Configuration Reference - Buzen ESB Docs

1. Configuration model

Root prefix convention:

buzen:
  esb:
    connector:
      http: ...
      jms: ...
    deployment: ...
    security: ...
    management: ...
    monitoring: ...

Default runtime paths are derived from buzen.esb.home-dir, usually ./buzen-esb for local and /opt/buzen-esb in production-style packaging.

Prefer environment variables in production and keep static YAML free of secrets.

2. Critical runtime settings

Key	Purpose	Typical Value
buzen.esb.environment	Environment label used by runtime conventions	production / staging / development
buzen.esb.home-dir	Root runtime directory	/opt/buzen-esb
buzen.esb.data-dir	Data/log storage root	${buzen.esb.home-dir}/data
server.port	HTTPS runtime port	8443
buzen.esb.management.base-path	Management API base path	/api/v1
buzen.esb.security.encryption.key	Required key for encrypted sensitive values	Set via env var only

3. Security and TLS settings

Key	Meaning	Default
buzen.esb.security.enabled	Enables security filter chains	true
buzen.esb.security.tokens.ttl	Access token lifetime	12h
buzen.esb.security.tokens.max-tokens-per-user	Active token cap per user	1
buzen.esb.security.tls.enabled	Enable TLS	true
buzen.esb.security.tls.keystore-path	PKCS12 keystore location	classpath dev keystore
buzen.esb.security.tls.redirect-http	Redirect HTTP to HTTPS	true
buzen.esb.security.request-limits.max-request-bytes	Request size guardrail	26214400
buzen.esb.security.request-limits.max-upload-bytes	Multipart upload guardrail	26214400
buzen.esb.security.request-limits.max-json-depth	JSON nesting depth guardrail	100
buzen.esb.security.request-limits.max-json-string-length	JSON string length guardrail	1000000
buzen.esb.security.request-limits.max-json-number-length	JSON number length guardrail	1000
buzen.esb.security.vault.enabled	Enable Vault-backed secret lookup	false
buzen.esb.security.vault.uri	Vault endpoint URI	http://localhost:8200 (override in prod)
buzen.esb.security.vault.secrets-path	Vault secret namespace path	secret/buzen
buzen.esb.security.default-users.enabled	Enable in-memory dev users (admin/operator/viewer)	false
buzen.esb.security.internal-api.reserved-paths	Additional blocked ingress prefixes	[]

Do not run production with the default development keystore, Vault defaults, or development users enabled.

4. Route and deployment settings

Key	Function	Default
buzen.esb.routes.locations	Classpath/file glob list for YAML route loading	classpath:routes/.yaml, .yml
buzen.esb.routes.hot-reload	Reload route files when changed	false
buzen.esb.routes.auto-start	Global route auto start for non-archive loading	true
buzen.esb.deployment.directory	Directory watched for .bar deployments	${home}/deployments
buzen.esb.deployment.work-directory	Extracted archive workspace	${home}/work
buzen.esb.deployment.lib-directory	Shared runtime libraries	${home}/lib

Route startup for archives is dual-gated by global deployment auto-start and per-route autoStart in buzen.json.

5. Resilience circuit breaker settings

Key	Function	Default
buzen.esb.resilience.circuit-breaker.enabled	Enable circuit breaker integration for outbound endpoints	true
buzen.esb.resilience.circuit-breaker.endpoint-patterns	Endpoint URI patterns protected by circuit breaker	http:, https:, cxf:*
buzen.esb.resilience.circuit-breaker.failure-rate-threshold	Failure percentage to open circuit	50
buzen.esb.resilience.circuit-breaker.sliding-window-size	Window size for failure rate calculation	100
buzen.esb.resilience.circuit-breaker.minimum-number-of-calls	Minimum calls before evaluating failures	20
buzen.esb.resilience.circuit-breaker.permitted-number-of-calls-in-half-open-state	Trial calls allowed in half-open state	10
buzen.esb.resilience.circuit-breaker.wait-duration-in-open-state	Seconds to wait before half-open transition	30

6. Monitoring, tracing, and audit configuration

Area	Key	Default
Metrics	buzen.esb.monitoring.metrics.enabled	true
Tracing	buzen.esb.monitoring.tracing.retention-days	7
Tracing	buzen.esb.monitoring.tracing.in-memory-max-events	50000
Alerts	buzen.esb.monitoring.alert.retention-days	30
Audit	buzen.esb.audit.retention-days	365
Audit	buzen.esb.audit.persistence.batch-enabled	true

Tracing body capture is conservative by default. Tune redaction patterns before enabling wider capture.

7. Environment variable mappings

Common variable mappings used for secure runtime startup:

export BUZEN_ESB_HOME=/opt/buzen-esb
export BUZEN_ESB_ADMIN_PASSWORD='strong-admin-password'
export BUZEN_ESB_ENCRYPTION_KEY=$(openssl rand -base64 32)
export BUZEN_ESB_SECURITY_TLS_ENABLED=true
export BUZEN_ESB_SECURITY_TLS_KEYSTORE_PATH=file:/opt/buzen-esb/certs/prod.p12
export BUZEN_ESB_SECURITY_TLS_KEYSTORE_PASSWORD='change-me'
export BUZEN_ESB_SECURITY_TOKEN_TTL=8h
export BUZEN_ESB_SECURITY_MAX_REQUEST_BYTES=5242880

8. Production-ready example

server:
  port: 8443

buzen:
  esb:
    environment: production
    home-dir: /opt/buzen-esb
    management:
      base-path: /api/v1
    routes:
      hot-reload: false
    security:
      enabled: true
      tokens:
        ttl: 8h
        max-tokens-per-user: 2
      ingress:
        permit-all-paths:
          - /partners/**
      internal-api:
        reserved-paths:
          - /internal
      tls:
        enabled: true
        keystore-path: file:/opt/buzen-esb/certs/prod.p12
        keystore-password: ${BUZEN_ESB_SECURITY_TLS_KEYSTORE_PASSWORD}
      request-limits:
        max-request-bytes: 5242880
        max-upload-bytes: 5242880
    monitoring:
      tracing:
        enabled: true
        retention-days: 14
      alert:
        enabled: true

9. Go-live checklist

Set BUZEN_ESB_ENCRYPTION_KEY and rotate on policy.
Replace default admin password and disable broad development ingress rules.
Use trusted production keystore, not bundled dev keystore.
Set realistic request limits and trace retention for your workload.
Validate startup with /api/v1/system/health and /api/v1/system/info.
Track configs in version control without secrets.

Continue with Security and Policies and Operations and Troubleshooting.