Container Properties
This section describes properties that are typically set on a container level and applicable to the Platform, ECs and SCs.
Property | Description | SOC 1 | Category | Reason |
|---|---|---|---|---|
java.library.path | Default value: This property must be set to | Yes | Availability | If incorrectly set, system may fail to load required native libraries, causing outages. |
mz.httpd.security | Default value: This property enables HTTP communication protected by TLS (i e HTTPS). | Yes | Confidentiality | Enables TLS for HTTP; disabling could expose sensitive data in transit. |
mz.httpd.security.hsts.enabled | Default value: This property enables the | Yes | Confidentiality | Enforces HTTPS-only access; mitigates downgrade attacks and improves confidentiality. |
mz.httpd.security.hsts.max_age | Default value: 63072000 (2 years) If HSTS is enabled, then this property can be used to control the "max-age" value. | Yes | Confidentiality | Defines HSTS duration; short values could weaken HTTPS enforcement. |
mz.httpd.security.keystore | Default value: This property specifies the path to the keystore that is used for HTTP/TLS | Yes | Confidentiality | Path to keystore for TLS; incorrect or missing file can break encryption. |
mz.httpd.security.keystore.password | Default value: This property must contain the password to the keystore specified in | Yes | Confidentiality | Protects private key; compromise leads to loss of TLS security. |
mz.httpd.security.key.alias | Default value: This property specifies which of the keys in the keystore that should used for HTTP/TLS (if there are more than one). HTTP will prefer to use the key with this keystore alias. If it is not set and the keystore contains more than one private key, it is undefined which key is used. | Yes | Confidentiality | Determines which key is used; misconfiguration could cause invalid or expired cert use. |
mz.httpd.security.key.password | Default value: This property must contain the password to the key to the key that is used for HTTP/TLS. By default (in | Yes | Confidentiality | Protects the private key in keystore; compromise leads to exposure of TLS key material. |
mz.picocache.link.use | Default value: If you set this property to | No | N/A | Disk space optimization only; no compliance relevance. |
mz.picocache.link.target.dir | Default value: If you have set the mz.picocache.link.use property to | No | N/A | Storage location for cache JARs; no direct SOC 1/SOX impact. |
pico.rcp.server.bind_interfaces | Default value: When you set the property Due to the network configuration, it may be required by pico instances to bind to additional interfaces. You can specify these by specifying a comma-separated list of IP address or hostnames in the property pico.rcp.server.bind_interfaces. It is also possible to set this property to the value If you have not set Example - Using pico.rcp.server.bind_interfaces An EC named ec1 has one external and one internal IP address. Other ECs will have to use the hostname To ensure that all connection attempts will use the hostname, you set the property If another EC on the external network, ec2 in this example, tries to connect to ec1, it will use the hostname ec1host which maps to the external IP. This will fail. To ensure connectivity you need to set | Yes | Confidentiality | Restricts network binding; misconfiguration could expose services to unintended networks or cause outages. |
pico.rcp.server.host | Default value: This property specifies the IP address or hostname of the pico instances. It will be used to determine the interface that the pico instances must bind to and the IP address/hostname that will be used by connecting processes. When you enter the hostname as the value of this property, if a failover occurs, the hostname is retrieved from the DNS enabling reconnection. If you enter the IP address as the value of this property, if it is a static IP address, reconnection issues may occur if the IP address changes. When the value of this property is left blank, the pico instance will bind to all IP addresses of the host. This means that the pico will listen for inbound network traffic on all network interfaces, and may attempt to use any local IP address for outbound network traffic. | Yes | Availability | Determines interface for pico instances; wrong value can cause service disruption. |
pico.rcp.tls.keystore | Default value: This property specifies the path to a keystore and enables the system to use TLS for all RCP connections that are not from the local host. If this property is not set, TLS will not be used. | Yes | Confidentiality | Path to keystore for TLS on RCP connections; required for encryption in transit. |
pico.rcp.tls.keystore.alias | Default value: This property specifies which of the keys in the keystore that should used for RCP/TLS (if there are more than one). RCP will prefer to use the key with this keystore alias. If it is not set and the keystore contains more than one private key, it is undefined which key is used. | Yes | Confidentiality | Determines TLS key selection; misconfiguration may cause expired or wrong cert use. |
pico.rcp.tls.keystore.password | Default value: This property must contain the password to the keystore specified in | Yes | Confidentiality | Protects TLS private key for RCP; compromise leads to interception risk. |
pico.rcp.tls.key.password | Default value: This property must contain the password to the key that is used for RCP/TLS. By default (in | Yes | Confidentiality | Protects the specific key in the keystore; compromise leads to loss of TLS protection. |
pico.rcp.tls.require_clientauth | Default value: This property specifies if client authentication is required when these are not running on the local host. | Yes | Confidentiality | Enforces mutual TLS; strengthens authentication and integrity. |
pico.tmpdir | Default value: This property specifies the temp directory you want to use for your picos. | Yes | Availability | Incorrect directory could cause processing errors or data loss if temporary files are needed for workflows. |
pico.upgrade_history | Default value: This property specifies the directory where the new and old versions of packages patched into the system are stored. | Yes | Availability | Stores patch history; required for audit evidence of changes and rollback ability. |
rest.client.max.chunk.size | Default value: "8m" This property specifies the maximum chunk size of the HTTP response that the REST Client agent should receive from the server. The agent will reject data with sizes that are larger than the value defined by this property. You can also set this property on the pico level, where the value is only applied to the defined EC. You can refer to Execution Context Properties for more information. | Yes | Availability | Controls HTTP chunk size; prevents excessive memory use that could crash ECs. |
rest.client.max.content.length | Default value: "64m" This property specifies the maximum length of the HTTP content received by the REST Client agent. The agent will reject content that is longer than the specified value defined by this property. Although it is also possible to set the value of this property to infinite, there will be a possibility where the EC will crash from an out of memory error. So do consider setting the memory size of the EC to be higher than the expected size of the HTTP content that the agent will be receiving. You can also set this property on the pico level, where the value is only applied to the defined EC. You can refer to Execution Context Properties for more information. | Yes | Availability | Limits maximum HTTP content size; prevents crashes from large payloads, which could cause outages. |