing before it is considered to be healthy again.
;health_threshold_sec = 120

; These are applied when jobs are pentalized after repeatedly crashing. On
; first error the minimum value is applied. Then the penalty is doubled, but
; only up to the maximum value.
;min_backoff_penalty_sec = 32
;max_backoff_penalty_sec = 172800

; How many per-job history events to keep
;max_history = 10

; More worker processes can give higher network throughput but can also
; imply more disk and network IO.
;worker_processes = 4

; With lower batch sizes checkpoints are done more frequently. Lower batch sizes
; also reduce the total amount of used RAM memory.
;worker_batch_size = 500

; Maximum number of HTTP connections per replication.
;http_connections = 20

; HTTP connection timeout per replication.
; Even for very fast/reliable networks it might need to be increased if a remote
; database is too busy.
;connection_timeout = 30000

; Request timeout
;request_timeout = infinity
; If a request fails, the replicator will retry it up to N times.
;retries_per_request = 5

; Use checkpoints
;use_checkpoints = true

; Checkpoint interval
;checkpoint_interval = 30000

; Some socket options that might boost performance in some scenarios:
;       {nodelay, boolean()}
;       {sndbuf, integer()}
;       {recbuf, integer()}
;       {priority, integer()}
; See the `inet` Erlang module's man page for the full list of options.
;socket_options = [{keepalive, true}, {nodelay, false}]

; Path to a file containing the user's certificate.
;cert_file = /full/path/to/server_cert.pem

; Path to file containing user's private PEM encoded key.
;key_file = /full/path/to/server_key.pem

; String containing the user's password. Only used if the private keyfile is password protected.
;password = somepassword

; Set to true to validate peer certificates.
;verify_ssl_certificates = false

; File containing a list of peer trusted certificates (in the PEM format).
;ssl_trusted_certificates_file = /etc/ssl/certs/ca-certificates.crt

; Maximum peer certificate depth (must be set even if certificate validation is off).
;ssl_certificate_max_depth = 3

; Maximum document ID length for replication.
;max_document_id_length = infinity

; How much time to wait before retrying after a missing doc exception. This
; exception happens if the document was seen in the changes feed, but internal
; replication hasn't caught up yet, and fetching document's revisions
; fails. This a common scenario when source is updated while continous
; replication is running. The retry period would depend on how quickly internal
; replication is expected to catch up. In general this is an optimisation to
; avoid crashing the whole replication job, which would consume more resources
; and add log noise.
;missing_doc_retry_msec = 2000

; List of replicator client authentication plugins to try. Plugins will be
; tried in order. The first to initialize successfully will be used for that
; particular endpoint (source or target). Normally couch_replicator_auth_noop
; would be used at the end of the list as a "catch-all". It doesn't do anything
; and effectively implements the previous behavior of using basic auth.
; There are currently two plugins available:
;   couch_replicator_auth_session - use _session cookie authentication
;   couch_replicator_auth_noop - use basic authentication (previous default)
; Currently, the new _session cookie authentication is tried first, before
; falling back to the old basic authenticaion default:
;auth_plugins = couch_replicator_auth_session,couch_replicator_auth_noop
; To restore the old behaviour, use the following value:
;auth_plugins = couch_replicator_auth_noop

; Force couch_replicator_auth_session plugin to refresh the session
; periodically if max-age is not present in the cookie. This is mostly to
; handle the case where anonymous writes are allowed to the database and a VDU
; function is used to forbid writes based on the authenticated user name. In
; that case this value should be adjusted based on the expected minimum session
; expiry timeout on replication endpoints. If session expiry results in a 401
; or 403 response this setting is not needed.
;session_refresh_interval_sec = 550

[log]
; Possible log levels:
;  debug
;  info
;  notice
;  warning, warn
;  error, err
;  critical, crit
;  alert
;  emergency, emerg
;  none
;
;level = info
;
; Set the maximum log message length in bytes that will be
; passed through the writer
;
; max_message_size = 16000
;
; Do not log last message received by terminated process
; strip_last_msg = true
;
; List of fields to remove before logging the crash report
; filter_fields = [pid, registered_name, error_info, messages]
;
; There are four different log writers that can be configured
; to write log messages. The default writes to stderr of the
; Erlang VM which is useful for debugging/development as well
; as a lot of container deployments.
;
; There's also a file writer that works with logrotate, a
; rsyslog writer for deployments that need to have logs sent
; over the network, and a journald writer that's more suitable
; when using systemd journald.
;
;writer = stderr
; Journald Writer notes:
;
; The journald writer doesn't have any options. It still writes
; the logs to stderr, but without the timestamp prepended, since
; the journal will add it automatically, and with the log level
; formated as per
; https://www.freedesktop.org/software/systemd/man/sd-daemon.html
;
;
; File Writer Options:
;
; The file writer will check every 30s to see if it needs
; to reopen its file. This is useful for people that configure
; logrotate to move log files periodically.
;
; file = ./couch.log ; Path name to write logs to
;
; Write operations will happen either every write_buffer bytes
; or write_delay milliseconds. These are passed directly to the
; Erlang file module with the write_delay option documented here:
;
;     http://erlang.org/doc/man/file.html
;
; write_buffer = 0
; write_delay = 0
;
;
; Syslog Writer Options:
;
; The syslog writer options all correspond to their obvious
; counter parts in rsyslog nomenclature.
;
; syslog_host =
; syslog_port = 514
; syslog_appid = couchdb
; syslog_facility = local2

[stats]
; Stats collection interval in seconds. Default 10 seconds.
;interval = 10

[couch_jobs]
;
; Maximum jitter used when checking for active job timeouts
;activity_monitor_max_jitter_msec = 10000
;
; Hold-off applied before notifying subscribers. Since active jobs can be
; queried more effiently using a range read, increasing this value should make
; notifications more performant, however, it would also increase notification
; latency.
;type_monitor_holdoff_msec = 50
;
; Timeout used when waiting for the job type notification watches. The default
; value of "infinity" should work well in most cases.
;type_monitor_timeout_msec = infinity
;
; How often to check for the presense of new job types.
;type_check_period_msec = 15000
;
; Jitter applied when checking for new job types.
;type_check_max_jitter_msec = 5000

[tracing]
;
; Configuration settings for the `ctrace` OpenTracing
; API. There are two reporter which we support.
;   - jaeger.thrift over udp
;   - jaeger.thrift over http
; ## Common settings
; enabled = false ; true | false
; app_name = couchdb ; value to use for the `location.application` tag
; protocol = udp ; udp | http - which reporter to use
; ## jaeger.thrift over udp reporter
; thrift_format = compact ; compact | binary
; agent_host = 127.0.0.1
; agent_port = 6831
; ## jaeger.thrift over udp reporter
; endpoint = http://127.0.0.1:14268

[tracing.filters]
;
; Configure tracing for each individual operation. Keys should be set as
; operation names (i.e., `database-info.read` or `view.build`). Values
; are essentially an anonymous function that accepts a single argument
; that is the tags provided to the root span. These definitions
; should not include a function name or a trailing `.`. Return values
; must be one of `true`, `false`, or `float()`. A boolean return
; indicates whether or not to include the trace while a `float()`
; value between 0 and 1 gives the probability that the trace should
; be included or not. I.e., if the value is `0.9` then 90% of the
; traces will be logged. See the `src/ctrace/README.md` for a
; thorough description of the filter DSL.
;
; database-info.read = (#{'http.method' := Method}) when Method == 'GET' -> true
; view.build = (#{'view.name' := Name}) when Name == "foo" -> 0.25
;
; The key `all` is checked for any trace that does not have a
; corresponding operation name key configured. Thus, users can easily
; log every generated trace by including the following:
;
; all = (#{}) -> true

; Some low-level FDB transaction options. These options will be applied to the
; database handle and inherited by each transaction started with that handle.
; The description of these can be found in fdb_c_option.g.h include file from
; the client libraries. The default values which were not specified the
; fdb_c_option.g.h file were not included here either.

[fdb_tx_options]
; Specify the machine ID that was passed to fdbserver processes running on the
; same machine as this client, for better location-aware load balancing.
; Type is a hexadecimal string, less than 16 bytes in size.
;machine_id =

; Specify the datacenter ID that was passed to fdbserver processes running in
; the same datacenter as this client, for better location-aware load balancing.
; Type is hexadecimal string, less than 16 bytes in size.
;datacenter_id =

; Sets the maximum escaped length of key and value fields to be logged to the
; trace file via the LOG_TRANSACTION option, after which the field will be
; truncated. A negative value disables truncation.
;transaction_logging_max_field_length =

; Set a timeout in milliseconds which, when elapsed, will cause the transaction
; automatically to be cancelled. Valid parameter values are [0, INT_MAX].
; If set to 0, will disable all timeouts. All pending and any future uses of
; the transaction will throw an exception. The transaction can be used again
; after it is reset.
;timeout = 60000

; Set a maximum number of retries after which additional calls to 'on_error`
; will throw the most recently seen error code. Valid parameter values are
; [-1, INT_MAX]. If set to -1, will disable the retry limit.
;retry_limit = 100

; Set the maximum amount of backoff delay incurred in the call to 'on_error'
; if the error is retryable. Defaults to 1000 ms. Valid parameter values are
; [0, INT_MAX]. If the maximum retry delay is less than the current retry
; delay of the transaction, then the current retry delay will be clamped to the
; maximum retry delay. The retry limit is not reset after an
; 'on_erro' call.
;max_retry_delay = 1000

; Set the transaction size limit in bytes. The size is calculated by combining
; the sizes of all keys and values written or mutated, all key ranges cleared,
; and all read and write conflict ranges. (In other words, it includes the
; total size of all data included in the request to the cluster to commit the
; transaction.) Large transactions can cause performance problems on
; FoundationDB clusters, so setting this limit to a smaller value than the
; default can help prevent the client from accidentally degrading the cluster's
; performance. This value must be at least 10000 and cannot be set to higher than
; 10000000, the default transaction size limit.
;size_limit = 10000000

[aegis]
; The maximum number of entries in the key cache.
; Once the limit reached the least recently used entries are eviceted.
;cache_limit = 100000

; The period in seconds for how long each entry kept in cache.
; This is not affected by access time, i.e. the keys are always removed
; once expired and re-fetched on a next encrypt/decrypt operation.
;cache_max_age_sec = 1800

; The interval in seconds of how often the expiration check runs.
;cache_expiration_check_sec = 10

; The period in seconds that an expired key remains in the cache.
; Lowering this too much might expose races.
;cache_deletion_grace_sec = 5

[prometheus]
;additional_port = false
bind_address = 127.0.0.1
port = {{prometheus_port}}