c6b87ee0ee
DOCS-902: Add "M' and "Mi" units to --limit-upload and --limit-download DOCS-895: Take Bucket/IAM snapshot before site replication config DOCS-886: Add audit_kafka config settings and envvars.
85 KiB
mc admin config
minio
Table of Contents
mc admin config
Description
The mc admin config
command manages configuration settings for the minio server.
Use mc admin on MinIO Deployments Only
Examples
Syntax
set
Sets a configuration key <minio-server-configuration-settings>
on the MinIO deployment. Configurations defined by environment variables
override configurations defined by this command.
For distributed deployments, use to modify existing endpoints.
Endpoints using the http protocol can be either the hostname or IP
address, and they may use either http or
https.
get
Gets a configuration key <minio-server-configuration-settings>
on the MinIO deployment created using mc admin
config set.
export
Exports any configuration settings created using mc admin config set.
history
Lists the history of changes made to configuration keys by mc admin config.
Configurations defined by environment variables do not show.
import
Imports configuration settings exported using mc admin config export.
reset
Resets config to defaults. Configurations defined in environment variables are not affected.
restore
Roll back changes to configuration keys to a previous point in history.
Does not affect configurations defined by environment variables.
Configuration Settings
The following configuration settings define runtime behavior of the
MinIO server <minio server> process:
Root User Account
api
The top-level configuration key for modifying API-related operations.
root_access
This configuration setting corresponds with the MINIO_API_ROOT_ACCESS
environment variable. To reset after an unintentional lock, set MINIO_API_ROOT_ACCESS
on to override this setting and temporarily re-enable the
root account. You can then change this setting to on
or make the necessary user/policy changes to ensure normal
administrative access through other non-root accounts.
HTTP Webhook Log Target
logger_webhook
The top-level configuration key for defining an HTTP webhook target
for publishing MinIO logs <minio-logging>.
Use mc admin config set to set or update an HTTP
webhook target. Specify additional optional arguments as a whitespace
(" ")-delimited list.
mc admin config set logger_webhook \
endpoint="http://webhook.example.net" [ARGUMENTS=VALUE ...]You can specify multiple HTTP webhook targets by appending
[:name] to the top-level key. For example, the following
commands set two distinct HTTP webhook targets as primary
and secondary respectively:
mc admin config set logger_webhook:primary \
endpoint="http://webhook-01.example.net" [ARGUMENTS=VALUE ...]
mc admin config set logger_webhook:secondary \
endpoint="http://webhook-02.example.net" [ARGUMENTS=VALUE ...]The logger_webhook configuration key accepts the
following arguments:
endpoint
Required
The HTTP endpoint of the webhook.
This setting corresponds to the MINIO_LOGGER_WEBHOOK_ENDPOINT environment
variable.
auth_token
Optional
The JSON Web Token (JWT) to use for authenticating to the HTTP webhook. Omit for webhooks which do not enforce authentication.
This setting corresponds to the MINIO_LOGGER_WEBHOOK_AUTH_TOKEN environment
variable.
client_cert
Optional
The path to the mTLS certificate to use for authenticating to the webhook logger.
This setting corresponds to the MINIO_LOGGER_WEBHOOK_CLIENT_CERT environment
variable.
client_key
Optional
The path to the mTLS certificate key to use to authenticate with the webhook logger service.
This setting corresponds to the MINIO_LOGGER_WEBHOOK_CLIENT_KEY environment
variable.
proxy
MinIO RELEASE.2023-02-22T18-23-45Z
Optional
Define a proxy to use for the webhook logger when communicating from MinIO to external webhooks.
This setting corresponds to the MINIO_LOGGER_WEBHOOK_PROXY environment
variable.
queue_dir
RELEASE.2023-05-18T00-05-36Z
Optional
Specify the directory path, such as /opt/minio/events,
to enable MinIO's persistent event store for undelivered messages. The
MinIO process must have read, write, and list access on the specified
directory.
MinIO stores undelivered events in the specified store while the webhook service is offline and replays the stored events when connectivity resumes.
This setting corresponds to the MINIO_LOGGER_WEBHOOK_QUEUE_DIR environment
variable.
queue_size
Optional
An integer value to use for the queue size for logger webhook
targets. The default is 100000 events.
This setting corresponds to the MINIO_LOGGER_WEBHOOK_QUEUE_SIZE environment
variable.
HTTP Webhook Audit Log Target
audit_webhook
The top-level configuration key for defining an HTTP webhook target
for publishing MinIO audit logs <minio-logging>.
Use mc admin config set to set or update an HTTP
webhook target. Specify additional optional arguments as a whitespace
(" ")-delimited list.
mc admin config set audit_webhook \
endpoint="http://webhook.example.net" [ARGUMENTS=VALUE ...]You can specify multiple HTTP webhook targets by appending
[:name] to the top-level key. For example, the following
commands set two distinct HTTP webhook targets as primary
and secondary respectively:
mc admin config set audit_webhook:primary \
endpoint="http://webhook-01.example.net" [ARGUMENTS=VALUE ...]
mc admin config set audit_webhook:secondary \
endpoint="http://webhook-02.example.net" [ARGUMENTS=VALUE ...]The audit_webhook configuration key accepts the
following arguments:
endpoint
Required
The HTTP endpoint of the webhook.
This setting corresponds to the MINIO_AUDIT_WEBHOOK_ENDPOINT environment
variable.
auth_token
Optional
The JSON Web Token (JWT) to use for authenticating to the HTTP webhook. Omit for webhooks which do not enforce authentication.
This setting corresponds to the MINIO_AUDIT_WEBHOOK_AUTH_TOKEN environment
variable.
client_cert
Optional
The x.509 client certificate to present to the HTTP webhook. Omit for webhooks which do not require clients to present a known TLS certificate.
Requires specifying ~audit_webhook.client_key.
This setting corresponds to the MINIO_AUDIT_WEBHOOK_CLIENT_CERT environment
variable.
client_key
Optional
The x.509 private key to present to the HTTP webhook. Omit for webhooks which do not require clients to present a known TLS certificate.
Requires specifying ~audit_webhook.client_cert.
This setting corresponds to the MINIO_AUDIT_WEBHOOK_CLIENT_KEY environment
variable.
queue_dir
RELEASE.2023-05-18T00-05-36Z
Optional
Specify the directory path, such as /opt/minio/events,
to enable MinIO's persistent event store for undelivered messages. The
MinIO process must have read, write, and list access on the specified
directory.
MinIO stores undelivered events in the specified store while the webhook service is offline and replays the stored events when connectivity resumes.
This setting corresponds to the MINIO_AUDIT_WEBHOOK_QUEUE_DIR environment
variable.
queue_size
Optional
An integer value to use for the queue size for webhook targets. The
default is 100000 events.
This setting corresponds to the MINIO_AUDIT_WEBHOOK_QUEUE_SIZE environment
variable.
Kafka Audit Log Target
audit_kafka
The top-level configuration key for defining a Kafka broker target
for publishing MinIO audit logs <minio-logging>.
Use mc admin config set to set or update a Kafka audit
target. Specify additional optional arguments as a whitespace
(" ")-delimited list.
mc admin config set audit_kafka \
brokers="https://kafka-endpoint.example.net:9092" [ARGUMENTS=VALUE ...]The audit_kafka
configuration key accepts the following arguments:
brokers
This setting corresponds to the MINIO_AUDIT_KAFKA_BROKERS environment variable.
topic
This setting corresponds to the MINIO_AUDIT_KAFKA_TOPIC environment variable.
tls
This setting corresponds to the MINIO_AUDIT_KAFKA_TLS environment variable.
tls_skip_verify
This setting corresponds to the MINIO_AUDIT_KAFKA_TLS_SKIP_VERIFY environment
variable.
tls_client_auth
Requires specifying ~audit_kafka.client_tls_cert and ~audit_kafka.client_tls_key.
This setting corresponds to the MINIO_AUDIT_KAFKA_TLS_CLIENT_AUTH environment
variable.
client_tls_cert
This setting corresponds to the MINIO_AUDIT_KAFKA_CLIENT_TLS_CERT environment
variable.
client_tls_key
This setting corresponds to the MINIO_AUDIT_KAFKA_CLIENT_TLS_KEY environment
variable.
sasl
Requires specifying ~audit_kafka.sasl_username and ~audit_kafka.sasl_password.
This setting corresponds to the MINIO_AUDIT_KAFKA_SASL environment variable.
sasl_username
This setting corresponds to the MINIO_AUDIT_KAFKA_SASL_USERNAME environment
variable.
sasl_password
This setting corresponds to the MINIO_AUDIT_KAFKA_SASL_PASSWORD environment
variable.
sasl_mechanism
This setting corresponds to the MINIO_AUDIT_KAFKA_SASL_MECHANISM environment
variable.
Important
The PLAIN authentication mechanism sends credentials in
plain text over the network. Use ~audit_kafka.tls to enable TLS connectivity to the
Kafka brokers and ensure secure transmission of SASL credentials.
version
This setting corresponds to the MINIO_AUDIT_KAFKA_VERSION environment variable.
comment
This setting corresponds to the MINIO_AUDIT_KAFKA_COMMENT environment variable.
AMQP Service for Bucket Notifications
The following section documents settings for configuring an AMQP
service as a target for Bucket Nofitications <minio-bucket-notifications>.
See minio-bucket-notifications-publish-amqp for a tutorial
on using these environment variables.
notify_amqp
The top-level configuration key for defining an AMQP service endpoint
for use with MinIO bucket notifications <minio-bucket-notifications>.
Use mc admin config set to set or update an AMQP
service endpoint. The ~notify_amqp.url argument is required for
each target. Specify additional optional arguments as a whitespace
(" ")-delimited list.
mc admin config set notify_amqp \
url="amqp://user:password@endpoint:port" \
[ARGUMENT="VALUE"] ... \You can specify multiple AMQP service endpoints by appending
[:name] to the top level key. For example, the following
commands set two distinct AMQP service endpoints as primary
and secondary respectively:
mc admin config set notify_amqp:primary \
url="user:password@amqp://endpoint:port" [ARGUMENT=VALUE ...]
mc admin config set notify_amqp:secondary \
url="user:password@amqp://endpoint:port" [ARGUMENT=VALUE ...]The notify_amqp
configuration key supports the following arguments:
url
Required
This key corresponds to the MINIO_NOTIFY_AMQP_URL environment variable.
exchange
Optional
This field corresponds to the MINIO_NOTIFY_AMQP_EXCHANGE environment
variable.
exchange_type
Optional
This field corresponds to the MINIO_NOTIFY_AMQP_EXCHANGE_TYPE environment
variable.
routing_key
Optional
This field corresponds to the MINIO_NOTIFY_AMQP_ROUTING_KEY environment
variable.
mandatory
Optional
This field corresponds to the MINIO_NOTIFY_AMQP_MANDATORY environment
variable.
durable
Optional
This field corresponds to the MINIO_NOTIFY_AMQP_DURABLE environment variable.
no_wait
Optional
This field corresponds to the MINIO_NOTIFY_AMQP_NO_WAIT environment variable.
internal
Optional
This field corresponds to the MINIO_NOTIFY_AMQP_INTERNAL environment
variable.
auto_deleted
Optional
This field corresponds to the MINIO_NOTIFY_AMQP_AUTO_DELETED environment
variable.
delivery_mode
Optional
This field corresponds to the MINIO_NOTIFY_AMQP_DELIVERY_MODE environment
variable.
queue_dir
Optional
This field corresponds to the MINIO_NOTIFY_AMQP_QUEUE_DIR environment
variable.
queue_limit
Optional
This field corresponds to the MINIO_NOTIFY_AMQP_QUEUE_LIMIT environment
variable.
comment
Optional
This field corresponds to the MINIO_NOTIFY_AMQP_COMMENT environment variable.
MQTT Service for Bucket Notifications
The following section documents settings for configuring an MQTT
server/broker as a publishing target for Bucket Nofitications <minio-bucket-notifications>.
See minio-bucket-notifications-publish-mqtt for a tutorial
on using these configuration settings.
notify_mqtt
The top-level configuration key for defining an MQTT server/broker
endpoint for use with MinIO bucket notifications <minio-bucket-notifications>.
Use mc admin config set to set or update an MQTT
server/broker endpoint. The following arguments are required
for each endpoint:
~notify_mqtt.broker~notify_mqtt.topic~notify_mqtt.usernameOptional if MQTT server/broker does not enforce authentication/authorization~notify_mqtt.passwordOptional if MQTT server/broker does not enforce authentication/authorization
Specify additional optional arguments as a whitespace
(" ")-delimited list.
mc admin config set notify_mqtt \
broker="tcp://endpoint:port" \
topic="minio/bucket-name/events/" \
username="username" \
password="password" \
[ARGUMENT="VALUE"] ... \You can specify multiple MQTT server/broker endpoints by appending
[:name] to the top level key. For example, the following
commands set two distinct MQTT service endpoints as primary
and secondary respectively:
mc admin config set notify_mqtt:primary \
broker="tcp://endpoint:port" \
topic="minio/bucket-name/events/" \
username="username" \
password="password" \
[ARGUMENT="VALUE"] ... \
mc admin config set notify_mqtt:secondary \
broker="tcp://endpoint:port" \
topic="minio/bucket-name/events/" \
username="username" \
password="password" \
[ARGUMENT="VALUE"] ... \The notify_mqtt
configuration key supports the following arguments:
broker
Required
This field corresponds to the MINIO_NOTIFY_MQTT_BROKER environment variable.
topic
Required
This field corresponds to the MINIO_NOTIFY_MQTT_TOPIC environment variable.
username
Required if the MQTT server/broker enforces authentication/authorization
This field corresponds to the MINIO_NOTIFY_MQTT_TOPIC environment variable.
password
Required if the MQTT server/broker enforces authentication/authorization
This field corresponds to the MINIO_NOTIFY_MQTT_PASSWORD environment
variable.
qos
Optional
This field corresponds to the MINIO_NOTIFY_MQTT_QOS environment variable.
keep_alive_interval
Optional
This field corresponds to the MINIO_NOTIFY_MQTT_KEEP_ALIVE_INTERVAL environment
variable.
reconnect_interval
Optional
This field corresponds to the MINIO_NOTIFY_MQTT_RECONNECT_INTERVAL environment
variable.
queue_dir
Optional
This field corresponds to the MINIO_NOTIFY_MQTT_QUEUE_DIR environment
variable.
queue_limit
Optional
This field corresponds to the MINIO_NOTIFY_MQTT_QUEUE_LIMIT environment
variable.
comment
Optional
This field corresponds to the MINIO_NOTIFY_MQTT_COMMENT environment variable.
Elasticsearch Service for Bucket Notifications
The following section documents settings for configuring an
Elasticsearch service as a target for Bucket Nofitications <minio-bucket-notifications>.
See minio-bucket-notifications-publish-elasticsearch for a
tutorial on using these configuration settings.
notify_elasticsearch
The top-level configuration key for defining an Elasticsearch service
endpoint for use with MinIO bucket notifications
<minio-bucket-notifications>.
Use mc admin config set to set or update an
Elasticsearch service endpoint. The following arguments are
required for each target:
~notify_elasticsearch.url~notify_elasticsearch.index~notify_elasticsearch.format
Specify additional optional arguments as a whitespace
(" ")-delimited list.
mc admin config set notify_elasticsearch \
url="https://user:password@endpoint:port" \
[ARGUMENT="VALUE"] ... \You can specify multiple Elasticsearch service endpoints by appending
[:name] to the top level key. For example, the following
commands set two distinct Elasticsearch service endpoints as
primary and secondary respectively:
mc admin config set notify_elasticsearch:primary \
url="user:password@https://endpoint:port" [ARGUMENT=VALUE ...]
mc admin config set notify_elasticsearch:secondary \
url="user:password@https://endpoint:port" [ARGUMENT=VALUE ...]The notify_elasticsearch configuration key supports
the following arguments:
url
Required
This field corresponds to the MINIO_NOTIFY_ELASTICSEARCH_URL environment
variable.
index
Required
This field corresponds to the MINIO_NOTIFY_ELASTICSEARCH_INDEX environment
variable.
format
Required
This field corresponds to the MINIO_NOTIFY_ELASTICSEARCH_FORMAT environment
variable.
username
Optional
This field corresponds to the MINIO_NOTIFY_ELASTICSEARCH_USERNAME environment
variable.
password
Optional
This field corresponds to the MINIO_NOTIFY_ELASTICSEARCH_PASSWORD environment
variable.
queue_dir
Optional
This field corresponds to the MINIO_NOTIFY_ELASTICSEARCH_QUEUE_DIR environment
variable.
queue_limit
Optional
This field corresponds to the MINIO_NOTIFY_ELASTICSEARCH_QUEUE_LIMIT environment
variable.
comment
Optional
This field corresponds to the MINIO_NOTIFY_ELASTICSEARCH_COMMENT environment
variable.
NSQ Service for Bucket Notifications
The following section documents settings for configuring an NSQ
server/broker as a publishing target for Bucket Nofitications <minio-bucket-notifications>.
See minio-bucket-notifications-publish-nsq for a tutorial
on using these configuration settings.
notify_nsq
The top-level configuration key for defining an NSQ server/broker
endpoint for use with MinIO bucket notifications <minio-bucket-notifications>.
Use mc admin config set to set or update an NSQ
server/broker endpoint. The following arguments are required
for each endpoint:
~notify_nsq.nsqd_address~notify_nsq.topic
Specify additional optional arguments as a whitespace
(" ")-delimited list.
mc admin config set notify_nsq \
nsqd_address="ENDPOINT" \
topic="<string>" \
[ARGUMENT="VALUE"] ... \You can specify multiple NSQ server/broker endpoints by appending
[:name] to the top level key. For example, the following
commands set two distinct NSQ service endpoints as primary
and secondary respectively:
mc admin config set notify_nsq:primary \
nsqd_address="ENDPOINT" \
topic="<string>" \
[ARGUMENT="VALUE"] ... \
mc admin config set notify_nsq:secondary \
nsqd_address="ENDPOINT" \
topic="<string>" \
[ARGUMENT="VALUE"] ... \The notify_nsq
configuration key supports the following arguments:
nsqd_address
Required
This configuration setting corresponds to the MINIO_NOTIFY_NSQ_NSQD_ADDRESS environment
variable.
topic
Required
This configuration setting corresponds to the MINIO_NOTIFY_NSQ_TOPIC
environment variable.
tls
Optional
This configuration setting corresponds to the MINIO_NOTIFY_NSQ_TLS
environment variable.
tls_skip_verify
Optional
This configuration setting corresponds to the MINIO_NOTIFY_NSQ_TLS_SKIP_VERIFY environment
variable.
queue_dir
Optional
This configuration setting corresponds to the MINIO_NOTIFY_NSQ_QUEUE_DIR
environment variable.
queue_limit
Optional
This configuration setting corresponds to the MINIO_NOTIFY_NSQ_QUEUE_LIMIT environment
variable.
comment
Optional
This configuration setting corresponds to the MINIO_NOTIFY_NSQ_COMMENT
environment variable.
Redis Service for Bucket Notifications
The following section documents settings for configuring an Redis
server/broker as a publishing target for Bucket Nofitications <minio-bucket-notifications>.
See minio-bucket-notifications-publish-redis for a
tutorial on using these configuration settings.
notify_redis
The top-level configuration key for defining an Redis server/broker
endpoint for use with MinIO bucket notifications <minio-bucket-notifications>.
Use mc admin config set to set or update an Redis
server/broker endpoint. The following arguments are required
for each endpoint:
~notify_redis.address~notify_redis.key~notify_redis.format
Specify additional optional arguments as a whitespace
(" ")-delimited list.
mc admin config set notify_redis \
address="ENDPOINT" \
key="<string>" \
format="<string>" \
[ARGUMENT="VALUE"] ... \You can specify multiple Redis server/broker endpoints by appending
[:name] to the top level key. For example, the following
commands set two distinct Redis service endpoints as
primary and secondary respectively:
mc admin config set notify_redis:primary \
address="ENDPOINT" \
key="<string>" \
format="<string>" \
[ARGUMENT="VALUE"] ... \
mc admin config set notify_redis:secondary \
address="ENDPOINT" \
key="<string>" \
format="<string>" \
[ARGUMENT="VALUE"] ... \The notify_redis
configuration key supports the following arguments:
address
Required
This configuration setting corresponds to the MINIO_NOTIFY_REDIS_ADDRESS
environment variable.
key
Required
This configuration setting corresponds to the MINIO_NOTIFY_REDIS_KEY
environment variable.
format
Required
This configuration setting corresponds to the MINIO_NOTIFY_REDIS_FORMAT
environment variable.
password
Optional
This configuration setting corresponds to the MINIO_NOTIFY_REDIS_PASSWORD environment
variable.
queue_dir
Optional
This configuration setting corresponds to the MINIO_NOTIFY_REDIS_QUEUE_DIR environment
variable.
queue_limit
Optional
This configuration setting corresponds to the MINIO_NOTIFY_REDIS_QUEUE_LIMIT environment
variable.
comment
Optional
This configuration setting corresponds to the MINIO_NOTIFY_REDIS_COMMENT
environment variable.
NATS Service for Bucket Notifications
The following section documents settings for configuring an NATS
service as a target for Bucket Nofitications <minio-bucket-notifications>.
See minio-bucket-notifications-publish-nats for a tutorial
on using these environment variables.
notify_nats
The top-level configuration key for defining an NATS service endpoint
for use with MinIO bucket notifications <minio-bucket-notifications>.
Use mc admin config set to set or update an NATS
service endpoint. The ~notify_nats.address and ~notify_nats.subject
arguments are required for each target. Specify additional
optional arguments as a whitespace (" ")-delimited
list.
mc admin config set notify_nats \
address="htpps://nats-endpoint.example.com:4222" \
subject="minioevents" \
[ARGUMENT="VALUE"] ... \You can specify multiple NATS service endpoints by appending
[:name] to the top level key. For example, the following
commands set two distinct NATS service endpoints as primary
and secondary respectively:
mc admin config set notify_nats:primary \
address="htpps://nats-endpoint.example.com:4222" \
subject="minioevents" \
[ARGUMENT=VALUE ...]
mc admin config set notify_nats:secondary \
address="htpps://nats-endpoint.example.com:4222" \
subject="minioevents" \
[ARGUMENT=VALUE ...]The notify_nats
configuration key supports the following arguments:
address
Required
This configuration setting corresponds with the environment variable
MINIO_NOTIFY_NATS_ADDRESS.
subject
Required
This configuration setting corresponds with the environment variable
MINIO_NOTIFY_NATS_SUBJECT.
username
Optional
This configuration setting corresponds with the environment variable
MINIO_NOTIFY_NATS_USERNAME.
password
Optional
This configuration setting corresponds with the environment variable
MINIO_NOTIFY_NATS_PASSWORD.
token
Optional
This configuration setting corresponds with the environment variable
MINIO_NOTIFY_NATS_TOKEN.
tls
Optional"
This configuration setting corresponds with the environment variable
MINIO_NOTIFY_NATS_TLS.
tls_skip_verify
Optional
This configuration setting corresponds with the environment variable
MINIO_NOTIFY_NATS_TLS_SKIP_VERIFY.
ping_interval
Optional
This configuration setting corresponds with the environment variable
MINIO_NOTIFY_NATS_PING_INTERVAL.
streaming
Optional
This configuration setting corresponds with the environment variable
MINIO_NOTIFY_NATS_STREAMING.
streaming_async
Optional
This configuration setting corresponds with the environment variable
MINIO_NOTIFY_NATS_STREAMING_ASYNC.
streaming_max_pub_acks_in_flight
Optional
This configuration setting corresponds with the environment variable
MINIO_NOTIFY_NATS_STREAMING_MAX_PUB_ACKS_IN_FLIGHT.
streaming_cluster_id
Optional
This configuration setting corresponds with the environment variable
MINIO_NOTIFY_NATS_STREAMING_CLUSTER_ID.
cert_authority
Optional
This configuration setting corresponds with the environment variable
MINIO_NOTIFY_NATS_CERT_AUTHORITY.
client_cert
Optional
This configuration setting corresponds with the environment variable
MINIO_NOTIFY_NATS_CLIENT_CERT.
client_key
Optional
This configuration setting corresponds with the environment variable
MINIO_NOTIFY_NATS_CLIENT_KEY.
queue_dir
Optional
This configuration setting corresponds to the MINIO_NOTIFY_NATS_QUEUE_DIR environment
variable.
queue_limit
Optional
This configuration setting corresponds to the MINIO_NOTIFY_NATS_QUEUE_LIMIT environment
variable.
comment
Optional
This configuration setting corresponds to the MINIO_NOTIFY_NATS_COMMENT
environment variable.
PostgreSQL Service for Bucket Notifications
The following section documents settings for configuring an
PostgreSQL service as a target for Bucket Nofitications <minio-bucket-notifications>.
See minio-bucket-notifications-publish-postgresql for a
tutorial on using these environment variables.
notify_postgres
The top-level configuration key for defining an PostgreSQL service
endpoint for use with MinIO bucket notifications <minio-bucket-notifications>.
Use mc admin config set to set or update an PostgreSQL
service endpoint. The following arguments are required for each
target:
~notify_postgres.connection_string~notify_postgres.table~notify_postgres.format
Specify additional optional arguments as a whitespace
(" ")-delimited list.
mc admin config set notify_postgres \
connection_string="host=postgresql.example.com port=5432..."
table="minioevents" \
format="namespace" \
[ARGUMENT="VALUE"] ... \You can specify multiple PostgreSQL service endpoints by appending
[:name] to the top level key. For example, the following
commands set two distinct PostgreSQL service endpoints as
primary and secondary respectively:
mc admin config set notify_postgres:primary \
connection_string="host=postgresql.example.com port=5432..."
table="minioevents" \
format="namespace" \
[ARGUMENT=VALUE ...]
mc admin config set notify_postgres:secondary \
connection_string="host=postgresql.example.com port=5432..."
table="minioevents" \
format="namespace" \
[ARGUMENT=VALUE ...]The notify_postgres configuration key supports the
following arguments:
connection_string
Required
This configuration setting corresponds to the MINIO_NOTIFY_POSTGRES_CONNECTION_STRING environment
variable.
table
Required
This configuration setting corresponds to the MINIO_NOTIFY_POSTGRES_TABLE environment
variable.
format
Required
This configuration setting corresponds to the MINIO_NOTIFY_POSTGRES_FORMAT environment
variable.
max_open_connections
Optional
This configuration setting corresponds to the MINIO_NOTIFY_POSTGRES_MAX_OPEN_CONNECTIONS
environment variable.
queue_dir
Optional
This configuration setting corresponds to the MINIO_NOTIFY_POSTGRES_QUEUE_DIR environment
variable.
queue_limit
Optional
This configuration setting corresponds to the MINIO_NOTIFY_POSTGRES_QUEUE_LIMIT environment
variable.
comment
Optional
This configuration setting corresponds to the MINIO_NOTIFY_POSTGRES_COMMENT environment
variable.
MySQL Service for Bucket Notifications
The following section documents settings for configuring an MySQL
service as a target for Bucket Nofitications <minio-bucket-notifications>.
See minio-bucket-notifications-publish-mysql for a
tutorial on using these environment variables.
notify_mysql
The top-level configuration key for defining an MySQL service
endpoint for use with MinIO bucket notifications <minio-bucket-notifications>.
Use mc admin config set to set or update an MySQL
service endpoint. The following arguments are required for each
target:
~notify_mysql.dsn_string~notify_mysql.table~notify_mysql.format
Specify additional optional arguments as a whitespace
(" ")-delimited list.
mc admin config set notify_mysql \
dsn_string="username:password@tcp(mysql.example.com:3306)/miniodb"
table="minioevents" \
format="namespace" \
[ARGUMENT="VALUE"] ... \You can specify multiple MySQL service endpoints by appending
[:name] to the top level key. For example, the following
commands set two distinct MySQL service endpoints as
primary and secondary respectively:
mc admin config set notify_mysql:primary \
dsn_string="username:password@tcp(mysql.example.com:3306)/miniodb"
table="minioevents" \
format="namespace" \
[ARGUMENT=VALUE ...]
mc admin config set notify_mysql:secondary \
dsn_string="username:password@tcp(mysql.example.com:3306)/miniodb"
table="minioevents" \
format="namespace" \
[ARGUMENT=VALUE ...]The notify_mysql
configuration key supports the following arguments:
dsn_string
Required
This configuration setting corresponds to the MINIO_NOTIFY_MYSQL_DSN_STRING environment
variable.
table
Required
This configuration setting corresponds to the MINIO_NOTIFY_MYSQL_TABLE
environment variable.
format
Required
This configuration setting corresponds to the MINIO_NOTIFY_MYSQL_FORMAT
environment variable.
max_open_connections
Optional
This configuration setting corresponds to the MINIO_NOTIFY_MYSQL_MAX_OPEN_CONNECTIONS environment
variable.
queue_dir
Optional
This configuration setting corresponds to the MINIO_NOTIFY_MYSQL_QUEUE_DIR environment
variable.
queue_limit
Optional
This configuration setting corresponds to the MINIO_NOTIFY_MYSQL_QUEUE_LIMIT environment
variable.
comment
Optional
This configuration setting corresponds to the MINIO_NOTIFY_MYSQL_COMMENT
environment variable.
Kafka Service for Bucket Notifications
The following section documents settings for configuring an Kafka
service as a target for Bucket Nofitications <minio-bucket-notifications>.
See minio-bucket-notifications-publish-kafka for a
tutorial on using these environment variables.
notify_kafka
The top-level configuration key for defining an Kafka service
endpoint for use with MinIO bucket notifications <minio-bucket-notifications>.
Use mc admin config set to set or update an Kafka
service endpoint. The ~notify_kafka.brokers argument is
required for each target. Specify additional optional arguments
as a whitespace (" ")-delimited list.
mc admin config set notify_kafka \
brokers="https://kafka1.example.net:9200, https://kafka2.example.net:9200"
[ARGUMENT="VALUE"] ... \You can specify multiple Kafka service endpoints by appending
[:name] to the top level key. For example, the following
commands set two distinct Kafka service endpoints as
primary and secondary respectively:
mc admin config set notify_kafka:primary \
brokers="https://kafka1.example.net:9200, https://kafka2.example.net:9200"
[ARGUMENT=VALUE ...]
mc admin config set notify_kafka:secondary \
brokers="https://kafka1.example.net:9200, https://kafka2.example.net:9200"
[ARGUMENT=VALUE ...]The notify_kafka
configuration key supports the following arguments:
brokers
Required
This configuration setting corresponds to the MINIO_NOTIFY_KAFKA_BROKERS
environment variable.
topic
Optional
This configuration setting corresponds to the MINIO_NOTIFY_KAFKA_TOPIC
environment variable.
sasl
Optional
This configuration setting corresponds to the MINIO_NOTIFY_KAFKA_SASL
environment variable.
sasl_username
Optional
This configuration setting corresponds to the MINIO_NOTIFY_KAFKA_SASL_USERNAME environment
variable.
sasl_password
Optional
This configuration setting corresponds to the MINIO_NOTIFY_KAFKA_SASL_PASSWORD environment
variable.
sasl_mechanism
Optional
This configuration setting corresponds to the MINIO_NOTIFY_KAFKA_SASL_MECHANISM environment
variable.
tls_client_auth
Optional
This configuration setting corresponds to the MINIO_NOTIFY_KAFKA_TLS_CLIENT_AUTH environment
variable.
tls
Optional
This configuration setting corresponds to the MINIO_NOTIFY_KAFKA_TLS
environment variable.
tls_skip_verify
Optional
This configuration setting corresponds to the MINIO_NOTIFY_KAFKA_TLS_SKIP_VERIFY environment
variable.
client_tls_cert
Optional
This configuration setting corresponds to the MINIO_NOTIFY_KAFKA_CLIENT_TLS_CERT environment
variable.
client_tls_key
Optional
This configuration setting corresponds to the MINIO_NOTIFY_KAFKA_CLIENT_TLS_KEY environment
variable.
version
Optional
This configuration setting corresponds to the MINIO_NOTIFY_KAFKA_VERSION
environment variable.
queue_dir
Optional
This configuration setting corresponds to the MINIO_NOTIFY_KAFKA_QUEUE_DIR environment
variable.
queue_limit
Optional
This configuration setting corresponds to the MINIO_NOTIFY_KAFKA_QUEUE_LIMIT environment
variable.
comment
Optional
This configuration setting corresponds to the MINIO_NOTIFY_KAFKA_COMMENT
environment variable.
Webhook Service for Bucket Notifications
The following section documents settings for configuring an Webhook
service as a target for Bucket Nofitications <minio-bucket-notifications>.
See minio-bucket-notifications-publish-webhook for a
tutorial on using these environment variables.
notify_webhook
The top-level configuration key for defining an Webhook service
endpoint for use with MinIO bucket notifications <minio-bucket-notifications>.
Use mc admin config set to set or update an Webhook
service endpoint. The ~notify_webhook.endpoint argument is
required for each target. Specify additional optional arguments
as a whitespace (" ")-delimited list.
mc admin config set notify_webhook \
endpoint="https://webhook.example.net"
[ARGUMENT="VALUE"] ... \You can specify multiple Webhook service endpoints by appending
[:name] to the top level key. For example, the following
commands set two distinct Webhook service endpoints as
primary and secondary respectively:
mc admin config set notify_webhook:primary \
endpoint="https://webhook1.example.net"
[ARGUMENT=VALUE ...]
mc admin config set notify_webhook:secondary \
endpoint="https://webhook2.example.net
[ARGUMENT=VALUE ...]The notify_webhook configuration key supports the
following arguments:
endpoint
Required
This configuration setting corresponds with the MINIO_NOTIFY_WEBHOOK_ENDPOINT environment
variable.
auth_token
Optional
This configuration setting corresponds with the MINIO_NOTIFY_WEBHOOK_AUTH_TOKEN environment
variable.
queue_dir
Optional
This configuration setting corresponds with the MINIO_NOTIFY_WEBHOOK_QUEUE_DIR environment
variable.
queue_limit
Optional
This configuration setting corresponds with the MINIO_NOTIFY_WEBHOOK_QUEUE_LIMIT environment
variable.
client_cert
Optional
This configuration setting corresponds with the MINIO_NOTIFY_WEBHOOK_CLIENT_CERT environment
variable.
client_key
Optional
This configuration setting corresponds with the MINIO_NOTIFY_WEBHOOK_CLIENT_KEY environment
variable.
comment
Optional
This configuration setting corresponds with the MINIO_NOTIFY_WEBHOOK_COMMENT environment
variable.
Active Directory / LDAP Identity Management
The following section documents settings for enabling external
identity management using an Active Directory or LDAP service. See minio-external-identity-management-ad-ldap for a
tutorial on using these configuration settings.
identity_ldap
The top-level key for configuring external identity management using Active Directory or LDAP
<minio-external-identity-management-ad-ldap>.
Use the mc admin config set to set or update the AD/LDAP
configuration. The following arguments are required:
~identity_ldap.server_addr~identity_ldap.lookup_bind_dn~identity_ldap.lookup_bind_password~identity_ldap.user_dn_search_base_dn~identity_ldap.user_dn_search_filter
mc admin config set identity_ldap \
enabled="true" \
server_addr="https://ad-ldap.example.net/" \
lookup_bind_dn="cn=miniolookupuser,dc=example,dc=net" \
lookup_bind_dn_password="userpassword" \
user_dn_search_base_dn="dc=example,dc=net" \
user_dn_search_filter="(&(objectCategory=user)(sAMAccountName=%s))"The identity_ldap configuration key supports the
following arguments:
server_addr
Required
This configuration setting corresponds with the MINIO_IDENTITY_LDAP_SERVER_ADDR environment
variable.
lookup_bind_dn
Required
This configuration setting corresponds with the MINIO_IDENTITY_LDAP_LOOKUP_BIND_DN environment
variable.
lookup_bind_password
Required
This configuration setting corresponds with the MINIO_IDENTITY_LDAP_LOOKUP_BIND_PASSWORD
environment variable.
user_dn_search_base_dn
Required
This configuration setting corresponds with the MINIO_IDENTITY_LDAP_USER_DN_SEARCH_BASE_DN
environment variable.
user_dn_search_filter
Required
This configuration setting corresponds with the MINIO_IDENTITY_LDAP_USER_DN_SEARCH_FILTER
environment variable.
enabled
Optional
Set to false to disable the AD/LDAP configuration.
If false, applications cannot generate STS credentials
or otherwise authenticate to MinIO using the configured provider.
Defaults to true or "enabled".
sts_expiry
Optional
This configuration setting corresponds with the MINIO_IDENTITY_LDAP_STS_EXPIRY environment
variable.
username_format
Optional
This configuration setting corresponds with the MINIO_IDENTITY_LDAP_USERNAME_FORMAT environment
variable.
group_search_filter
Optional
This configuration setting corresponds with the MINIO_IDENTITY_LDAP_GROUP_SEARCH_FILTER environment
variable.
group_search_base_dn
Optional
This configuration setting corresponds with the MINIO_IDENTITY_LDAP_GROUP_SEARCH_BASE_DN
environment variable.
tls_skip_verify
Optional
This configuration setting corresponds with the MINIO_IDENTITY_LDAP_TLS_SKIP_VERIFY environment
variable.
server_insecure
Optional
This configuration setting corresponds with the MINIO_IDENTITY_LDAP_SERVER_INSECURE environment
variable.
server_starttls
Optional
This configuration setting corresponds with the MINIO_IDENTITY_LDAP_SERVER_STARTTLS environment
variable.
comment
Optional
This configuration setting corresponds with the MINIO_IDENTITY_LDAP_COMMENT environment
variable.
OpenID Identity Management
The following section documents settings for enabling external
identity management using an OpenID Connect (OIDC)-compatible provider.
See minio-external-identity-management-openid for a
tutorial on using these configuration settings.
identity_openid
The top-level configuration key for configuring external identity management using OpenID <minio-external-identity-management-openid>.
Use mc admin config set to set or update the OpenID
configuration. The ~identity_openid.config_url argument is
required. Specify additional optional arguments as a whitespace
(" ")-delimited list.
mc admin config set identity_openid \
config_url="https://openid-provider.example.net/.well-known/openid-configuration"
[ARGUMENT="VALUE"] ... \The identity_openid configuration key supports the
following arguments:
config_url
Required
This configuration setting corresponds with the MINIO_IDENTITY_OPENID_CONFIG_URL environment
variable.
enabled
Optional
Set to false to disable the OpenID configuration.
Applications cannot generate STS credentials or otherwise
authenticate to MinIO using the configured provider if set to
false.
Defaults to true or "enabled".
client_id
Optional
This configuration setting corresponds with the MINIO_IDENTITY_OPENID_CLIENT_ID environment
variable.
client_secret
Optional
This configuration setting corresponds with the MINIO_IDENTITY_OPENID_CLIENT_SECRET environment
variable.
claim_name
Optional
This configuration setting corresponds with the MINIO_IDENTITY_OPENID_CLAIM_NAME environment
variable.
claim_prefix
Optional
This configuration setting corresponds with the MINIO_IDENTITY_OPENID_CLAIM_PREFIX environment
variable.
display_name
Optional
scopes
This configuration setting corresponds with the MINIO_IDENTITY_OPENID_SCOPES environment
variable.
redirect_uri
Optional
This configuration setting corresponds with the MINIO_IDENTITY_OPENID_REDIRECT_URI environment
variable.
redirect_uri_dynamic
Optional
This configuration setting corresponds with the MINIO_IDENTITY_OPENID_REDIRECT_URI_DYNAMIC
environment variable.
claim_userinfo
Optional
This configuration setting corresponds with the MINIO_IDENTITY_OPENID_CLAIM_USERINFO environment
variable.
vendor
Optional
This configuration setting corresponds with the MINIO_IDENTITY_OPENID_VENDOR environment
variable.
keycloak_realm
Optional
This configuration setting corresponds with the MINIO_IDENTITY_OPENID_KEYCLOAK_REALM environment
variable.
Requires identity_openid.vendor set to
keycloak.
keycloak_admin_url
Optional
This configuration setting corresponds with the MINIO_IDENTITY_OPENID_KEYCLOAK_ADMIN_URL
environment variable.
Requires identity_openid.vendor set to
keycloak.
comment
This configuration setting corresponds with the MINIO_IDENTITY_OPENID_COMMENT environment
variable.
Identity Management Plugin
The following section documents settings for enabling external
identity management using the MinIO Identity Management Plugin. See
minio-external-identity-management-plugin for a
tutorial on using these configuration settings.
identity_plugin
The top-level configuration key for enabling minio-external-identity-management-plugin.
Use mc admin config set to set or update the
configuration. The ~identity_plugin.url and ~identity_plugin.role_policy arguments are
required. Specify additional optional arguments as a whitespace
(" ")-delimited list.
mc admin config set identity_plugin \
url="https://external-auth.example.net:8080/auth" \
role_policy="consoleAdmin" \
[ARGUMENT=VALUE] ... \The identity_plugin configuration key supports the
following arguments:
url
Required
role_policy
Required
enabled
Optional
Set to false to disable the identity provider
configuration.
Applications cannot generate STS credentials or otherwise
authenticate to MinIO using the configured provider if set to
false.
Defaults to true or "enabled".
token
Optional
role_id
Optional
comment
Optional