Available on: Enterprise Edition

How to configure Kestra Enterprise Edition.

Kestra Enterprise Edition offers many enhancements over the Open Source Edition, adding authentication, security, audit logs, and more. Here are some of the features available in the Enterprise Edition:

For more information on what is included in the Enterprise Edition, check out the product page.

Enterprise Edition license

To use Kestra Enterprise Edition, you will need a valid license. Our sales team will provide this license to you; if it's not the case, please reach out to them at sales@kestra.io.

The license is set up using two configuration properties: id and key.

  • kestra.ee.license.id: license identifier.
  • kestra.ee.license.key: license key.

When you launch Kestra Enterprise Edition, it will check the license and display the validation step in the log.

SuperAdmin User from configuration

The most powerful user in Kestra is the SuperAdmin

You can create a SuperAdmin user from the configuration file.

The super-admin requires three properties:

  • kestra.security.super-admin.username: the username of the super-admin
  • kestra.security.super-admin.password: the password of the super-admin
  • kestra.security.super-admin.tenantAdminAccess: a list of tenants that the super-admin can access
    • This property can be omitted if you do not use multi-tenancy
    • If a Tenant does not exists, it will be created
    • At each startup, this user is checked and if the list of access permissions has been modified, new access permissions can be created, but none will be removed
yaml
kestra:
  security:
    super-admin:
      username: your_username
      password: ${KESTRA_SUPERADMIN_PASSWORD}
      tenantAdminAccess:
        - <optional>

Default Role from configuration

The default role is the role that will be assigned to a new user when it is created.

For setup facilities, you can define the default role from the configuration file. Each time you start Kestra, the default role will be checked and created if it does not exist for every Tenant.

The default role requires three properties:

  • kestra.security.default-role.name: the name of the default role
  • kestra.security.default-role.description: the description of the default role
  • kestra.security.default-role.permissions: the permissions of the default role
yaml
kestra:
  security:
    default-role:
      name: default
      description: "Default role"
      permissions:
        FLOW: ["CREATE", "READ", "UPDATE", "DELETE"]

Make sure that you attach the default-role configuration under kestra.securityrather than under micronaut.security — it's easy to confuse the two so make sure you enter that configuration in the right place.

Was this page helpful?