Zum Hauptinhalt springen
Version: 2025.2.x

Configuration / Environment Variables

Configuration parameters are a central aspect of setting up DMC. They control not only basic settings but also database configuration, authentication, and styling.

Parameters can be set in three ways:

  1. As environment variables (DMC_...). This option is particularly relevant for deployments in Docker containers.
  2. As parameters in a .properties file. In this case, at least the path to the file must be provided in the environment variable DMC_CONFIGURATION.
  3. In a standalone deployment, parameters can also be passed directly on the command line: java -jar dmc.war --DMC_LOG_LEVEL=TRACE
Protecting the Configuration

The configuration (environment variables / configuration file) contains sensitive data such as the credentials of the technical database user or the application administrator password. This data must be protected appropriately outside DMC as well.

For a configuration file, this may include restrictive read permissions limited to the system user under which DMC runs. For environment variables in a container, restricting access to the container itself is one option.

Example

Environment variable DMC_CONFIGURATION=C:/config/dmc.properties

C:/config/dmc.properties
DMC_LOG_LEVEL=DEBUG
DMC_LICENSE_PATH=C:/config/dmc-license.lic
DMC_SALT=someRandomStringOfArbitraryLength

# For development purposes only - see note below!
DMC_AUTH=db
DMC_ADMIN_PASSWORD.adminPassword=yourpasswordhere

DMC_DB_JDBC_URL=jdbc:sqlserver://db-host.net:1433;database=dmc-db
DMC_DB_SCHEMA=dbo
DMC_DB_USER=dmc-test-user
DMC_DB_PASSWORD=yourpasswordhere
DMC_DB_TYPE=mssql
DMC_DB_DRIVER=com.microsoft.sqlserver.jdbc.SQLServerDriver
DMC_SCHEMA_UPDATE=true
DMC_SCHEMA_CONTEXTS=schema,baseContent,adminUser
(...)
hinweis

In the Docker and Compose files, some variables are already preconfigured. The remaining variables are listed in the dmc.env file.

IMPORTANT

Both the names of environment variables and the keys in a .properties file are case-sensitive and must be specified exactly as shown!

The following variables/parameters are available:

Basic Settings

Basic Settings
DMC_SALTSalt value (used for e.g. password hashing)
DMC_LICENSEDMC license key (Base64-encoded)
DMC_LICENSE_PATHPath to the license file (including filename) : ignored if DMC_LICENSE is set
DMC_SECURE_COOKIEControls whether DMC session cookies are "secure" (i.e. HTTPS only). Defaults to true, which can cause issues when running DMC without HTTPS : in that case set this to false.
DMC_CORS_ALLOWED_ORIGINSHostnames from which DMC may be accessed (e.g. an alternative frontend host or a reporting server for annotations). Multiple hostnames can be provided as a comma-separated list. Wildcards (*) are supported. Example: *.infomotion.de or test.infomotion.de,dev.infomotion.de
NOTE: enabling CORS automatically sets cookies to secure : HTTPS is then mandatory!
DMC_EXPOSE_SESSIONID_FOR_USERSControls for which users the server returns the session ID in plaintext to the browser upon login.
Normally the session ID is only sent as a secured cookie to prevent theft via malicious browser JavaScript.
In certain special cases (e.g. when DMC is integrated as an annotation backend in reporting solutions) the session ID must be accessible via JavaScript.
Accepts a comma-separated list of usernames (e.g. names of technical users for annotation) or * as a wildcard for all users.

Authentication & Authorization

Authentication / Authorization
DMC_AUTHAuthentication method(s), comma-separated list (ad, openId, db : see note below).
DMC_ADMIN_PASSWORDResets the admin user's password (if present) to the given value on application startup : the password must be provided in plain text here!
DMC_ADMIN_GROUPAdministrator group name, defaults to "admin"
DMC_ROLE_MAPPINGOptional fixed mapping in JSON format from external roles (AD or OpenID groups, Snowflake roles) to DMC internal user groups.
DMC_ROLE_MAPPING_FILEOptional path to a JSON file containing fixed role mappings (see above)
Built-in DB Authentication

The built-in authentication (DMC_AUTH=db) does not support password policies or multi-factor authentication.

We strongly advise against using this authentication method outside of development or test environments!

Where possible, and especially for production environments, authentication via Active Directory/LDAP or OpenID/Entra should be used.

Standalone Deployment

The following variables are only relevant for the standalone deployment without an external Tomcat application server. They configure the embedded application server:

Standalone Deployment
DMC_PORTTCP port on which the embedded application server accepts connections. (Default: 8080)
DMC_SESSION_TIMEOUTSession timeout for the embedded application server. (Default: 20 minutes)
DMC_SSL_ENABLESet to true to enable SSL/HTTPS encryption for the embedded application server. In this case it is recommended to set DMC_PORT to 443 or 8443. Certificates must also be configured (see below).
DMC_SSL_PEM_CERTIFICATEPublic part of the server certificate. See Notes on Certificates below.
DMC_SSL_PRIVATE_KEYPrivate key of the server certificate. See Notes on Certificates below.
DMC_SSL_PRIVATE_KEY_PASSWORDPassword for the private key, if encrypted.

Logging

Logging
DMC_LOG_PATHPath to the log file : if not set, logs are written to STDOUT
DMC_LOG_STDOUTSet to true to enable logging to STDOUT. Automatically true if no DMC_LOG_PATH is defined, otherwise defaults to false.
DMC_LOG_LEVELLog verbosity level (Default: INFO; also available: DEBUG, TRACE, WARN, ERROR)
DMC_LOG_LEVEL_ADLog verbosity for LDAP/AD integration (Default: same as DMC_LOG_LEVEL; also available: DEBUG, TRACE, WARN, ERROR)
DMC_LOG_LEVEL_OPENIDLog verbosity for OpenID integration (Default: same as DMC_LOG_LEVEL; also available: DEBUG, TRACE, WARN, ERROR)
DMC_LOG_PATTERNFormat/structure of log entries
DMC_LOG_CHARSETCharacter set for the log file (Default: UTF-8)
DMC_LOG_BUFFER_SIZEBuffer size for the Actuator REST endpoint log. (Default: 1000)
Logging of Sensitive Data

When log settings (DMC_LOG_LEVEL, DMC_LOG_LEVEL_AD, DMC_LOG_LEVEL_OPENID) are set to DEBUG or TRACE, sensitive or personal data (in particular usernames and role assignments) may be logged.

In this case, appropriate measures must be taken to adequately protect the contents of the log files and/or the application or container output. If personal data is logged, data protection regulations must also be observed.

Database

Database Configuration
DMC_DB_TYPEDatabase type (mssql, oracle, postgres, h2)
DMC_DB_DRIVERMatching JDBC driver class
DMC_DB_JDBC_URLJDBC URL
DMC_DB_USERDatabase username
DMC_DB_PASSWORDDatabase password
DMC_DB_SCHEMADatabase schema
DMC_SCHEMA_UPDATEControls whether the DMC data model should be updated automatically on startup.
Defaults to false, but should generally be set to true
DMC_SCHEMA_CONTEXTSComma-separated list defining which content should be deployed once to the database (typically schema,baseContent; optionally adminUser to create an admin/admin user)
DMC_TIMEZONESets the database timezone for change timestamps. Default: Central European Standard Time.
Note: Only relevant for MSSQL e.g. Azure SQL Databases do not support timezone configuration natively.
DMC_DB_BULK_LOAD_STRATEGYLoad strategy for large data sets (SingleBatch, Batched, or AsyncBatched)
DMC_DB_BULK_LOAD_BATCH_SIZEBatch/packet size for Batched and AsyncBatched load strategies
DMC_DB_BULK_LOAD_ASYNC_POOL_SIZENumber of threads for parallel loading

LDAP/AD Authentication

Only applicable when DMC_AUTH is set to ad.

LDAP/AD Authentication
DMC_LDAP_URLURL of the LDAP server (e.g. ldap://ldap.example.com:389 or ldaps://ldap.example.com:663)
DMC_LDAP_USERNAMEUsername with read access to the LDAP server (for querying groups)
DMC_LDAP_PASSWORDPassword for the LDAP user
DMC_LDAP_SEARCH_BASEDN of the starting point for user searches (e.g. ou=Users,dc=example,dc=com)
DMC_LDAP_SEARCH_FILTERFilter for user searches, defaults to (&(objectClass=user)(sAMAccountName=%s))
DMC_LDAP_USERNAME_ATTRIBUTEAttribute containing the username, defaults to sAMAccountName for Active Directory
DMC_LDAP_DEFAULT_DOMAINDefault domain for usernames
DMC_LDAP_PEM_CERTIFICATEPublic certificate of the LDAP/AD server or its issuing CA. See Notes on Certificates below.
DMC_LDAP_BIND_DN_TEMPLATEIf an LDAP server (unlike AD) requires a full DN for login, this template can be used to construct a DN from the username.
Example: cn=%s,ou=users,dc=example,dc=com

OpenID Authentication

Only applicable when DMC_AUTH is set to openId.

OpenID Authentication
DMC_OPENID_ISSUERFor Microsoft: https://login.microsoftonline.com/{Tenant}/v2.0
DMC_OPENID_DISCOVERY_URLFor Microsoft: https://login.microsoftonline.com/{Tenant}/v2.0/.well-known/openid-configuration
DMC_OPENID_CLIENT_IDThe client ID of the app registration
DMC_OPENID_JWKS_URLFor Microsoft: https://login.microsoftonline.com/{Tenant}/discovery/v2.0/keys
DMC_OPENID_USER_INFO_URLFor Microsoft: https://graph.microsoft.com/oidc/userinfo
DMC_OPENID_USERNAME_CLAIMDefaults to preferred_username
DMC_OPENID_ROLES_CLAIMFor Microsoft: groups
DMC_OPENID_SCOPEDefaults to openid email profile (without quotes)
DMC_OPENID_KEEP_CLAIM_ROLESAdopt roles/groups from OpenID directly as DMC roles without mapping, defaults to false
DMC_OPENID_MAP_CLAIM_ROLESMap roles/groups from OpenID to DMC roles via role mapping, defaults to true
DMC_OPENID_LOGIN_LABELThe label shown for the OpenID login option in the UI. Defaults to "OpenId"

Mail Settings

Settings for outgoing email, for example sent by QS mail tasks.

Mail Settings
DMC_MAIL_HOSTNAMEHostname of the mail server (SMTP)
DMC_MAIL_PORTPort of the mail server (SMTP), defaults to 25
DMC_MAIL_TLSSet to true to contact the mail server via TLS, defaults to false
DMC_MAIL_USERNAMEUsername for the mail server
DMC_MAIL_PASSWORDPassword for the mail server
DMC_MAIL_FROM_ADDRESSSender address for emails sent by DMC

Deployment Settings

These settings relate to Deployment. They allow extensive customization of the folder and file structure generated when exporting DMC content.

Deployment Settings
DMC_EXPORT_INCLUDE_UUID_IN_PATHWhether to include the UUID in filenames when exporting objects (Default: true)
DMC_EXPORT_PATH_DOMAINPath for value lists within an exported deployment set
DMC_EXPORT_PATH_CATEGORYPath for categories within an exported deployment set
DMC_EXPORT_PATH_TABLEPath for tables within an exported deployment set
DMC_EXPORT_PATH_COMMANDPath for commands within an exported deployment set
DMC_EXPORT_PATH_QS_RULEPath for QS rules within an exported deployment set
DMC_EXPORT_PATH_DEPLOYMENT_SETPath for deployment sets within an exported deployment set
DMC_EXPORT_PATH_TASKPath for tasks within an exported deployment set
DMC_EXPORT_PATH_DELETED_DOMAINPath for deleted value lists within an exported deployment set
DMC_EXPORT_PATH_DELETED_CATEGORYPath for deleted categories within an exported deployment set
DMC_EXPORT_PATH_DELETED_TABLEPath for deleted tables within an exported deployment set
DMC_EXPORT_PATH_DELETED_COMMANDPath for deleted commands within an exported deployment set
DMC_EXPORT_PATH_DELETED_QS_RULEPath for deleted QS rules within an exported deployment set
DMC_EXPORT_PATH_DELETED_DEPLOYMENT_SETPath for deleted deployment sets within an exported deployment set
DMC_EXPORT_PATH_DELETED_TASKSPath for deleted tasks within an exported deployment set
DMC_DEPLOY_TABLE_USER_PERMISSIONSWhether to export user permissions together with tables (Default: true)
DMC_DEPLOY_TABLE_ROLE_PERMISSIONSWhether to export role permissions together with tables (Default: true)
DMC_SNAPSHOTS_PATHPath of the ZIP file when creating a snapshot
DMC_IMPORT_DEMO_CONTENTWhether to load demo content into DMC on startup (Default: false).
Note: currently only compatible with MSSQL.
DMC_IMPORT_ADDITIONAL_CONTENT_PATHPath to additional content that should be loaded on the initial DMC startup

Theme Settings

info

The frontend only accepts six-digit hexadecimal color values (e.g. #fafafa). Any other format will be ignored.

Theme Settings
DMC_THEME_PRIMARYPrimary theme color
DMC_THEME_ACCENTAccent color
DMC_THEME_MAIN_BGMain background color
DMC_THEME_SEC_BGSecondary background color
DMC_THEME_ERRORColor for errors
DMC_THEME_WARNColor for warnings
DMC_THEME_INFOColor for informational messages
DMC_THEME_VALIDColor for valid input
DMC_THEME_HEAD1Heading color 1
DMC_THEME_HEAD2Heading color 2
DMC_THEME_HEAD3Heading color 3
DMC_THEME_NAV_TEXTColor of navigation entries
DMC_THEME_ICONColor of special icons (controls use DMC_THEME_PRIMARY)
DMC_THEME_CONTRAST_LIGHTLight contrast color
DMC_THEME_CONTRAST_DARKDark contrast color
DMC_THEME_LOGO_PATHPath to the logo file
DMC_THEME_ICON_PATHPath to the icon file
DMC_THEME_TITLEApplication title

Tasks & Triggers

Tasks & Triggers
DMC_TASKS_CRON_POOL_SIZENumber of threads used for scheduled task execution
DMC_TASKS_QS_MAIL_TEMPLATE_FILEPath to the template file for QS mail tasks

Additional Variables

Additional Variables
DMC_TRIM_ALL_PKSSet to true to automatically trim leading/trailing whitespace from values in primary key columns. (Default: false)
DMC_TRIM_ALL_NON_PKSSet to true to automatically trim leading/trailing whitespace from values in non-primary-key columns. (Default: false)
DMC_TRIM_ALLSet to true to automatically trim leading/trailing whitespace from values in all columns. (Default: false)
DMC_APP_EXPORT_TECHNICAL_COLUMN_NAMESWhether to use technical column names instead of DMC column names in CSV/XLSX exports (Default: false)
DMC_APP_UPLOAD_PATHTemporary folder for CSV/XLSX uploads
DMC_DB_SQL_PER_BYTE_CHARDivisor for converting bytes per character to the allowed character length (Default: 1)
DMC_ENABLE_ACTUATOR_ENVSet to false to disable the Actuator REST endpoint env.
DMC_ENABLE_ACTUATOR_LOGSet to false to disable the Actuator REST endpoint log.
DMC_ENABLE_OPENAPISet to true to enable the built-in API documentation (/api/docs.yaml, /swagger-ui)

Snowflake

Only relevant for DMC on Snowflake/Snowpark deployments.

Connection

Connection
SNOWFLAKE_ACCOUNTSnowflake account identifier (required)
SNOWFLAKE_HOSTSnowflake host (required)
SNOWFLAKE_DATABASESnowflake database (required)
SNOWFLAKE_SCHEMASnowflake schema (required)
SNOWFLAKE_USERNAMESnowflake username (required except for OAuth)
SNOWFLAKE_WAREHOUSESnowflake warehouse to use
SNOWFLAKE_QUERY_TAGQuery tag attached to Snowflake queries. (Default: DMC)
SNOWFLAKE_TRACINGTracing level for the Snowflake JDBC driver. (Default: OFF)

Authentication

DMC supports three authentication methods against Snowflake. The method is selected automatically based on which variables are set:

  1. JWT: if SNOWFLAKE_PRIVATE_KEY_FILE is set
  2. OAuth: if neither SNOWFLAKE_PRIVATE_KEY_FILE nor SNOWFLAKE_PASSWORD are set
  3. Password: if SNOWFLAKE_PASSWORD is set (and no private key file)
Authentication
SNOWFLAKE_PASSWORDSnowflake password (password authentication)
SNOWFLAKE_PRIVATE_KEY_FILEPath to the private key file (JWT authentication)
SNOWFLAKE_PRIVATE_KEY_PWDPassword for the private key file, if encrypted (JWT authentication)

Synchronization

Synchronization
DMC_SNOWFLAKE_REPLICATIONEnables data synchronization into the Snowflake schema. Must be set to true.
DMC_SNOWFLAKE_MAX_DELAYMaximum replication delay in milliseconds. (Default: 10000)
DMC_SNOWFLAKE_MERGE_INLINE_THRESHOLDNumber of terminated records below which an inline merge is used instead of a temp-table merge. (Default: 1000)
DMC_SNOWFLAKE_INSERT_CHUNK_SIZEBatch size for streaming new records into Snowflake during synchronization. (Default: 250000)

Notes on Certificates

Certificates can be provided as a path to a PEM file. Alternatively, the file content (i.e. the certificate itself) can be passed directly as a multi-line value:

DMC_SSL_PEM_CERTIFICATE=file:/path/to/pem.crt
## or
DMC_SSL_PEM_CERTIFICATE="-----BEGIN CERTIFICATE-----
(...)
-----BEGIN CERTIFICATE-----"

If the certificate was signed by a custom CA, the PEM file must contain the full chain (server certificate + CA certificate):

-----BEGIN CERTIFICATE-----
(... server certificate ...)
-----BEGIN CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(... CA certificate ...)
-----BEGIN CERTIFICATE-----

Private Keys

Private keys can also be provided either as a path to a PEM file or directly (multi-line) as a variable value:

DMC_SSL_PRIVATE_KEY=/path/to/pem.key
## or
DMC_SSL_PRIVATE_KEY="-----BEGIN PRIVATE KEY-----
(...)
-----BEGIN PRIVATE KEY-----"

Optionally, the private key can be protected with a passphrase : however, DMC must also have access to it:

DMC_SSL_PRIVATE_KEY="-----BEGIN ENCRYPTED PRIVATE KEY-----
(...)
-----BEGIN ENCRYPTED PRIVATE KEY-----"
DMC_SSL_PRIVATE_KEY_PASSWORD="(...)"