Quarkus Hibernate Search Extras

This set of extensions provides various extra features for the Quarkus Hibernate Search integration.

AWS Integration

AWS request signing

If you need to use Amazon’s managed Elasticsearch service, you will find it requires a proprietary authentication method involving request signing.

To enable AWS request signing in Hibernate Search, an additional extension is required:

./mvnw quarkus:add-extension -Dextensions="hibernate-search-orm-elasticsearch-aws"

Once the extension is there, you will need some more configuration:

For example:

quarkus.hibernate-search-orm.elasticsearch.aws.region=us-east-1
quarkus.hibernate-search-orm.elasticsearch.aws.signing.enabled=true

Or, if credentials are not available in the application environment (AWS instance role, …​):

quarkus.hibernate-search-orm.elasticsearch.aws.region=us-east-1
quarkus.hibernate-search-orm.elasticsearch.aws.signing.enabled=true
quarkus.hibernate-search-orm.elasticsearch.aws.credentials.type=static
quarkus.hibernate-search-orm.elasticsearch.aws.credentials.static-provider.access-key-id=AKIDEXAMPLE
quarkus.hibernate-search-orm.elasticsearch.aws.credentials.static-provider.secret-access-key=wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY

AWS Integration Configuration Reference

Configuration property fixed at build time - All other configuration properties are overridable at runtime

Configuration property

Type

Default

Whether requests should be signed using the AWS credentials.

boolean

false

An Amazon Web Services region that hosts the Elasticsearch service.

Must be provided if signing is enabled; the region won’t be automatically detected.

See software.amazon.awssdk.regions.Region for available regions.

Region

Configure the credentials provider that should be used to authenticate with AWS.

Available values:

  • default - the provider will attempt to identify the credentials automatically using the following checks:

    • Java System Properties - aws.accessKeyId and aws.secretAccessKey

    • Environment Variables - AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY

    • Credential profiles file at the default location (~/.aws/credentials) shared by all AWS SDKs and the AWS CLI

    • Credentials delivered through the Amazon EC2 container service if AWS_CONTAINER_CREDENTIALS_RELATIVE_URI environment variable is set and security manager has permission to access the variable.

    • Instance profile credentials delivered through the Amazon EC2 metadata service

  • static - the provider that uses the access key and secret access key specified in the static-provider section of the config.

  • system-property - it loads credentials from the aws.accessKeyId, aws.secretAccessKey and aws.sessionToken system properties.

  • env-variable - it loads credentials from the AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY and AWS_SESSION_TOKEN environment variables.

  • profile - credentials are based on AWS configuration profiles. This loads credentials from a profile file, allowing you to share multiple sets of AWS security credentials between different tools like the AWS SDK for Java and the AWS CLI.

  • container - It loads credentials from a local metadata service. Containers currently supported by the AWS SDK are Amazon Elastic Container Service (ECS) and AWS Greengrass

  • instance-profile - It loads credentials from the Amazon EC2 Instance Metadata Service.

  • process - Credentials are loaded from an external process. This is used to support the credential_process setting in the profile credentials file. See Sourcing Credentials From External Processes for more information.

  • anonymous - It always returns anonymous AWS credentials. Anonymous AWS credentials result in un-authenticated requests and will fail unless the resource or API’s policy has been configured to specifically allow anonymous access.

default, static, system-property, env-variable, profile, container, instance-profile, process, anonymous

default

Whether requests should be signed using the AWS credentials.

boolean

false

An Amazon Web Services region that hosts the Elasticsearch service.

Must be provided if signing is enabled; the region won’t be automatically detected.

See software.amazon.awssdk.regions.Region for available regions.

Region

Configure the credentials provider that should be used to authenticate with AWS.

Available values:

  • default - the provider will attempt to identify the credentials automatically using the following checks:

    • Java System Properties - aws.accessKeyId and aws.secretAccessKey

    • Environment Variables - AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY

    • Credential profiles file at the default location (~/.aws/credentials) shared by all AWS SDKs and the AWS CLI

    • Credentials delivered through the Amazon EC2 container service if AWS_CONTAINER_CREDENTIALS_RELATIVE_URI environment variable is set and security manager has permission to access the variable.

    • Instance profile credentials delivered through the Amazon EC2 metadata service

  • static - the provider that uses the access key and secret access key specified in the static-provider section of the config.

  • system-property - it loads credentials from the aws.accessKeyId, aws.secretAccessKey and aws.sessionToken system properties.

  • env-variable - it loads credentials from the AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY and AWS_SESSION_TOKEN environment variables.

  • profile - credentials are based on AWS configuration profiles. This loads credentials from a profile file, allowing you to share multiple sets of AWS security credentials between different tools like the AWS SDK for Java and the AWS CLI.

  • container - It loads credentials from a local metadata service. Containers currently supported by the AWS SDK are Amazon Elastic Container Service (ECS) and AWS Greengrass

  • instance-profile - It loads credentials from the Amazon EC2 Instance Metadata Service.

  • process - Credentials are loaded from an external process. This is used to support the credential_process setting in the profile credentials file. See Sourcing Credentials From External Processes for more information.

  • anonymous - It always returns anonymous AWS credentials. Anonymous AWS credentials result in un-authenticated requests and will fail unless the resource or API’s policy has been configured to specifically allow anonymous access.

default, static, system-property, env-variable, profile, container, instance-profile, process, anonymous

default

Whether requests should be signed using the AWS credentials.

boolean

false

An Amazon Web Services region that hosts the Elasticsearch service.

Must be provided if signing is enabled; the region won’t be automatically detected.

See software.amazon.awssdk.regions.Region for available regions.

Region

Configure the credentials provider that should be used to authenticate with AWS.

Available values:

  • default - the provider will attempt to identify the credentials automatically using the following checks:

    • Java System Properties - aws.accessKeyId and aws.secretAccessKey

    • Environment Variables - AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY

    • Credential profiles file at the default location (~/.aws/credentials) shared by all AWS SDKs and the AWS CLI

    • Credentials delivered through the Amazon EC2 container service if AWS_CONTAINER_CREDENTIALS_RELATIVE_URI environment variable is set and security manager has permission to access the variable.

    • Instance profile credentials delivered through the Amazon EC2 metadata service

  • static - the provider that uses the access key and secret access key specified in the static-provider section of the config.

  • system-property - it loads credentials from the aws.accessKeyId, aws.secretAccessKey and aws.sessionToken system properties.

  • env-variable - it loads credentials from the AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY and AWS_SESSION_TOKEN environment variables.

  • profile - credentials are based on AWS configuration profiles. This loads credentials from a profile file, allowing you to share multiple sets of AWS security credentials between different tools like the AWS SDK for Java and the AWS CLI.

  • container - It loads credentials from a local metadata service. Containers currently supported by the AWS SDK are Amazon Elastic Container Service (ECS) and AWS Greengrass

  • instance-profile - It loads credentials from the Amazon EC2 Instance Metadata Service.

  • process - Credentials are loaded from an external process. This is used to support the credential_process setting in the profile credentials file. See Sourcing Credentials From External Processes for more information.

  • anonymous - It always returns anonymous AWS credentials. Anonymous AWS credentials result in un-authenticated requests and will fail unless the resource or API’s policy has been configured to specifically allow anonymous access.

default, static, system-property, env-variable, profile, container, instance-profile, process, anonymous

default

boolean

false

An Amazon Web Services region that hosts the Elasticsearch service.

Must be provided if signing is enabled; the region won’t be automatically detected.

See software.amazon.awssdk.regions.Region for available regions.

Region

Configure the credentials provider that should be used to authenticate with AWS.

Available values:

  • default - the provider will attempt to identify the credentials automatically using the following checks:

    • Java System Properties - aws.accessKeyId and aws.secretAccessKey

    • Environment Variables - AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY

    • Credential profiles file at the default location (~/.aws/credentials) shared by all AWS SDKs and the AWS CLI

    • Credentials delivered through the Amazon EC2 container service if AWS_CONTAINER_CREDENTIALS_RELATIVE_URI environment variable is set and security manager has permission to access the variable.

    • Instance profile credentials delivered through the Amazon EC2 metadata service

  • static - the provider that uses the access key and secret access key specified in the static-provider section of the config.

  • system-property - it loads credentials from the aws.accessKeyId, aws.secretAccessKey and aws.sessionToken system properties.

  • env-variable - it loads credentials from the AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY and AWS_SESSION_TOKEN environment variables.

  • profile - credentials are based on AWS configuration profiles. This loads credentials from a profile file, allowing you to share multiple sets of AWS security credentials between different tools like the AWS SDK for Java and the AWS CLI.

  • container - It loads credentials from a local metadata service. Containers currently supported by the AWS SDK are Amazon Elastic Container Service (ECS) and AWS Greengrass

  • instance-profile - It loads credentials from the Amazon EC2 Instance Metadata Service.

  • process - Credentials are loaded from an external process. This is used to support the credential_process setting in the profile credentials file. See Sourcing Credentials From External Processes for more information.

  • anonymous - It always returns anonymous AWS credentials. Anonymous AWS credentials result in un-authenticated requests and will fail unless the resource or API’s policy has been configured to specifically allow anonymous access.

default, static, system-property, env-variable, profile, container, instance-profile, process, anonymous

default

Default credentials provider configuration

Type

Default

Whether this provider should fetch credentials asynchronously in the background. If this is true, threads are less likely to block, but additional resources are used to maintain the provider.

boolean

false

Whether the provider should reuse the last successful credentials provider in the chain. Reusing the last successful credentials provider will typically return credentials faster than searching through the chain.

boolean

true

Whether this provider should fetch credentials asynchronously in the background. If this is true, threads are less likely to block, but additional resources are used to maintain the provider.

boolean

false

Whether the provider should reuse the last successful credentials provider in the chain. Reusing the last successful credentials provider will typically return credentials faster than searching through the chain.

boolean

true

Whether this provider should fetch credentials asynchronously in the background. If this is true, threads are less likely to block, but additional resources are used to maintain the provider.

boolean

false

Whether the provider should reuse the last successful credentials provider in the chain. Reusing the last successful credentials provider will typically return credentials faster than searching through the chain.

boolean

true

Whether this provider should fetch credentials asynchronously in the background. If this is true, threads are less likely to block, but additional resources are used to maintain the provider.

boolean

false

Whether the provider should reuse the last successful credentials provider in the chain. Reusing the last successful credentials provider will typically return credentials faster than searching through the chain.

boolean

true

Static credentials provider configuration

Type

Default

string

string

string

string

string

string

string

string

AWS Profile credentials provider configuration

Type

Default

The name of the profile that should be used by this credentials provider. If not specified, the value in AWS_PROFILE environment variable or aws.profile system property is used and defaults to default name.

string

The name of the profile that should be used by this credentials provider. If not specified, the value in AWS_PROFILE environment variable or aws.profile system property is used and defaults to default name.

string

The name of the profile that should be used by this credentials provider. If not specified, the value in AWS_PROFILE environment variable or aws.profile system property is used and defaults to default name.

string

The name of the profile that should be used by this credentials provider. If not specified, the value in AWS_PROFILE environment variable or aws.profile system property is used and defaults to default name.

string

Process credentials provider configuration

Type

Default

Whether the provider should fetch credentials asynchronously in the background. If this is true, threads are less likely to block when credentials are loaded, but additional resources are used to maintain the provider.

boolean

false

The amount of time between when the credentials expire and when the credentials should start to be refreshed. This allows the credentials to be refreshed *before* they are reported to expire.

Duration

15S

The maximum size of the output that can be returned by the external process before an exception is raised.

MemorySize

1024

The command that should be executed to retrieve credentials.

string

Whether the provider should fetch credentials asynchronously in the background. If this is true, threads are less likely to block when credentials are loaded, but additional resources are used to maintain the provider.

boolean

false

The amount of time between when the credentials expire and when the credentials should start to be refreshed. This allows the credentials to be refreshed *before* they are reported to expire.

Duration

15S

The maximum size of the output that can be returned by the external process before an exception is raised.

MemorySize

1024

string

Whether the provider should fetch credentials asynchronously in the background. If this is true, threads are less likely to block when credentials are loaded, but additional resources are used to maintain the provider.

boolean

false

The amount of time between when the credentials expire and when the credentials should start to be refreshed. This allows the credentials to be refreshed *before* they are reported to expire.

Duration

15S

The maximum size of the output that can be returned by the external process before an exception is raised.

MemorySize

1024

string

Whether the provider should fetch credentials asynchronously in the background. If this is true, threads are less likely to block when credentials are loaded, but additional resources are used to maintain the provider.

boolean

false

The amount of time between when the credentials expire and when the credentials should start to be refreshed. This allows the credentials to be refreshed *before* they are reported to expire.

Duration

15S

The maximum size of the output that can be returned by the external process before an exception is raised.

MemorySize

1024

string

About the Duration format

The format for durations uses the standard java.time.Duration format. You can learn more about it in the Duration#parse() javadoc.

You can also provide duration values starting with a number. In this case, if the value consists only of a number, the converter treats the value as seconds. Otherwise, PT is implicitly prepended to the value to obtain a standard java.time.Duration format.

About the MemorySize format

A size configuration option recognises string in this format (shown as a regular expression): [0-9]+[KkMmGgTtPpEeZzYy]?. If no suffix is given, assume bytes.