Skip to content

Okera Configuration Parameter Reference

The following table describes the configuration parameters you can use in Okera's configuration file.

Parameter
Description
APPLY_INVERSE_MAP_ON_WRITE Indicates whether the cluster should invert the bucket names when a write is attempted on a follower cluster in an active/active environment. Valid values are true(bucket names are inverted) or false(bucket names are not inverted). Follower clusters should always set this to true; primary clusters should always set this to false. There is no default.
AUDIT_LOGS_SYNC_FREQUENCY_MINS Defines the frequency at which Okera synchronizes audit logs. Valid values range from 1 minute to 180 minutes (3 hours). When not specified, the default is 30 minutes. If you specify a value larger than 180 minutes, Okera defaults to 180 minutes.
AUTOTAGGER_CONFIGURATION Specifies the JSON file that contains autotagging rules for Okera. The valid setting for this is the path to a JSON file that contains the rules for autotagging. Okera is distributed with an autotagging JSON file automatically at /opt/okera/data/autotagger-config-wellknowns.json.
AWS_USE_IMDS_V2 Enables or disables the use of AWS Instance Metadata Service version 2 (IMDSv2). Valid values are true (enable use of IMDSv2) or false (disable use of IMDSv2). The default is false. If IMDSv2 is enabled, the EC2 instance metadata option HttpPutResponseHopLimit must be greater than 1.
BLOCK_WEB_UI_FOR_MOBILE_CLIENTS Enables or disables blocking of the Okera UI on mobile devices and tablets. Valid values for this parameter are true (the UI is blocked on mobile devices and tablets) and false (the UI is not blocked on mobile devices and tablets). The default is false.
BUCKET_TO_ROLE_MAP_FILE Specifies the path to the file that should be used for Amazon S3 assume secondary role support.
CATALOG_ADMINS Defines a list of Okera system administrators. Specify the Okera user names in a comma-separated list and specify the list (if there is more than one administrator) in quotes. In this example, users jane and mike are defined as system administrators: CATALOG_ADMINS: "jane,mike". By default, user admin is always a system administrator.
CATALOG_DB_CLIENT_CERT If you are using mutual, or two-way authentication, this parameter specifies the TLS certificate for the MySQL database client used for Okera metadata storage. This parameter is only needed for TLS support.
CATALOG_DB_CLIENT_CERT_KEY If you are using mutual, or two-way authentication, this parameter specifies the private key for the MySQL client TLS certificate. This parameter is only needed for TLS support.
CATALOG_DB_CONN_PARAMS Specifies optional parameters for the Okera database URL specified in the CATALOG_DB_URL parameter. Valid Postgres parameters are described in the Postgres documentation. Valid MySQL parameters are described in the MySQL documentation.
CATALOG_DB_ENGINE Defines the Hive metastore (HMS) database engine type. Valid values are mysql and postgres. For example, CATALOG_DB_ENGINE: mysql or CATALOG_DB_ENGINE: postgres.
CATALOG_DB_HMS_DB Defines the name of an existing Hive metastore (HMS) database for use with Okera. Okera will use the existing HMS objects in the HMS. See Database Configuration.
CATALOG_DB_OKERA_DB Defines the name of an existing database in the Okera Hive metastore where Okera stores metadata. See Database Configuration.
CATALOG_DB_PASSWORD Defines the password, preferably using secrets, for the HMS database. Okera does not recommend specifying plain text passwords in configuration files.
CATALOG_DB_SENTRY_DB Defines the name of an existing Sentry database in the Okera Hive metastore where Okera stores metadata. Okera requires read and write access to this database. See Database Configuration.
CATALOG_DB_SERVER_CERT Specifies the SSL/TLS certificate for the MySQL or Postgres database server used to store Okera metadata.
CATALOG_DB_SSL Indicates whether SSL or TLS support is enabled for the MySQL or Postgres database used for Okera metadata storage. Set this parameter to "true" to enable configurable SSL or TLS support or false to disable SSL or TLS support. The default value is "false".
CATALOG_DB_URL Defines the URL to your Okera Hive metastore.
CATALOG_DB_USER Defines the user name that should be used to access you Okera Hive metastore.
CATALOG_DB_USERS_DB Defines the name of an existing database in the Okera Hive metastore where Okera stores metadata. See Database Configuration.
CLUSTER_LABEL Specifies a label name for the Okera cluster. For example, CLUSTER_LABEL: dev.
CLUSTER_NAME Specifies a name for the Okera cluster. For example, CLUSTER_NAME: Dev Cluster.
CUSTOM_GROUP_RESOLVERS For example, CUSTOM_GROUP_RESOLVERS: <java-path1>, <java-path2>.
DELTA_TABLE_NATIVE_SUPPORT Selects the type of Delta Lake table support for the entire Okera cluster. Valid values for this parameter are true (use native support) and false (use the original manifest-required support). The default is false.
ENABLE_DENY One of three configuration properties that must be set to true to enable safeguard policy functionality in Okera. Valid values are true and false. The default is false.
ENABLE_HMS_2_SCHEMA Enables and disables use of the HMS v2 schema. Valid values are true (use the HMSv2 schema) and false (use the HMS v1 schema). The default is false.
ENABLE_LEGACY_URI_CHECKS Enables and disables the ALL grant requirement for the CREATE TABLE and ALTER TABLE SET LOCATION statements. Valid values are true (require an ALL grant) and false (do not require an ALL grant). The default is false.
ENABLE_PARAMETRIZED_GRANTS Enables and disables the ability to reference dynamic parameters in URI, database, and table grants. Valid values are true (you can reference dynamic parameters) and false (you cannot reference dynamic parameters). The default is false.
ENABLE_PARAMETRIZED_URI_GRANTS Enables and disables the ability to reference dynamic parameters in a URI when doing a permission grant. Valid values are true (you can reference dynamic parameters) and false (you cannot reference dynamic parameters). The default is false.
ENABLE_POLICY_PROPERTIES One of three configuration properties that must be set to true to enable safeguard policy functionality in Okera. Valid values are true and false. The default is false.
ENABLE_ROLE_PROPERTIES One of three configuration properties that must be set to true to enable safeguard policy functionality in Okera. Valid values are true and false. The default is false.
ENABLE_TASK_ENCRYPTION Enables nScale task encryption. Valid values are true and false. When this is set to true and the TASK_ENCRYPTION_KEY configuration parameter is not specified, Okera attempts to use the JWT_PRIVATE_KEY configuration parameter setting, if it is specified. If neither are specified, an error occurs. See Configuration File Encryption Settings for nScale.
ENABLE_USERS_FILE Enables and disables the use of a user's file. This parameter is reserved for use by Okera for demos and should not be used in customer production environments. Valid values are true and false. The default is false.
EXTERNAL_OKERA_SECURE_POLICY_DB Specifies the database in which Okera's supplied user-defined functions (UDFs) are stored. If this parameter is not specified, the default OKERA_UDFS is used.
EXTERNAL_OKERA_SECURE_POLICY_SCHEMA Specifies the schema in which Okera's supplied user-defined functions (UDFs) are stored. If this parameter is not specified, the default PUBLIC is used.
GO_ACCESS_PROXY_CACHE_LOG_PERIOD Defines the period, in seconds, at which OkeraEnsemble logs assumed role credential cache statistics. The default is 0 (zero) seconds, which disables logging. When this parameter is set to any value greater than zero, logging occurs at the time intervals specified by this parameter.
GROUP_RESOLUTION_GOOGLE_APPLICATION_CREDENTIALS Provides the fully qualified path to a credentials JSON file for a GCP service account with appropriate admin privileges. The path can be a container path (the JSON file is mounted to the container by Kubernetes), an S3 (s3:) path, or an ADLS (adl:) path. This configuration parameter is used in conjunction with the GSUITE_GROUP_ADMIN_EMAIL and GROUP_RESOLVER_SCRIPTS configuration settings to provide group resolution in Google Cloud Platform (GCP) environments. See Sample GCP Group Resolution Script.
GROUP_RESOLVER_LDAP_BASE_DN Specifies the base distinguised name (DN) to use for LDAP group resolution, if the username appears in the DN.
GROUP_RESOLVER_LDAP_GROUP_BASE_DN Specifies the base DN (distinguished name) for groups during group resolution. The LDAP server will use this base DN in its group searches during authentication processing.
GROUP_RESOLVER_LDAP_GROUP_SEARCH_FILTER Specifies the group search filter used to limit LDAP queries to only return group-type objects during LDAP group resolution.
GROUP_RESOLVER_LDAP_HOST Specifies the URL for the LDAP server to use for group resolution.
GROUP_RESOLVER_LDAP_MEMBER_FIELD_NAME Specifies an LDAP user name to limit the search to only groups in which the user is a member.
GROUP_RESOLVER_LDAP_PASSWORD Specifies the service account password used for LDAP group resolution. The LDAP username and password can be specified as clear text (plaintext). However, Okera discourages the use of clear text. Okera recommends, instead, the use of secret files with the Okera configuration parameters set to the paths to secret files.
GROUP_RESOLVER_LDAP_PORT Specifies the port number of the LDAP server to use for group resolution. Port values are typically 389 (non-SSL connections) or 636 (SSL connections).
GROUP_RESOLVER_LDAP_USE_SSL Enables and disables SSL use for LDAP group resolution. Valid values are true (enable SSL) and false (disable SSL).
GROUP_RESOLVER_LDAP_USER_BASE_DN Specifies the base DN (distinguished name) for users during group resolution. The LDAP server will use this base DN in its user searches during authentication processing.
GROUP_RESOLVER_LDAP_USER_SEARCH_FILTER Specifies the user search filter used to limit LDAP queries to only return group-type objects during LDAP group resolution.
GROUP_RESOLVER_LDAP_USER Specifies the service account username used for LDAP group resolution. The LDAP username and password can be specified as clear text (plaintext). However, Okera discourages the use of clear text. Okera recommends, instead, the use of secret files with the Okera configuration parameters set to the paths to secret files.
GROUP_RESOLVER_SCRIPTS Specifies the paths to the group resolver scripts. Paths can be a local file, an S3 path, or an ADLS path. See Custom Script-Sourced Group Resolution.
GSUITE_GROUP_ADMIN_EMAIL Provides the email of a GCP user with appropriate administrative privileges. This configuration parameter is used in conjunction with the GROUP_RESOLUTION_GOOGLE_APPLICATION_CREDENTIALS and GROUP_RESOLVER_SCRIPTS configuration settings to provide group resolution in Google Cloud Platform (GCP) environments. See Sample GCP Group Resolution Script.
INIT_WITH_GRANT_OPTION Controls whether the supplied admin_role in Okera has the WITH GRANT OPTION or not. Valid values are true (the admin_role has the WITH GRANT OPTION) and false (the admin_role does not have the WITH GRANT OPTION). The default is false. If the admin_role is not assigned the WITH GRANT OPTION, Okera admins cannot edit permissions in Okera.
IS_FOLLOWER Indicates whether the cluster is a follower cluster in an active/active environment. Valid values are true (it is a follower cluster) and false (it is not a follower cluster). There is no default.
JDBC_LOAD_DEFINITION_ABORT_ON_ERROR Indicates whether dataset registration should fail when an error occurs and you are registering multiple datasets. Valid values are true (abort dataset registration) and false (do not abort dataset registration). The default is true. (The number of tables added/skipped/failed can be determined by reviewing the okera.jdbc.tables-XXX properties on the database.)
JWT_ALGORITHM Specifies the algorithm used by JWT. Valid values are RSA256 and RSA512. RSA512 is the default. You can specify multiple, comma-separated values, just as with JWT_PUBLIC_KEY. The order of the values must match the order specified for the corresponding JWT_PUBLIC_KEY. See Public and Private Key Validation.
JWT_AUTHENTICATION_SERVER_URL Specifies the JWT URL for remote endpoint validation. See Remote Endpoint Validation.
JWT_JWKS_URL Specifies the URL of your OAuth identity provider (for example Okta, Auth0, or AzureAD). Okera uses this to dynamically fetch the appropriate public key needed for OAuth authentication.
JWT_PRIVATE_KEY Specifies the path to the private key used to encode Okera-generated JWTs. Private keys should not be specified as multiple, comma-separated values. See Public and Private Key Validation.
JWT_PUBLIC_KEY Specifies the path to the public key used to decode JWTs. You can specify multiple, comma-separated JWT public keys. When used to decode an incoming token, they are attempted in the order specified. See Public and Private Key Validation.
LDAP_BASE_DN Specifies the base distinguised name (DN) to use for LDAP authentication, if the username appears in the DN.
LDAP_BIND_TEMPLATE Specifies the bind template that should be used for LDAP authentication. For example, cn=%s,ou=users,dc=company,dc=com.
LDAP_DOMAIN Specifies the LDAP domain to use for LDAP authentication. Specifying LDAP_BIND_TEMPLATE and LDAP_BASE_DN is preferable to specifying LDAP_DOMAIN.
LDAP_HOST The URL for the LDAP server to use for LDAP authentication.
LDAP_PORT The port number of the LDAP server. Port values are typically 389 (non-SSL connections) or 636 (SSL connections).
LDAP_USE_SSL Enables and disables SSL use for LDAP authentication. Valid values are true (enable SSL) and false (disable SSL).
LDAP_USER_QUERY_PASSWORD Specifies the user query service password used by Okera for LDAP authentication.
MAINTENANCE_TASKS_THREAD_LIMIT Specifies the maximum number of Okera background tasks that can run concurrently. Valid values are positive integers. The default is 1. If you need to set this value higher than 8, please contact Okera technical support.
MAX_REQUEST_SIZE_BYTES Specifies the byte size limit above which queries are rejected. The default value is 52751601 bytes, which is approximately 52MB.
OAUTH_PROVIDER Required if you are using Google OAuth as your authorization provider. This parameter is not required for any other authorization provider. The only valid value is google. For example, OAUTH_PROVIDER: google.
OAUTH_SCOPES Specifies a list of scopes that determines which information the OAuth service provider will allow the user to access once the token is obtained. For example, OAUTH_SCOPES: openid profile email api://<xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx>/okera/okera_auth_scope.
OAUTH_SECRETS Specifies the location of your OAuth secrets file. For example,OAUTH_SECRETS: file:///etc/okera/client_secrets.json.
OKERA_ALLOW_IMPERSONATION Enables and disables Presto user impersonation. Valid values are true (enable Presto user impersonation) and false (disable Presto user impersonation). The default is false.
OKERA_ALLOWED_DELEGATION_USERS A comma-separated list of usernames allowed to impersonate other users. See Presto User Impersonation. There is no default.
OKERA_ASSUME_ROLE_DURATION_SECONDS Determines the duration, in seconds, that assumed role credentials are valid. For OkeraEnsemble access proxy processing, this default is 3600 seconds. For regular AWS S3 processing, the default is 900 seconds.
OKERA_CTE_REWRITE_ENABLED_ENGINES Identifies the Okera connection types that should use proxy pushdown processing. Use commas to separate values. Valid values are awsathena, bigquery, dremio:direct, mysql, oracle:thin, postgresql,redshift, and sqlserver. For example, OKERA_CTE_REWRITE_ENABLED_ENGINES: awsathena,bigquery,postresql.
OKERA_GLUE_SILENCE_TBL_PAGINATOR_500 Enables and disables Okera's silencing of unknown Glue errors that can affect the dataset counts on the Data page in the Okera UI. Valid values are true (silence the errors) and false (don't silence the errors). The default is false. You only need to set this configuration parameter if you notice that the dataset counts on the Data page are not populated correctly in your Glue environment.
OKERA_LEGACY_TOKEN_ESCAPE Enables or disables token escape processing in Okera when the token is included as a query argument in the URL. Valid values are true (enables token escape processing) and false (disable token escape processing). The default is false.
OKERA_SCRIPTS_DIR Specifies the location of the Okera allowed scripts directory. By default, this is /opt/scripts. Okera will only run scripts from its allowed scripts directory. It automatically makes the scripts specified in the USER_ATTRIBUTES_SCRIPT and GROUP_RESOLVER_SCRIPTS configuration parameters available in this directory, with the right permissions. See Custom Script User Attributes and Custom Script-Sourced Group Resolution.
OKERA_SECRET_PREFIX Specifies any prefix string you want that will help you identify that a secret is generated and used by Okera. The prefix is appended in the string for the secrets file name. There is no default. This parameter is required if you use plaintext credentials in your connection definitions.
OKERA_SECRET_STORE Specifies the type of secrets manager (AWS, Azure, or GCP) or Kubernetes path used to store the generated secret files. Valid values are AWSSM (AWS Secrets Manager), AWSPS (AWS Parameter Store), AZUREKV (Azure Key Vault), FILE (the Kubernetes path), or GCPSM (GCP Secret Manager). This parameter is required if you use plaintext credentials in your connection definitions.
OKERA_STAGING_DIR Specifies the path to the storage location for Okera audit logs.
OKERA_SYSTEM_IAM_ROLE_ARN Specifies the IAM Amazon Resource Name (ARN) associated with the Okera cluster for use by OkeraEnsemble when it is deployed in nScale mode. See OkeraEnsemble nScale Mode Deployment in EMR Environments
PATH_PREFIX_MAP_FILE Identifies the location of the mapping file for the cluster in an active/active environment.
PLANNER_API Specifies the Okera Policy Engine (planner) API port. The default is 12050. This port is required for all clients to access metadata and data.
podCidr Used for the Kubernetes cluster, this parameter specifies the pod IP address block of the CIDR blocks used for internal communication in Okera. For example, podCidr: "172.23.0.0/16". The CIDR blocks should not overlap with CIDR blocks currently being used, including the VPC. For example, these changes should not be within the VPC range.
POLICY_SYNC_INTERVAL Specifies how often Okera synchronizes Okera policies with Snowflake during process synchronization. Values are specified as a combination of a number and a one or two-letter code that represent the units. Valid unit codes are ns (nanoseconds), us (microseconds), ms (milliseconds), s (seconds), m (minutes), and h (hours). For example, 1h is one hour and 5000ms is 5000 milliseconds. The default is 30m (30 minutes).
POLICY_SYNC_ROLE_PATTERN Specifies the Snowflake role pattern that Okera should use when syncing Okera policies. The default is OKERA_%s, where %s is replaced by the user name.

Note: The specified role pattern must not match the Okera service role name (default SERVICE_OKERA_ROLE).
POLICY_SYNC_SCHEDULER_ENABLED Enables and disables Okera policy synchronization with Snowflake. Valid values are true (enable policy synchronization) and false (disable policy synchronization). The default is false.
POLICY_SYNC_USERS_ALLOWED_LIST Specifies the users for whom Okera policies should be synced. Valid values for this parameter are either a list of Snowflake users or a Snowflake tag and value (Snowflake users with the tag set to the value will be synced). These are the users for whom Okera manages the Snowflake connection. If no list or tag is specified, all Snowflake users are synced.
portRange Used for the Kubernetes cluster, this parameter specifies the port range of the CIDR blocks used for internal communication in Okera. For example, portRange: "1025-65535". The CIDR blocks should not overlap with CIDR blocks currently being used, including the VPC. For example, these changes should not be within the VPC range.
PRESTO_API Specifies the port to access the Presto API endpoint for users connecting via JDBC. The default is 14050.
PRESTO_ENABLE_PROXY Enables and disables Okera proxy mode. Valid values are true (enable proxy mode) and false (disable proxy mode). The default is true.
PRESTO_ENABLE_QUERY_LOGGING Enables and disables Presto query logging. Valid values for this new configuration parameter are true (enable Presto query logging) and false (disable Presto query logging). The default is false.
PRESTO_HTTP_CLIENT_MAX_CONNECTIONS_PER_SERVER Customizes the Presto configuration property (http-client.max-connections-per-server) that controls the maximum number of concurrent connections for a server. If this parameter is not specified, the values specified in your Presto environment are used (usually 20 for this parameter).
PRESTO_HTTP_CLIENT_MAX_REQUESTS_QUEUED_PER_SERVER Customizes the Presto configuration property (http-client.max-requests-queued-per-destination) that controls the maximum number of requests queued per destination. If this parameter is not specified, the values specified in your Presto environment are used (usually 1024 for this parameter).
PRESTO_PROXY_DEBUG_ENABLED Enables and disables proxy debugging. Valid values are true (enable debugging) and false (disable debugging). The default is true.
PRESTO_PROXY_JDBC_PUSHDOWN Enables and disables pushdown processing for JDBC-based connections. Valid values are true (enable pushdown processin) and false (disable pushdown processing). The default is true.
PRESTO_RESOURCE_GROUP_FILE_LOCATION Identifies the location of a JSON file that contains the Presto resource group definition. Information about the contents of this file can be found in Resource Groups.
PRESTO_SHOULD_USE_RESOURCE_GROUPS Enables or disables the file-based configuration manager for Presto. Valid values are true(enable the file-based configuration manager) and false (disable the file-based configuration manager). The default is false.
REST Specifies the Okera UI/REST port. The default is 8083.
REST_SERVER_ENABLE_ACCESS_PROXY Enables or disables the OkeraEnsemble S3 access proxy. Valid values are true (enable the access proxy) and false (disable the access proxy).
RESTRICTED_UDFS Restricts the use of Okera privacy functions and user-defined functions (UDFs) to Okera administrators only. Valid values for this parameter are a comma-separated list of function names. Use of any functions listed in the parameter require administrator privileges.
REST_SERVER_LOG_LEVEL Specifies the message logging level for the REST server log. Valid values are DEBUG, INFO, WARNING, ERROR, and CRITICAL. The default is DEBUG.
RS_ARGS Specifies various configuration options. See RS_ARGS Options.
serviceCidr Used for the Kubernetes cluster, this parameter specifies the IP address range for the service network CIDR blocks used for internal communication in Okera. For example, serviceCidr: "172.34.0.0/16". The CIDR blocks should not overlap with CIDR blocks currently being used, including the VPC. For example, these changes should not be within the VPC range.
SENTRY_BACKGROUND_LOAD_THREADS Overrides the background in-parallel load default of 2 for active/active deployments. Specify the number of roles that should be loaded in parallel in the background of an active/active environment.
SENTRY_INITIAL_LOAD_THREADS Overrides the initial in-parallel load default of 12 for active/active deployments. Specify the number of roles that should be loaded in parallel when an active/active environment is initially started.
SIGNED_URL_EXPIRY_TIMEOUT_SECS Specifies the number of seconds for which presigned URLs in an nScale task are valid. If this time expires before the task completes, errors occur. The default is 7200 seconds (120 minutes).
SKIP_OBJECT_CHECKS_ON_GRANT Enables or disables the ability to enable grants for a nonexistent database or table object. Valid values are true (enable the ability to enable grants for a nonexistent database or table object) and false (disable the ability to enable grants for a nonexistent database or table object). The default is false.
SSL_CERTIFICATE_FILE Specifies the path to the SSL certificates file.
SSL_KEY_FILE Specifies the path to the SSL key file.
SYSTEM_DB_CONNECTION_URL_SUFFIX This configuration parameter is a global Aurora RDS setting that enables Aurora RDS to perform write forwarding. It must always be set on follower clusters in an active/active environment. The only valid value is sessionVariables=aurora_replica_read_consistency='session'.
SYSTEM_TOKEN Specifies the path to the JWT system token used for interservice communication. The JWT system token has a sub of okera and groups of root. See System Token.
SYSTEM_TOKEN``SYSTEM_TOKEN_DURATION_MIN Specifies the duration, in minutes, of the JWT system token. Valid values are positive integers. The default value is equivalent to one day (1440 minutes).
TASK_ENCRYPTION_KEY Specifies the path of the file containing the encryption and decryption key for nScale. See Configuration File Encryption Settings for nScale.
TRANSFORM_UDF_PRIORITIES Specifies the priority order of transformation functions in Okera. Values for this property are the transformation function names, specified in sequence, and separated by commas. See Prioritization of Transformations.
TZ Specifies your time zone. For example, TZ: "America/New_York".
UI_TIMEOUT_MS Specifies the number of milliseconds the UI will wait before cancelling requests. The maximum value is 60000 milliseconds (or 60 seconds). The default is 30000 milliseconds (30 seconds).
USER_ATTRIBUTES_SCRIPT Specifies the paths to the user attribute scripts. Paths must be a local file. See Custom Script User Attributes.
USERS_FILE_LDAP Specifes the path to a JSON user's file. This parameter is reserved for use by Okera for demos and should not be used in customer production environments.
WATCHER_AUDIT_LOG_DST_DIR Specifies the path or URL to ADLS or Google Cloud storage where Okera audit logs will be stored. For example, WATCHER_AUDIT_LOG_DST_DIR: s3://company/okera/logs/audit.
WATCHER_LOG_DST_DIR Specifies the path or URL to ADLS or Google Cloud storage where Okera operational logs will be stored. For example, WATCHER_LOG_DST_DIR: s3://company/okera/logs.
WATCHER_LOG_PARTITIONED_UPLOADS Enables and disables Okera partitioned operational log uploads. Valid values are true (enable partitioned operational log uploads) and false (disable partitioned operational log uploads). The default is false.
WATCHER_S3_ENCRYPT Enables and disables Okera audit log encryption. Valid values are true (enable encryptions) and false (disable encryption). The default is true.
WATCHER_S3_REGION Specifies the geographical region for logging. For example, WATCHER_S3_REGION: us-east-1.
WORKER_API Specifies the Okera Enforcement Fleet worker API port. The default is 13050. This port is required for all clients to access metadata and data.