Configuration: Security
-
The following configuration keys allow you to control the desired level of security in a RavenDB server.
To learn more about RavenDB's security features, see this security overview. -
In this page:
- Security.AuditLog:
Security.AuditLog.Compress
Security.AuditLog.FolderPath
Security.AuditLog.RetentionSizeInMb
Security.AuditLog.RetentionTimeInHours - Security.Certificate:
Security.Certificate.Change.Exec
Security.Certificate.Change.Exec.Arguments
Security.Certificate.Exec
Security.Certificate.Exec.TimeoutInSec
Security.Certificate.ExpiringThresholdInDays
Security.Certificate.LetsEncrypt.Email
Security.Certificate.Load.Exec
Security.Certificate.Load.Exec.Arguments
Security.Certificate.Password
Security.Certificate.Path
Security.Certificate.Renew.Exec
Security.Certificate.Renew.Exec.Arguments
Security.Certificate.Validation.Exec
Security.Certificate.Validation.Exec.Arguments
Security.Certificate.Validation.Exec.TimeoutInSec
Security.Certificate.Validation.KeyUsages - Security.Csrf:
Security.Csrf.AdditionalOriginHeaders
Security.Csrf.Enabled
Security.Csrf.TrustedOrigins - Security.MasterKey:
Security.MasterKey.Exec
Security.MasterKey.Exec.Arguments
Security.MasterKey.Exec.TimeoutInSec
Security.MasterKey.Path - Security.TwoFactor:
Security.TwoFactor.DefaultSessionDurationInMin
Security.TwoFactor.MaxSessionDurationInMin - Certificate and issuer validation:
Security.WellKnownCertificates.Admin
Security.WellKnownIssuerHashes.Admin
Security.WellKnownIssuers.Admin
Security.WellKnownIssuers.Admin.ValidateCertificateNames - Other:
Security.DisableHsts
Security.DisableHttpsRedirection
Security.DoNotConsiderMemoryLockFailureAsCatastrophicError
Security.TlsCipherSuites
Security.UnsecuredAccessAllowed
- Security.AuditLog:
Security.AuditLog.Compress
Determine whether to compress the audit log files.
- Type:
bool
- Default:
false
- Scope: Server-wide only
Security.AuditLog.FolderPath
The folder path where RavenDB stores audit log files.
Setting the path enables writing to the audit log.
- Type:
string
- Default:
null
- Scope: Server-wide only
Security.AuditLog.RetentionSizeInMb
The maximum total size of audit log files in megabytes, after which older files will be deleted.
No log files will be deleted if this configuration is not set.
- Type:
int
- Default:
null
- MinValue:
256
- Scope: Server-wide only
Security.AuditLog.RetentionTimeInHours
Security.AuditLog.RetentionTimeInHrs
The number of hours audit logs are kept before they are deleted.
- Type:
int
- Default:
365 * 24
- Scope: Server-wide only
Security.Certificate.Change.Exec
A command or executable that handles cluster certificate changes.
This executable allows you to implement your own custom logic for persisting the new certificate on all nodes.
Note: it will only be triggered if Security.Certificate.Path is not defined.
- Type:
string
- Default:
null
- Scope: Server-wide only
Security.Certificate.Change.Exec.Arguments
The command line arguments for the Security.Certificate.Change.Exec command or executable.
- Type:
string
- Default:
null
- Scope: Server-wide only
Security.Certificate.Exec
Deprecated.
Use Security.Certificate.Load.Exec
along with Security.Certificate.Renew.Exec
and Security.Certificate.Change.Exec instead.
Security.Certificate.Exec.TimeoutInSec
- The number of seconds to wait for the certificate executables to exit.
- Applies to:
- Type:
int
- Default:
30
- Scope: Server-wide only
Security.Certificate.ExpiringThresholdInDays
The number of days before certificate expiration when it will be considered expiring.
- Type:
int
- Default:
14
- Scope: Server-wide only
Security.Certificate.LetsEncrypt.Email
The E-mail address associated with the Let's Encrypt certificate.
Used for renewal requests.
- Type:
string
- Default:
null
- Scope: Server-wide only
Security.Certificate.Load.Exec
-
A command or executable that provides the
.pfx
cluster certificate when invoked by RavenDB.
If specified, RavenDB will use HTTPS/SSL for all network activities. -
The Security.Certificate.Path setting takes precedence over this executable.
-
Learn more in get certificate via loader.
- Type:
string
- Default:
null
- Scope: Server-wide only
Security.Certificate.Load.Exec.Arguments
The command line arguments for the Security.Certificate.Load.Exec command or executable.
- Type:
string
- Default:
null
- Scope: Server-wide only
Security.Certificate.Password
The (optional) password of the .pfx certificate file.
- Type:
string
- Default:
null
- Scope: Server-wide only
Security.Certificate.Path
The path to the .pfx
certificate file. If specified, RavenDB will use HTTPS/SSL for all network activities.
Certificate setting priority order:
1. Path
2. Executable
- Type:
string
- Default:
null
- Scope: Server-wide only
Security.Certificate.Renew.Exec
-
A command or executable that handles automatic renewals, providing a renewed
.pfx
cluster certificate. -
The leader node will invoke this executable once every hour, and if a new certificate is received,
it will be sent to all other nodes. -
The executable specified in Security.Certificate.Change.Exec will then be used to persist the certificate across the cluster on all nodes.
- Type:
string
- Default:
null
- Scope: Server-wide only
Security.Certificate.Renew.Exec.Arguments
The command line arguments for the Security.Certificate.Renew.Exec command or executable.
- Type:
string
- Default:
null
- Scope: Server-wide only
Security.Certificate.Validation.Exec
EXPERT ONLY:
A command or executable to validate a server authentication request.
RavenDB will execute: command [user-arg-1] ... [user-arg-n] <sender-url> <base64-certificate> <errors>
.
The executable will return a case-insensitive boolean string through the standard output (e.g. true, false) indicating whether to approve the connection.
- Type:
string
- Default:
null
- Scope: Server-wide only
Security.Certificate.Validation.Exec.Arguments
EXPERT ONLY:
The optional user arguments for the Security.Certificate.Validation.Exec command or executable.
The arguments must be escaped for the command line.
- Type:
string
- Default:
null
- Scope: Server-wide only
Security.Certificate.Validation.Exec.TimeoutInSec
The number of seconds to wait for the Security.Certificate.Validation.Exec executable to exit.
- Type:
int
- Default:
5
- Scope: Server-wide only
Security.Certificate.Validation.KeyUsages
EXPERT ONLY:
Indicates if 'KeyUsage' validation of certificates should be turned on or off.
- Type:
bool
- Default:
true
- Scope: Server-wide only
Security.Csrf.AdditionalOriginHeaders
Specify additional request headers that RavenDB will check for the Origin of a request.
For example: X-Forwarded-Host
.
- Type:
string[]
- Default:
null
- Scope: Server-wide only
Security.Csrf.Enabled
Indicates whether the Cross-Site Request Forgery (CSRF) protection is enabled in RavenDB.
- Type:
bool
- Default:
true
- Scope: Server-wide only
Security.Csrf.TrustedOrigins
List of Trusted Origins for CSRF filter.
Requests from these origins will be allowed without triggering CSRF checks.
- Type:
string[]
- Default:
null
- Scope: Server-wide only
Security.MasterKey.Exec
A command or executable that RavenDB will run to obtain a 256-bit Master Key.
If specified, RavenDB will use this key to protect secrets.
- Type:
string
- Default:
null
- Scope: Server-wide only
Security.MasterKey.Exec.Arguments
The command line arguments for the Security.MasterKey.Exec command or executable.
- Type:
string
- Default:
null
- Scope: Server-wide only
Security.MasterKey.Exec.TimeoutInSec
The number of seconds to wait for the Master Key executable to exit.
- Type:
int
- Default:
30
- Scope: Server-wide only
Security.MasterKey.Path
The file path to a (256-bit) Master Key.
If specified, RavenDB will use this key to protect secrets.
- Type:
string
- Default:
null
- Scope: Server-wide only
Security.TwoFactor.DefaultSessionDurationInMin
The default duration of a two-factor authentication (2FA) session, in minutes.
After successfully completing the 2FA process, the session will remain active for this duration before requiring re-authentication.
- Type:
int
- Default:
120
- Scope: Server-wide only
Security.TwoFactor.MaxSessionDurationInMin
The maximum duration of a two-factor authentication (2FA) session, in minutes.
This duration takes precedence over the default duration setting.
- Type:
int
- Default:
1440
- Scope: Server-wide only
Security.WellKnownCertificates.Admin
Specify well known certificate thumbprints that will be trusted by the server as cluster admins.
- Type:
string[]
orstring with thumbprints values separated by ;
- Example:
"297430d6d2ce259772e4eccf97863a4dfe6b048c;e6a3b45b062d509b3382282d196efe97d5956ccb"
- Default:
null
- Scope: Server-wide only
Security.WellKnownIssuerHashes.Admin
OBSOLETE.
This is no longer supported or used.
Use Security.WellKnownIssuers.Admin instead.
Security.WellKnownIssuers.Admin
Specify well-known issuer certificates in Base64 format or provide file paths to the certificate files.
This will be used to validate a new client certificate when the issuer's certificate changes.
- Type:
string[]
orstring with values separated by ;
- Default:
null
- Scope: Server-wide only
Security.WellKnownIssuers.Admin.ValidateCertificateNames
Determine whether the server will validate the subject alternative names (SANs) of well-known issuer certificates against the server's domain name.
- Type:
bool
- Default:
false
- Scope: Server-wide only
Security.DisableHsts
Disable HTTP Strict Transport Security (HSTS) on the server.
- Type:
bool
- Default:
false
- Scope: Server-wide only
Security.DisableHttpsRedirection
Disable automatic redirection when listening to HTTPS.
By default, when using port 443, RavenDB redirects all incoming HTTP traffic on port 80 to HTTPS on port 443.
- Type:
bool
- Default:
false
- Scope: Server-wide only
Security.DoNotConsiderMemoryLockFailureAsCatastrophicError
EXPERT ONLY:
Determines whether RavenDB will consider memory lock error to be catastrophic. This is used with encrypted databases to ensure that temporary buffers are never written to disk and are locked to memory.
Setting this to true is Not recommended and should be done only after proper security analysis has been performed.
- Type:
bool
- Default:
false
- Scope: Server-wide or per database
Security.TlsCipherSuites
EXPERT ONLY:
Defines a list of supported TLS Cipher Suites.
Values must be semicolon separated.
- Type:
TlsCipherSuite[]
- Example:
TLS_RSA_WITH_RC4_128_MD5;TLS_RSA_WITH_RC4_128_SHA
- Default:
null
(Operating System defaults) - Scope: Server-wide only
Security.UnsecuredAccessAllowed
If authentication is disabled, set the address range type for which server access is unsecured
(None | Local | PrivateNetwork | PublicNetwork
).
- Type:
enum UnsecuredAccessAddressRange
- Default:
Local
- Scope: Server-wide only