DominoKEEP comes with reasonable default configuration settings. They allow you to start evaluating and testing out-of-the-box. For an actual deployment, you want to understand the details as outlined here!

Understanding configuration

The configuration follows the concept of and Overlay File System with the base configuration is retrieved from the jar file and then overlayed with all JSON files in the keepconfig.d directory within the Notes data directory if present, finally environment parameters if any of those exist.


The call hierarchy

All files contribute JSON which are overlayed on top of each other. Json elements with the same name get overwritten, arrays get replaced, not overwritten.

The JSON files in keepconfig.d are processed in alphabetical order. Last entry wins. This can be used to e.g. disable elements temporarily by settings in a z-final-words.json file without impacting the life configuration.

The full explanation can be studied in the vert.x overloading rules

What is where

  • config.json: Ports, APIs to load, Verticles to load. See documentation for config.json
  • security.json: GodMode, JWT Setup, TLS setup. See documentation for security.json
  • Environment parameters (see below)

JSON overlay doesn’t allow to remove JSON elements, so most settings have an active parameter that can be set false in an overlay


Parameters are case sensitive

  • PORT : 8880 - HTTP(S) port for the keep service
  • ADMINPORT : 8889 - HTTP Port for the Admin listener, should not be reachable from outside
  • METRICSPORT: 8890 - Endpoint for Prometheus Metrics
  • GodeMode: true/false -> Should local users in KeepConfig be recognized
  • JwtDuration: lifetime in minutes for the internal JWT provider - default 60min
  • JwtMaxDuration: what is the maximum lifetime in minutes JWT tokens get accepted
  • DEBUG: true/false Debug mode. Creates more console output
  • PEMCert: if your TLS is PEM format (e.g. LetsEncrypt) path to Certificate file
  • TLSFile: TLS file with key for jks, pem or pfx
  • TLSPassword: password for jks and pfx key file
  • shutdownkey: passphrase for posting to http://localhost:adminport/shutdown to shut down KEEP

Actual configuration

The actual configuration can be retrieved (with sensitive information masked) on the admin port: