Orchestrator
The Orchestrator is the higher-level service in front of the Manager. It exposes the Orchestrator API, authenticates clients with API keys and JWT bearer tokens, persists job records in its own database, and caches DEK tokens in Redis so files held by the Manager remain accessible across requests. Set environment variables on the Orchestrator container to configure it; the default port is 9983. For the naming convention and shared notes, refer to Configuration reference.
Default appsettings.json
{
"Database": {
"DatabaseType": "SqlLite",
"ConnectionString": ""
},
"Jwt": {
"SecretKey": "",
"ExpirationMinutes": 15,
"RefreshTokenExpirationDays": 30
},
"Licensing": {
"LicenseKey": "<LICENSE_KEY>",
"LgsURL": ""
},
"WebServer": {
"PortNumber": 9983,
"MaxFileSizeBytes": 104857600,
"MaxConcurrentConnections": 1000,
"RequestHeadersTimeout": null,
"KeepAliveTimeout": null,
"MinRequestBodyDataRateBytesPerSecond": null,
"MinRequestBodyDataRateGracePeriod": null
},
"ManagerApi": {
"BaseUrl": "http://localhost:9982/",
"PollingIntervalSeconds": 10,
"MaxDetectionRetries": 2
},
"Redis": {
"ConnectionString": ""
},
"AuditEvents": {
"RetentionDays": 365
},
"LogFilePath": "./logs/smart-redact-orchestrator-log.txt",
"LogRetentionDays": 7
}
Each section is described below.
Licensing
The Orchestrator requires a license key.
Licensing__LicenseKey=<LICENSE_KEY>
| Setting | Default | Description |
|---|---|---|
LicenseKey | required | The AI Smart Redact license key issued by Pdftools. |
LgsURL | — | Optional URL of an on-premise License Gateway Service for air-gapped deployments. |
Database
The Orchestrator stores user accounts, API keys, audit events, and job records in its own database, separate from the Manager’s.
Database__DatabaseType=PostgreSql
Database__ConnectionString=Host=...;Database=...;Username=...;Password=...
| Setting | Default | Description |
|---|---|---|
DatabaseType | required | One of PostgreSql, SqlLite. |
ConnectionString | required (except SqlLite) | Provider-specific connection string. |
Manager API
The Orchestrator forwards file, detection, and redaction operations to the Manager. The ManagerApi section configures the connection.
ManagerApi__BaseUrl=http://<MANAGER_HOST>:9982/
| Setting | Default | Description |
|---|---|---|
BaseUrl | required | Base URL of the Manager, including scheme and port. |
PollingIntervalSeconds | 10 | Interval at which the Orchestrator polls the Manager for asynchronous detection results. |
MaxDetectionRetries | 2 | Maximum detection retries the Orchestrator sends to the Manager before marking a job as failed. Distinct from the Manager’s RetryCount, which retries at the Manager → Worker transport layer. |
JWT
The Orchestrator issues JWT bearer tokens for the human-facing parts of the API. API keys are validated separately and don’t depend on this section.
Jwt__SecretKey=<JWT_SECRET_KEY>
Jwt__ExpirationMinutes=15
Jwt__RefreshTokenExpirationDays=30
| Setting | Default | Description |
|---|---|---|
SecretKey | required | HMAC-SHA256 signing key, minimum 32 characters. Generate with openssl rand -base64 64. |
ExpirationMinutes | 15 | Access-token lifetime in minutes. |
RefreshTokenExpirationDays | 30 | Refresh-token lifetime in days. |
Redis
The Orchestrator caches DEK tokens received from the Manager in Redis so that subsequent operations (detection, redaction, file download) can reuse them across instances. Deploy Redis without persistence (no AOF, no RDB) so that on restart all cached tokens are lost and the corresponding files become cryptographically inaccessible. This supports crypto-erasure.
Redis__ConnectionString=<REDIS_HOST>:<REDIS_PORT>
| Setting | Default | Description |
|---|---|---|
ConnectionString | empty | Connection string of the Redis instance. When empty, the Orchestrator uses an in-memory fallback that doesn’t survive a restart and can’t be shared between instances. |
Audit events
The Orchestrator records audit events. Records older than the retention window are deleted automatically.
AuditEvents__RetentionDays=365
| Setting | Default | Description |
|---|---|---|
RetentionDays | 365 | Number of days audit events are retained. Must be a positive integer. |
Web server
WebServer__PortNumber=9983
WebServer__MaxFileSizeBytes=104857600
WebServer__MaxConcurrentConnections=1000
| Setting | Default | Description |
|---|---|---|
PortNumber | 9983 | TCP port the Orchestrator listens on. |
MaxFileSizeBytes | 104857600 (100 MB) | Maximum allowed multipart upload size. Set to null, 0, or a negative value to remove the limit. |
MaxConcurrentConnections | 1000 | Maximum concurrent connections accepted by Kestrel. |
The remaining Kestrel limits (RequestHeadersTimeout, KeepAliveTimeout, MinRequestBodyDataRateBytesPerSecond, MinRequestBodyDataRateGracePeriod) accept the same values as on the Manager. Refer to Web server on the Manager configuration page.
The Orchestrator forwards uploads to the Manager. Configure the same MaxFileSizeBytes on both services, otherwise the Orchestrator can accept files that the Manager later rejects.
Logging
Application logs are written to the console and, optionally, to a file. The fields are top-level (no section prefix).
LogFilePath=./logs/smart-redact-orchestrator-log.txt
LogRetentionDays=7
| Setting | Default | Description |
|---|---|---|
LogFilePath | — | Path of the rolling-daily log file inside the container. Leave empty to disable file logging. |
LogRetentionDays | 7 | Number of days log files are retained on disk. |
The minimum log level isn’t a separate setting. It’s derived from the standard ASPNETCORE_ENVIRONMENT environment variable: when set to Development, the service emits Debug-level logs in a developer-friendly console format; any other value (the default) emits Information-level logs in JSON. Use Development only for local diagnostics.