Skip to main content

Runtime configuration

Premora keeps runtime configuration central, so admins can change behavior without restarting pods. Configuration covers service metadata, feature flags, claims/identity config, and audited settings overrides.

How settings apply

Admin settings are written through the admin UI and applied to the running services within seconds — there is no pod restart required. This is how SSO configuration, feature flags, and other operational settings take effect live.

:::note Settings contract A setting only takes effect if the target service publishes its metadata and declares the setting key. New admin-configurable settings ship with the service that owns them. :::

What you can configure at runtime

  • Authentication — OIDC/Entra, SAML, and LDAP/AD settings (see Identity & SSO).
  • Connectors — source connections, scopes, and sync behavior.
  • Feature flags — turn capabilities on or off per deployment.
  • Policies & overrides — audited configuration overrides for operational tuning.

Secrets

Secrets (IdP client secrets, connector credentials) are write-only: you can set them, but they are never returned on read. Store the authoritative copies in your own secret manager; provide them to Premora via the values file at install time or through the admin UI.

Auditing

Configuration changes — especially policy overrides and connector changes — are recorded in the audit trail (see Access control). Every change is attributable.

Backing configuration

Lower-level platform configuration (backing-service connection details, ingress, certificates) is provided in your values file at install time and changed via premora core upgrade with an updated values file.