Configuration settings

Configures the general policy for when checkpoints should occur. The default policy is the 'periodic' checkpoint policy, as specified by the db.checkpoint.interval.tx and db.checkpoint.interval.time settings. The Neo4j Enterprise Edition provides two alternative policies: The first is the 'continuous' checkpoint policy, which will ignore those settings and run the checkpoint process all the time. The second is the 'volumetric' checkpoint policy, which makes a best-effort at checkpointing often enough so that the database doesn’t get too far behind on deleting old transaction logs in accordance with the db.tx_log.rotation.retention_policy setting.

db.checkpoint, one of [PERIODIC, CONTINUOUS, VOLUME, VOLUMETRIC]

Configures the time interval between checkpoints. The database will not checkpoint more often than this (unless checkpointing is triggered by a different event), but might checkpoint less often than this interval, if performing a checkpoint takes longer time than the configured interval. A checkpoint is a point in the transaction logs, which recovery would start from. Longer checkpoint intervals typically mean that recovery will take longer to complete in case of a crash. On the other hand, a longer checkpoint interval can also reduce the I/O load that the database places on the system, as each checkpoint implies a flushing and forcing of all the store files.

db.checkpoint.interval.time, a duration (Valid units are: ns, μs, ms, s, m, h and d; default unit is s)

Configures the transaction interval between checkpoints. The database will not checkpoint more often than this (unless check pointing is triggered by a different event), but might checkpoint less often than this interval, if performing a checkpoint takes longer time than the configured interval. A checkpoint is a point in the transaction logs, which recovery would start from. Longer checkpoint intervals typically mean that recovery will take longer to complete in case of a crash. On the other hand, a longer checkpoint interval can also reduce the I/O load that the database places on the system, as each checkpoint implies a flushing and forcing of all the store files. The default is '100000' for a checkpoint every 100000 transactions.

db.checkpoint.interval.tx, an integer which is minimum 1

Configures the volume of transaction logs between checkpoints. The database will not checkpoint more often than this (unless check pointing is triggered by a different event), but might checkpoint less often than this interval, if performing a checkpoint takes longer time than the configured interval. A checkpoint is a point in the transaction logs, which recovery would start from. Longer checkpoint intervals typically mean that recovery will take longer to complete in case of a crash. On the other hand, a longer checkpoint interval can also reduce the I/O load that the database places on the system, as each checkpoint implies a flushing and forcing of all the store files.

db.checkpoint.interval.volume, a byte size (valid multipliers are B, KiB, KB, K, kB, kb, k, MiB, MB, M, mB, mb, m, GiB, GB, G, gB, gb, g, TiB, TB, PiB, PB, EiB, EB) which is minimum 1.00KiB

Limit the number of IOs the background checkpoint process will consume per second. This setting is advisory, is ignored in Neo4j Community Edition, and is followed to best effort in Enterprise Edition. An IO is in this case a 8 KiB (mostly sequential) write. Limiting the write IO in this way will leave more bandwidth in the IO subsystem to service random-read IOs, which is important for the response time of queries when the database cannot fit entirely in memory. The only drawback of this setting is that longer checkpoint times may lead to slightly longer recovery times in case of a database or system crash. A lower number means lower IO pressure, and consequently longer checkpoint times. Set this to -1 to disable the IOPS limit and remove the limitation entirely; this will let the checkpointer flush data as fast as the hardware will go. Removing the setting, or commenting it out, will set the default value of 600.

db.checkpoint.iops.limit, an integer

Interval of pulling updates from cores.

db.cluster.catchup.pull_interval, a duration (Valid units are: ns, μs, ms, s, m, h and d; default unit is s)

The maximum number of bytes in the apply buffer. This parameter limits the amount of memory that can be consumed by the apply buffer. If the bytes limit is reached, buffer size will be limited even if max_entries is not exceeded.

db.cluster.raft.apply.buffer.max_bytes, a byte size (valid multipliers are B, KiB, KB, K, kB, kb, k, MiB, MB, M, mB, mb, m, GiB, GB, G, gB, gb, g, TiB, TB, PiB, PB, EiB, EB)

The maximum number of entries in the raft log entry prefetch buffer.

db.cluster.raft.apply.buffer.max_entries, an integer

Largest batch processed by RAFT in bytes.

db.cluster.raft.in_queue.batch.max_bytes, a byte size (valid multipliers are B, KiB, KB, K, kB, kb, k, MiB, MB, M, mB, mb, m, GiB, GB, G, gB, gb, g, TiB, TB, PiB, PB, EiB, EB)

Maximum number of bytes in the RAFT in-queue.

db.cluster.raft.in_queue.max_bytes, a byte size (valid multipliers are B, KiB, KB, K, kB, kb, k, MiB, MB, M, mB, mb, m, GiB, GB, G, gB, gb, g, TiB, TB, PiB, PB, EiB, EB)

The name of a server_group whose members should be prioritized as leaders. This does not guarantee that members of this group will be leader at all times, but the cluster will attempt to transfer leadership to such a member when possible. If a database is specified using db.cluster.raft.leader_transfer.priority_group.<database> the specified priority group will apply to that database only. If no database is specified that group will be the default and apply to all databases which have no priority group explicitly set. Using this setting will disable leadership balancing.

db.cluster.raft.leader_transfer.priority_group, a string identifying a Server Tag

RAFT log pruning strategy that determines which logs are to be pruned. Neo4j only prunes log entries up to the last applied index, which guarantees that logs are only marked for pruning once the transactions within are safely copied over to the local transaction logs and safely committed by a majority of cluster members. Possible values are a byte size or a number of transactions (e.g., 200K txs).

db.cluster.raft.log.prune_strategy, a string

The maximum number of bytes in the in-flight cache. This parameter limits the amount of memory that can be consumed by cache. If the bytes limit is reached, cache size will be limited even if max_entries is not exceeded.

db.cluster.raft.log_shipping.buffer.max_bytes, a byte size (valid multipliers are B, KiB, KB, K, kB, kb, k, MiB, MB, M, mB, mb, m, GiB, GB, G, gB, gb, g, TiB, TB, PiB, PB, EiB, EB)

The maximum number of entries in the in-flight cache. Increasing size will require more memory but might improve performance in high load situations.

db.cluster.raft.log_shipping.buffer.max_entries, an integer

The catch up protocol times out if the given duration elapses with no network activity. Every message received by the client from the server extends the time out duration.

dbms.cluster.catchup.client_inactivity_timeout, a duration (Valid units are: ns, μs, ms, s, m, h and d; default unit is s)

A comma-separated list of endpoints which a server should contact in order to discover other cluster members. Typically, all members of the cluster, including the current server, should be specified in this list.

dbms.cluster.discovery.endpoints, a ',' separated list with elements of type 'a socket address in the format 'hostname:port', 'hostname' or ':port''.

The level of middleware logging.

dbms.cluster.discovery.log_level, one of [DEBUG, INFO, WARN, ERROR, NONE]

Configure the discovery resolver type used for cluster member resolution.

dbms.cluster.discovery.resolver_type, one of [DNS, LIST, SRV, K8S] which may require different settings depending on the discovery type: DNS requires [dbms.cluster.discovery.endpoints], LIST requires [], SRV requires [dbms.cluster.discovery.endpoints], K8S requires [dbms.kubernetes.label_selector, dbms.kubernetes.service_port_name]

Minimum number of machines initially required to form a clustered DBMS. The cluster is considered formed when at least this many members have discovered each other, bound together and bootstrapped a highly available system database. As a result, at least this many of the cluster’s initial machines must have server.cluster.system_database_mode set to 'PRIMARY'.NOTE: If dbms.cluster.discovery.resolver_type is set to 'LIST' and dbms.cluster.discovery.endpoints is empty then the user is assumed to be deploying a standalone DBMS, and the value of this setting is ignored.

dbms.cluster.minimum_initial_system_primaries_count, an integer which is minimum 2

Time out for protocol negotiation handshake.

dbms.cluster.network.handshake_timeout, a duration (Valid units are: ns, μs, ms, s, m, h and d; default unit is s)

Maximum chunk size allowable across network by clustering machinery.

dbms.cluster.network.max_chunk_size, an integer which is in the range 4096 to 10485760

Network compression algorithms that this instance will allow in negotiation as a comma-separated list. Listed in descending order of preference for incoming connections. An empty list implies no compression. For outgoing connections this merely specifies the allowed set of algorithms and the preference of the remote peer will be used for making the decision. Allowable values: [Gzip, Snappy, Snappy_validating, LZ4, LZ4_high_compression, LZ_validating, LZ4_high_compression_validating]

dbms.cluster.network.supported_compression_algos, a ',' separated list with elements of type 'a string'.

The time allowed for a database on a Neo4j server to either join a cluster or form a new cluster with the other Neo4j Servers provided by dbms.cluster.discovery.endpoints.

dbms.cluster.raft.binding_timeout, a duration (Valid units are: ns, μs, ms, s, m, h and d; default unit is s)

The maximum number of TCP channels between two nodes to operate the raft protocol. Each database gets allocated one channel, but a single channel can be used by more than one database.

dbms.cluster.raft.client.max_channels, an integer

The rate at which leader elections happen. Note that due to election conflicts it might take several attempts to find a leader. The window should be significantly larger than typical communication delays to make conflicts unlikely.

dbms.cluster.raft.election_failure_detection_window, a duration-range <min-max> (Valid units are: ns, μs, ms, s, m, h and d; default unit is s)

The time window within which the loss of the leader is detected and the first re-election attempt is held. The window should be significantly larger than typical communication delays to make conflicts unlikely.

dbms.cluster.raft.leader_failure_detection_window, a duration-range <min-max> (Valid units are: ns, μs, ms, s, m, h and d; default unit is s)

Which strategy to use when transferring database leaderships around a cluster. This can be one of equal_balancing or no_balancing. equal_balancing automatically ensures that each Core server holds the leader role for an equal number of databases.no_balancing prevents any automatic balancing of the leader role. Note that if a leadership_priority_group is specified for a given database, the value of this setting will be ignored for that database.

dbms.cluster.raft.leader_transfer.balancing_strategy, one of [NO_BALANCING, EQUAL_BALANCING]

RAFT log pruning frequency.

dbms.cluster.raft.log.pruning_frequency, a duration (Valid units are: ns, μs, ms, s, m, h and d; default unit is s)

RAFT log reader pool size.

dbms.cluster.raft.log.reader_pool_size, an integer

RAFT log rotation size.

dbms.cluster.raft.log.rotation_size, a byte size (valid multipliers are B, KiB, KB, K, kB, kb, k, MiB, MB, M, mB, mb, m, GiB, GB, G, gB, gb, g, TiB, TB, PiB, PB, EiB, EB) which is minimum 1.00KiB

Maximum amount of lag accepted for a new follower to join the Raft group.

dbms.cluster.raft.membership.join_max_lag, a duration (Valid units are: ns, μs, ms, s, m, h and d; default unit is s)

Time out for a new member to catch up.

dbms.cluster.raft.membership.join_timeout, a duration (Valid units are: ns, μs, ms, s, m, h and d; default unit is s)

Maximum retry time per request during store copy. Regular store files and indexes are downloaded in separate requests during store copy. This configures the maximum time failed requests are allowed to resend.

dbms.cluster.store_copy.max_retry_time_per_request, a duration (Valid units are: ns, μs, ms, s, m, h and d; default unit is s)

Name of the initial database allocator. After the creation of the dbms it can be set with the 'dbms.setDatabaseAllocator' procedure.

initial.dbms.database_allocator, a string

Initial default number of primary instances of user databases. If the user does not specify the number of primaries in 'CREATE DATABASE', this value will be used, unless it is overwritten with the 'dbms.setDefaultAllocationNumbers' procedure.

initial.dbms.default_primaries_count, an integer which is minimum 1 and is maximum 11. The same value applies to runtime max number.

Initial default number of secondary instances of user databases. If the user does not specify the number of secondaries in 'CREATE DATABASE', this value will be used, unless it is overwritten with the 'dbms.setDefaultAllocationNumbers' procedure.

initial.dbms.default_secondaries_count, an integer which is minimum 0 and is maximum 20. The same value applies to runtime max number.

The names of databases that are allowed on this server - all others are denied. Empty means all are allowed. Can be overridden when enabling the server, or altered at runtime, without changing this setting. Exclusive with 'server.initial_denied_databases'

initial.server.allowed_databases, a ',' separated set with elements of type 'a string'.

The names of databases that are not allowed on this server. Empty means nothing is denied. Can be overridden when enabling the server, or altered at runtime, without changing this setting. Exclusive with 'server.initial_allowed_databases'

initial.server.denied_databases, a ',' separated set with elements of type 'a string'.

An instance can restrict itself to allow databases to be hosted only as primaries or secondaries. This setting is the default input for the ENABLE SERVER command - the user can overwrite it when executing the procedure.

initial.server.mode_constraint, one of [PRIMARY, SECONDARY, NONE]

A list of tag names for the server used by database allocation and when configuring load balancing and replication policies.

initial.server.tags, a ',' separated list with elements of type 'a string identifying a Server Tag'.

Advertised hostname/IP address and port for the transaction shipping server.

server.cluster.advertised_address, a socket address in the format 'hostname:port', 'hostname' or ':port' which accessible address. If missing port or hostname it is acquired from server.default_advertised_address

Comma separated list of groups to be used by the connect-randomly-to-server-group selection strategy. The connect-randomly-to-server-group strategy is used if the list of strategies (server.cluster.catchup.upstream_strategy) includes the value connect-randomly-to-server-group.

server.cluster.catchup.connect_randomly_to_server_group, a ',' separated list with elements of type 'a string identifying a Server Tag'.

An ordered list in descending preference of the strategy which secondaries use to choose the upstream server from which to pull transactional updates. If none are valid or the list is empty, there is a default strategy of typically-connect-to-random-secondary.

server.cluster.catchup.upstream_strategy, a ',' separated list with elements of type 'a string'.

Configuration of a user-defined upstream selection strategy. The user-defined strategy is used if the list of strategies (server.cluster.catchup.upstream_strategy) includes the value user_defined.

server.cluster.catchup.user_defined_upstream_strategy, a string

Network interface and port for the transaction shipping server to listen on. Please note that it is also possible to run the backup client against this port so always limit access to it via the firewall and configure an ssl policy.

server.cluster.listen_address, a socket address in the format 'hostname:port', 'hostname' or ':port'. If missing port or hostname it is acquired from server.default_listen_address

Use native transport if available. Epoll for Linux or Kqueue for MacOS/BSD. If this setting is set to false, or if native transport is not available, Nio transport will be used.

server.cluster.network.native_transport_enabled, a boolean

Advertised hostname/IP address and port for the RAFT server.

server.cluster.raft.advertised_address, a socket address in the format 'hostname:port', 'hostname' or ':port' which accessible address. If missing port or hostname it is acquired from server.default_advertised_address

Network interface and port for the RAFT server to listen on.

server.cluster.raft.listen_address, a socket address in the format 'hostname:port', 'hostname' or ':port'. If missing port or hostname it is acquired from server.default_listen_address

Users must manually specify the mode for the system database on each instance.

server.cluster.system_database_mode, one of [PRIMARY, SECONDARY]

Host and port to bind the cluster member discovery management communication.

server.discovery.listen_address, a socket address in the format 'hostname:port', 'hostname' or ':port'. If missing port or hostname it is acquired from server.default_listen_address

A list of tag names for the server used when configuring load balancing and replication policies.

server.groups, a ',' separated list with elements of type 'a string identifying a Server Tag'.

Advertised address for this connector.

server.bolt.advertised_address, a socket address in the format 'hostname:port', 'hostname' or ':port' which accessible address. If missing port or hostname it is acquired from server.default_advertised_address

The maximum time to wait before sending a NOOP on connections waiting for responses from active ongoing queries.The minimum value is 1 millisecond.

server.bolt.connection_keep_alive, a duration (Valid units are: ns, μs, ms, s, m, h and d; default unit is s) which is minimum 1ms

The type of messages to enable keep-alive messages for (ALL, STREAMING or OFF)

server.bolt.connection_keep_alive_for_requests, one of [ALL, STREAMING, OFF]

The total amount of probes to be missed before a connection is considered stale.The minimum for this value is 1.

server.bolt.connection_keep_alive_probes, an integer which is minimum 1

The interval between every scheduled keep-alive check on all connections with active queries. Zero duration turns off keep-alive service.

server.bolt.connection_keep_alive_streaming_scheduling_interval, a duration (Valid units are: ns, μs, ms, s, m, h and d; default unit is s) which is minimum 0s

Enable the bolt connector.

server.bolt.enabled, a boolean

Address the connector should bind to.

server.bolt.listen_address, a socket address in the format 'hostname:port', 'hostname' or ':port'. If missing port or hostname it is acquired from server.default_listen_address

Enable server OCSP stapling for bolt and http connectors.

server.bolt.ocsp_stapling_enabled, a boolean

The maximum time an idle thread in the thread pool bound to this connector will wait for new tasks.

server.bolt.thread_pool_keep_alive, a duration (Valid units are: ns, μs, ms, s, m, h and d; default unit is s)

The maximum number of threads allowed in the thread pool bound to this connector.

server.bolt.thread_pool_max_size, an integer

The number of threads to keep in the thread pool bound to this connector, even if they are idle.

server.bolt.thread_pool_min_size, an integer

Encryption level to require this connector to use.

server.bolt.tls_level, one of [REQUIRED, OPTIONAL, DISABLED]

Advertised address for this connector.

server.http.advertised_address, a socket address in the format 'hostname:port', 'hostname' or ':port' which accessible address. If missing port or hostname it is acquired from server.default_advertised_address

Enable the http connector.

server.http.enabled, a boolean

Address the connector should bind to.

server.http.listen_address, a socket address in the format 'hostname:port', 'hostname' or ':port'. If missing port or hostname it is acquired from server.default_listen_address

Defines the set of modules loaded into the Neo4j web server. Options include TRANSACTIONAL_ENDPOINTS, BROWSER, UNMANAGED_EXTENSIONS and ENTERPRISE_MANAGEMENT_ENDPOINTS (if applicable).

server.http_enabled_modules, a ',' separated set with elements of type 'one of [TRANSACTIONAL_ENDPOINTS, UNMANAGED_EXTENSIONS, BROWSER, ENTERPRISE_MANAGEMENT_ENDPOINTS]'.

Advertised address for this connector.

server.https.advertised_address, a socket address in the format 'hostname:port', 'hostname' or ':port' which accessible address. If missing port or hostname it is acquired from server.default_advertised_address

Enable the https connector.

server.https.enabled, a boolean

Address the connector should bind to.

server.https.listen_address, a socket address in the format 'hostname:port', 'hostname' or ':port'. If missing port or hostname it is acquired from server.default_listen_address

Default hostname or IP address the server uses to advertise itself.

server.default_advertised_address, a socket address in the format 'hostname:port', 'hostname' or ':port' which has no specified port and accessible address

Default network interface to listen for incoming connections. To listen for connections on all interfaces, use "0.0.0.0".

server.default_listen_address, a socket address in the format 'hostname:port', 'hostname' or ':port' which has no specified port

Advertised cluster member discovery management communication.

server.discovery.advertised_address, a socket address in the format 'hostname:port', 'hostname' or ':port' which accessible address. If missing port or hostname it is acquired from server.default_advertised_address

The advertised address for the intra-cluster routing connector.

server.routing.advertised_address, a socket address in the format 'hostname:port', 'hostname' or ':port' which accessible address. If missing port or hostname it is acquired from server.default_advertised_address

The address the routing connector should bind to.

server.routing.listen_address, a socket address in the format 'hostname:port', 'hostname' or ':port'. If missing port or hostname it is acquired from server.default_listen_address

Always use client side routing (regardless of the default router) for neo4j:// protocol connections to these domains. A comma separated list of domains. Wildcards (*) are supported.

dbms.routing.client_side.enforce_for_domains, a ',' separated set with elements of type 'a string'.

Routing strategy for neo4j:// protocol connections. Default is CLIENT, using client-side routing, with server-side routing as a fallback (if enabled). When set to SERVER, client-side routing is short-circuited, and requests will rely on server-side routing (which must be enabled for proper operation, i.e. dbms.routing.enabled=true). Can be overridden by dbms.routing.client_side.enforce_for_domains.

dbms.routing.default_router, one of [SERVER, CLIENT]

Socket connection timeout. A timeout of zero is treated as an infinite timeout and will be bound by the timeout configured on the operating system level.

dbms.routing.driver.connection.connect_timeout, a duration (Valid units are: ns, μs, ms, s, m, h and d; default unit is s)

Pooled connections older than this threshold will be closed and removed from the pool. Setting this option to a low value will cause a high connection churn and might result in a performance hit. It is recommended to set maximum lifetime to a slightly smaller value than the one configured in network equipment (load balancer, proxy, firewall, etc. can also limit maximum connection lifetime). Zero and negative values result in lifetime not being checked.

dbms.routing.driver.connection.max_lifetime, a duration (Valid units are: ns, μs, ms, s, m, h and d; default unit is s)

Maximum amount of time spent attempting to acquire a connection from the connection pool. This timeout only kicks in when all existing connections are being used and no new connections can be created because maximum connection pool size has been reached. Error is raised when connection can’t be acquired within configured time. Negative values are allowed and result in unlimited acquisition timeout. Value of 0 is allowed and results in no timeout and immediate failure when connection is unavailable.

dbms.routing.driver.connection.pool.acquisition_timeout, a duration (Valid units are: ns, μs, ms, s, m, h and d; default unit is s)

Pooled connections that have been idle in the pool for longer than this timeout will be tested before they are used again, to ensure they are still alive. If this option is set too low, an additional network call will be incurred when acquiring a connection, which causes a performance hit. If this is set high, no longer live connections might be used which might lead to errors. Hence, this parameter tunes a balance between the likelihood of experiencing connection problems and performance Normally, this parameter should not need tuning. Value 0 means connections will always be tested for validity.

dbms.routing.driver.connection.pool.idle_test, a duration (Valid units are: ns, μs, ms, s, m, h and d; default unit is s)

Maximum total number of connections to be managed by a connection pool. The limit is enforced for a combination of a host and user. Negative values are allowed and result in unlimited pool. Value of 0is not allowed.

dbms.routing.driver.connection.pool.max_size, an integer

Sets level for driver internal logging.

dbms.routing.driver.logging.level, one of [DEBUG, INFO, WARN, ERROR, NONE]

Enable server-side routing in clusters using an additional bolt connector. When configured, this allows requests to be forwarded from one cluster member to another, if the requests can’t be satisfied by the first member (e.g. write requests received by a non-leader).

dbms.routing.enabled, a boolean

The load balancing plugin to use.

dbms.routing.load_balancing.plugin, a string which specified load balancer plugin exist.

Enables shuffling of the returned load balancing result.

dbms.routing.load_balancing.shuffle_enabled, a boolean

Configure if the dbms.routing.getRoutingTable() procedure should include non-writer primaries as read endpoints or return only secondaries. Note: if there are no secondaries for the given database primaries are returned as read end points regardless the value of this setting. Defaults to true so that non-writer primaries are available for read-only queries in a typical heterogeneous setup.

dbms.routing.reads_on_primaries_enabled, a boolean

Configure if the dbms.routing.getRoutingTable() procedure should include the writer as read endpoint or return only non-writers (non writer primaries and secondaries) Note: writer is returned as read endpoint if no other member is present all.

dbms.routing.reads_on_writers_enabled, a boolean

How long callers should cache the response of the routing procedure dbms.routing.getRoutingTable()

dbms.routing_ttl, a duration (Valid units are: ns, μs, ms, s, m, h and d; default unit is s) which is minimum 1s

This setting is associated with performance optimization. Set this to true in situations where it is preferable to have any queries using the 'shortestPath' function terminate as soon as possible with no answer, rather than potentially running for a long time attempting to find an answer (even if there is no path to be found). For most queries, the 'shortestPath' algorithm will return the correct answer very quickly. However there are some cases where it is possible that the fast bidirectional breadth-first search algorithm will find no results even if they exist. This can happen when the predicates in the WHERE clause applied to 'shortestPath' cannot be applied to each step of the traversal, and can only be applied to the entire path. When the query planner detects these special cases, it will plan to perform an exhaustive depth-first search if the fast algorithm finds no paths. However, the exhaustive search may be orders of magnitude slower than the fast algorithm. If it is critical that queries terminate as soon as possible, it is recommended that this option be set to true, which means that Neo4j will never consider using the exhaustive search for shortestPath queries. However, please note that if no paths are found, an error will be thrown at run time, which will need to be handled by the application.

dbms.cypher.forbid_exhaustive_shortestpath, a boolean

This setting is associated with performance optimization. The shortest path algorithm does not work when the start and end nodes are the same. With this setting set to false no path will be returned when that happens. The default value of true will instead throw an exception. This can happen if you perform a shortestPath search after a cartesian product that might have the same start and end nodes for some of the rows passed to shortestPath. If it is preferable to not experience this exception, and acceptable for results to be missing for those rows, then set this to false. If you cannot accept missing results, and really want the shortestPath between two common nodes, then re-write the query using a standard Cypher variable length pattern expression followed by ordering by path length and limiting to one result.

dbms.cypher.forbid_shortestpath_common_nodes, a boolean

Set this to specify the behavior when Cypher planner or runtime hints cannot be fulfilled. If true, then non-conformance will result in an error, otherwise only a warning is generated.

dbms.cypher.hints_error, a boolean

Set this to change the behavior for Cypher create relationship when the start or end node is missing. By default this fails the query and stops execution, but by setting this flag the create operation is simply not performed and execution continues.

dbms.cypher.lenient_create_relationship, a boolean

The minimum time between possible cypher query replanning events. After this time, the graph statistics will be evaluated, and if they have changed by more than the value set by dbms.cypher.statistics_divergence_threshold, the query will be replanned. If the statistics have not changed sufficiently, the same interval will need to pass before the statistics will be evaluated again. Each time they are evaluated, the divergence threshold will be reduced slightly until it reaches 10% after 7h, so that even moderately changing databases will see query replanning after a sufficiently long time interval.

dbms.cypher.min_replan_interval, a duration (Valid units are: ns, μs, ms, s, m, h and d; default unit is s)

Set this to specify the default planner for the default language version.

dbms.cypher.planner, one of [DEFAULT, COST]

If set to true a textual representation of the plan description will be rendered on the server for all queries running with EXPLAIN or PROFILE. This allows clients such as the neo4j browser and Cypher shell to show a more detailed plan description.

dbms.cypher.render_plan_description, a boolean

The threshold for statistics above which a plan is considered stale.

If any of the underlying statistics used to create the plan have changed more than this value, the plan will be considered stale and will be replanned. Change is calculated as abs(a-b)/max(a,b).

This means that a value of 0.75 requires the database to quadruple in size before query replanning. A value of 0 means that the query will be replanned as soon as there is any change in statistics and the replan interval has elapsed.

This interval is defined by dbms.cypher.min_replan_interval and defaults to 10s. After this interval, the divergence threshold will slowly start to decline, reaching 10% after about 7h. This will ensure that long running databases will still get query replanning on even modest changes, while not replanning frequently unless the changes are very large.

dbms.cypher.statistics_divergence_threshold, a double which is in the range 0.0 to 1.0

Allows the enabling or disabling of the file watcher service. This is an auxiliary service but should be left enabled in almost all cases.

db.filewatcher.enabled, a boolean

Database format. This is the format that will be used for new databases. Valid values are standard, aligned, or high_limit.The aligned format is essentially the standard format with some minimal padding at the end of pages such that a single record will never cross a page boundary. The high_limit format is available for Enterprise Edition only. It is required if you have a graph that is larger than 34 billion nodes, 34 billion relationships, or 68 billion properties.

db.format, a string

The maximum time interval within which lock should be acquired. Zero (default) means timeout is disabled.

db.lock.acquisition.timeout, a duration (Valid units are: ns, μs, ms, s, m, h and d; default unit is s)

If true, Neo4j will abort recovery if transaction log files are missing. Setting this to false will allow Neo4j to create new empty missing files for the already existing database, but the integrity of the database might be compromised.

db.recovery.fail_on_missing_files, a boolean

Relationship count threshold for considering a node to be dense.

db.relationship_grouping_threshold, an integer which is minimum 1

The maximum amount of time to wait for running transactions to complete before allowing initiated database shutdown to continue.

db.shutdown_transaction_end_timeout, a duration (Valid units are: ns, μs, ms, s, m, h and d; default unit is s)

Specify if Neo4j should try to preallocate store files as they grow.

db.store.files.preallocate, a boolean

Database timezone for temporal functions. All Time and DateTime values that are created without an explicit timezone will use this configured default timezone.

db.temporal.timezone, a string describing a timezone, either described by offset (e.g. +02:00) or by name (e.g. Europe/Stockholm)

Enables or disables tracking of how much time a query spends actively executing on the CPU. Calling SHOW TRANSACTIONS will display the time, but not in the query.log.
If you want the CPU time to be logged in the query.log, set db.track_query_cpu_time=true and db.logs.query.time_logging_enabled=true

db.track_query_cpu_time, a boolean

Name of the default database (aliases are not supported).

initial.dbms.default_database, A valid database name containing only alphabetic characters, numbers, dots and dashes with a length between 3 and 63 characters, starting with an alphabetic character but not with the name 'system'

Database timezone. Among other things, this setting influences the monitoring procedures.

dbms.db.timezone, one of [UTC, SYSTEM]

Databases may be created from an existing 'seed' (a database backup or dump) stored at some source URI. Different types of seed source are supported by different implementations of com.neo4j.dbms.seeding.SeedProvider. For example, seeds stored at s3:// and https:// URIs are supported by the builtin S3SeedProvider and URLConnectionSeedProvider respectively. This list specifies enabled seed providers. If a seed source (URI scheme) is supported by multiple providers in the list, the first matching provider will be used. If the list is set to empty, the seed from uri functionality is effectively disabled.

dbms.databases.seed_from_uri_providers, a , separated list with elements of type a string.

The maximum number of databases.

dbms.max_databases, a long which is minimum 2

The size of the internal buffer in bytes used by LOAD CSV. If the csv file contains huge fields this value may have to be increased.

db.import.csv.buffer_size, a long which is minimum 1

Selects whether to conform to the standard https://tools.ietf.org/html/rfc4180 for interpreting escaped quotation characters in CSV files loaded using LOAD CSV. Setting this to false will use the standard, interpreting repeated quotes '""' as a single in-lined quote, while true will use the legacy convention originally supported in Neo4j 3.0 and 3.1, allowing a backslash to include quotes in-lined in fields.

db.import.csv.legacy_quote_escaping, a boolean

The name of the analyzer that the fulltext indexes should use by default.

db.index.fulltext.default_analyzer, a string

Whether or not fulltext indexes should be eventually consistent by default or not.

db.index.fulltext.eventually_consistent, a boolean

The eventually_consistent mode of the fulltext indexes works by queueing up index updates to be applied later in a background thread. This newBuilder sets an upper bound on how many index updates are allowed to be in this queue at any one point in time. When it is reached, the commit process will slow down and wait for the index update applier thread to make some more room in the queue.

db.index.fulltext.eventually_consistent_index_update_queue_max_length, an integer which is in the range 1 to 50000000

Enable or disable background index sampling.

db.index_sampling.background_enabled, a boolean

Index sampling chunk size limit.

db.index_sampling.sample_size_limit, an integer which is in the range 1048576 to 2147483647

Percentage of index updates of total index size required before sampling of a given index is triggered.

db.index_sampling.update_percentage, an integer which is minimum 0

Log the annotation data as JSON strings instead of a Cypher map. This configuration has an effect only when the query log is in JSON format.

db.logs.query.annotation_data_as_json_enabled, a boolean

Log query text and parameters without obfuscating passwords. This allows queries to be logged earlier before parsing starts.

db.logs.query.early_raw_logging_enabled, a boolean

Log executed queries. Valid values are OFF, INFO, or VERBOSE.

Log entries are written to the query log.

This feature is available in the Neo4j Enterprise Edition.

db.logs.query.enabled, one of [OFF, INFO, VERBOSE]

Sets a maximum character length use for each parameter in the log. This only takes effect if db.logs.query.parameter_logging_enabled = true.

db.logs.query.max_parameter_length, an integer

Obfuscates all literals of the query before writing to the log. Note that node labels, relationship types and map property keys are still shown. Changing the setting will not affect queries that are cached. So, if you want the switch to have immediate effect, you must also call CALL db.clearQueryCaches().

db.logs.query.obfuscate_literals, a boolean

Log parameters for the executed queries being logged.

db.logs.query.parameter_logging_enabled, a boolean

Log query plan description table, useful for debugging purposes.

db.logs.query.plan_description_enabled, a boolean

If the execution of query takes more time than this threshold, the query is logged once completed - provided query logging is set to INFO. Defaults to 0 seconds, that is all queries are logged.

db.logs.query.threshold, a duration (Valid units are: ns, μs, ms, s, m, h and d; default unit is s)

Log the start and end of a transaction. Valid values are 'OFF', 'INFO', or 'VERBOSE'. OFF: no logging. INFO: log start and end of transactions that take longer than the configured threshold, db.logs.query.transaction.threshold. VERBOSE: log start and end of all transactions. Log entries are written to the query log. This feature is available in the Neo4j Enterprise Edition.

db.logs.query.transaction.enabled, one of [OFF, INFO, VERBOSE]

If the transaction is open for more time than this threshold, the transaction is logged once completed - provided transaction logging (db.logs.query.transaction.enabled) is set to INFO. Defaults to 0 seconds (all transactions are logged).

db.logs.query.transaction.threshold, a duration (Valid units are: ns, μs, ms, s, m, h and d; default unit is s)

Enable HTTP request logging.

dbms.logs.http.enabled, a boolean

Path to the logging configuration for debug, query, http and security logs.

server.logs.config, a path. If relative it is resolved from server.directories.neo4j_home

Enable the debug log.

server.logs.debug.enabled, a boolean

Enable GC Logging.

server.logs.gc.enabled, a boolean

GC Logging Options.

server.logs.gc.options, a string

Number of GC logs to keep.

server.logs.gc.rotation.keep_number, an integer

Size of each GC log that is kept.

server.logs.gc.rotation.size, a byte size (valid multipliers are B, KiB, KB, K, kB, kb, k, MiB, MB, M, mB, mb, m, GiB, GB, G, gB, gb, g, TiB, TB, PiB, PB, EiB, EB)

Path to the logging configuration of user logs.

server.logs.user.config, a path. If relative it is resolved from server.directories.neo4j_home

Page cache can be configured to perform usage sampling of loaded pages that can be used to construct active load profile. According to that profile pages can be reloaded on the restart, replication, etc. This setting allows disabling that behavior. This feature is available in Neo4j Enterprise Edition.

db.memory.pagecache.warmup.enable, a boolean

Page cache warmup can be configured to prefetch files, preferably when cache size is bigger than store size. Files to be prefetched can be filtered by 'dbms.memory.pagecache.warmup.preload.allowlist'. Enabling this disables warmup by profile.

db.memory.pagecache.warmup.preload, a boolean

Page cache warmup prefetch file allowlist regex. By default matches all files.

db.memory.pagecache.warmup.preload.allowlist, a string

The profiling frequency for the page cache. Accurate profiles allow the page cache to do active warmup after a restart, reducing the mean time to performance. This feature is available in Neo4j Enterprise Edition.

db.memory.pagecache.warmup.profile.interval, a duration (Valid units are: ns, μs, ms, s, m, h and d; default unit is s)

Limit the amount of memory that a single transaction can consume, in bytes (or kilobytes with the 'k' suffix, megabytes with 'm' and gigabytes with 'g'). Zero means 'largest possible value'.

db.memory.transaction.max, a byte size (valid multipliers are B, KiB, KB, K, kB, kb, k, MiB, MB, M, mB, mb, m, GiB, GB, G, gB, gb, g, TiB, TB, PiB, PB, EiB, EB) which is minimum 1.00MiB or is 0B

Limit the amount of memory that all transactions in one database can consume, in bytes (or kilobytes with the 'k' suffix, megabytes with 'm' and gigabytes with 'g'). Zero means 'unlimited'.

db.memory.transaction.total.max, a byte size (valid multipliers are B, KiB, KB, K, kB, kb, k, MiB, MB, M, mB, mb, m, GiB, GB, G, gB, gb, g, TiB, TB, PiB, PB, EiB, EB) which is minimum 10.00MiB or is 0B

Defines whether memory for transaction state should be allocated on- or off-heap. Note that for small transactions you can gain up to 25% write speed by setting it to ON_HEAP.

db.tx_state.memory_allocation, one of [ON_HEAP, OFF_HEAP]

The number of cached Cypher query execution plans per database. The max number of query plans that can be kept in cache is the number of databases * server.db.query_cache_size. With 10 databases and server.db.query_cache_size=1000, the caches can keep 10000 plans in total on the instance, assuming that each DB receives queries that fill up its cache.

server.db.query_cache_size, an integer which is minimum 0

server.memory.query_cache.per_db_cache_num_entries

Enable off heap and on heap memory tracking. Should not be set to false for clusters.

dbms.memory.tracking.enable, a boolean

Limit the amount of memory that all of the running transactions can consume, in bytes (or kilobytes with the 'k' suffix, megabytes with 'm' and gigabytes with 'g'). Zero means 'unlimited'.

dbms.memory.transaction.total.max, a byte size (valid multipliers are B, KiB, KB, K, kB, kb, k, MiB, MB, M, mB, mb, m, GiB, GB, G, gB, gb, g, TiB, TB, PiB, PB, EiB, EB) which is minimum 10.00MiB or is 0B

Initial heap size. By default it is calculated based on available system resources.

server.memory.heap.initial_size, a byte size (valid multipliers are B, KiB, KB, K, kB, kb, k, MiB, MB, M, mB, mb, m, GiB, GB, G, gB, gb, g, TiB, TB, PiB, PB, EiB, EB)

Maximum heap size. By default it is calculated based on available system resources.

server.memory.heap.max_size, a byte size (valid multipliers are B, KiB, KB, K, kB, kb, k, MiB, MB, M, mB, mb, m, GiB, GB, G, gB, gb, g, TiB, TB, PiB, PB, EiB, EB)

Defines the size of the off-heap memory blocks cache. The cache will contain this number of blocks for each block size that is power of two. Thus, maximum amount of memory used by blocks cache can be calculated as 2 * server.memory.off_heap.max_cacheable_block_size * server.memory.off_heap.block_cache_size

server.memory.off_heap.block_cache_size, an integer which is minimum 16

Defines the maximum size of an off-heap memory block that can be cached to speed up allocations. The value must be a power of 2.

server.memory.off_heap.max_cacheable_block_size, a byte size (valid multipliers are B, KiB, KB, K, kB, kb, k, MiB, MB, M, mB, mb, m, GiB, GB, G, gB, gb, g, TiB, TB, PiB, PB, EiB, EB) which is minimum 4.00KiB and is power of 2

The maximum amount of off-heap memory that can be used to store transaction state data; it’s a total amount of memory shared across all active transactions. Zero means 'unlimited'. Used when db.tx_state.memory_allocation is set to 'OFF_HEAP'.

server.memory.off_heap.transaction_max_size, a byte size (valid multipliers are B, KiB, KB, K, kB, kb, k, MiB, MB, M, mB, mb, m, GiB, GB, G, gB, gb, g, TiB, TB, PiB, PB, EiB, EB) which is minimum 0B

Use direct I/O for page cache. Setting is supported only on Linux and only for a subset of record formats that use platform aligned page size.

server.memory.pagecache.directio, a boolean

Page cache can be configured to use a temporal buffer for flushing purposes. It is used to combine, if possible, sequence of several cache pages into one bigger buffer to minimize the number of individual IOPS performed and better utilization of available I/O resources, especially when those are restricted.

server.memory.pagecache.flush.buffer.enabled, a boolean

Page cache can be configured to use a temporal buffer for flushing purposes. It is used to combine, if possible, sequence of several cache pages into one bigger buffer to minimize the number of individual IOPS performed and better utilization of available I/O resources, especially when those are restricted. Use this setting to configure individual file flush buffer size in pages (8KiB). To be able to utilize this buffer during page cache flushing, buffered flush should be enabled.

server.memory.pagecache.flush.buffer.size_in_pages, an integer which is in the range 1 to 512

The maximum number of worker threads to use for pre-fetching data when doing sequential scans. Set to '0' to disable pre-fetching for scans.

server.memory.pagecache.scan.prefetchers, an integer which is in the range 0 to 255

The amount of memory to use for mapping the store files. If Neo4j is running on a dedicated server, then it is generally recommended to leave about 2-4 gigabytes for the operating system, give the JVM enough heap to hold all your transaction state and query context, and then leave the rest for the page cache. If no page cache memory is configured, then a heuristic setting is computed based on available system resources.

server.memory.pagecache.size, a byte size (valid multipliers are B, KiB, KB, K, kB, kb, k, MiB, MB, M, mB, mb, m, GiB, GB, G, gB, gb, g, TiB, TB, PiB, PB, EiB, EB)

Enable sharing cache space between different databases. With this option turned on, databases will share cache space, but not cache entries. This means that a database may store and retrieve entries from the shared cache, but it may not retrieve entries produced by another database. The database may, however, evict entries from other databases as necessary, according to the constrained cache size and cache eviction policy. In essence, databases may compete for cache space, but may not observe each other’s entries.

When this option is turned on, the cache space available to all databases is configured with server.memory.query_cache.shared_cache_num_entries. With this option turned off, the cache space available to each individual database is configured with server.memory.query_cache.per_db_cache_num_entries.

server.memory.query_cache.sharing_enabled, a boolean

The number of cached queries for all databases. The maximum number of queries that can be kept in a cache is exactly server.memory.query_cache.shared_cache_num_entries. This setting is only deciding cache size when server.memory.query_cache.sharing_enabled is set to true.

server.memory.query_cache.shared_cache_num_entries, a integer

The number of cached queries per database. The maximum number of queries that can be kept in a cache is number of databases * server.memory.query_cache.per_db_cache_num_entries. With 10 databases and server.memory.query_cache.per_db_cache_num_entries=1000, the cache can keep 10000 plans in total. This setting is only deciding cache size when server.memory.query_cache.sharing_enabled is set to false.

server.memory.query_cache.per_db_cache_num_entries, a integer

Set to true to enable exporting metrics to CSV files.

server.metrics.csv.enabled, a boolean

The reporting interval for the CSV files. That is, how often new rows with numbers are appended to the CSV files.

server.metrics.csv.interval, a duration (Valid units are: ns, μs, ms, s, m, h and d; default unit is s) which is minimum 1ms

Decides what compression to use for the csv history files.

server.metrics.csv.rotation.compression, one of [NONE, ZIP, GZ]

Maximum number of history files for the csv files.

server.metrics.csv.rotation.keep_number, an integer which is minimum 1

The file size in bytes at which the csv files will auto-rotate. If set to zero then no rotation will occur. Accepts a binary suffix k, m or g.

server.metrics.csv.rotation.size, a byte size (valid multipliers are B, KiB, KB, K, kB, kb, k, MiB, MB, M, mB, mb, m, GiB, GB, G, gB, gb, g, TiB, TB, PiB, PB, EiB, EB) which is in the range 0B to 8388608.00TiB

Enable metrics. Setting this to false will to turn off all metrics.

server.metrics.enabled, a boolean

Specifies which metrics should be enabled by using a comma separated list of globbing patterns. Only the metrics matching the filter will be enabled. For example *check_point*,neo4j.page_cache.evictions will enable any checkpoint metrics and the pagecache eviction metric.

server.metrics.filter, a ',' separated list with elements of type 'A simple globbing pattern that can use * and ?.'.

Set to true to enable exporting metrics to Graphite.

server.metrics.graphite.enabled, a boolean

The reporting interval for Graphite. That is, how often to send updated metrics to Graphite.

server.metrics.graphite.interval, a duration (Valid units are: ns, μs, ms, s, m, h and d; default unit is s)

The hostname or IP address of the Graphite server.

server.metrics.graphite.server, a socket address in the format 'hostname:port', 'hostname' or ':port'. If missing port or hostname it is acquired from server.default_listen_address

Set to true to enable the JMX metrics endpoint.

server.metrics.jmx.enabled, a boolean

A common prefix for the reported metrics field names.

server.metrics.prefix, a string

Set to true to enable the Prometheus endpoint.

server.metrics.prometheus.enabled, a boolean

The hostname and port to use as Prometheus endpoint.

server.metrics.prometheus.endpoint, a socket address in the format hostname:port, hostname, or :port. If missing, port and hostname are acquired from server.default_listen_address.

Configure the policy for outgoing Neo4j Browser connections.

browser.allow_outgoing_connections, a boolean

Configure the Neo4j Browser to time out logged in users after this idle period. Setting this to 0 indicates no limit.

browser.credential_timeout, a duration (Valid units are: ns, μs, ms, s, m, h and d; default unit is s)

Commands to be run when Neo4j Browser successfully connects to this server. Separate multiple commands with semi-colon.

browser.post_connect_cmd, a string

Whitelist of hosts for the Neo4j Browser to be allowed to fetch content from.

browser.remote_content_hostname_whitelist, a string

Configure the Neo4j Browser to store or not store user credentials.

browser.retain_connection_credentials, a boolean

Configure the Neo4j Browser to store or not store user editor history.

browser.retain_editor_history, a boolean

Configure client applications such as Browser and Bloom to send Product Analytics data.

client.allow_telemetry, a boolean

Address for Kubernetes API.

dbms.kubernetes.address, a socket address in the format hostname:port, hostname or :port

File location of CA certificate for Kubernetes API.

dbms.kubernetes.ca_crt, a path

Kubernetes cluster domain.

dbms.kubernetes.cluster_domain, a string

LabelSelector for Kubernetes API.

dbms.kubernetes.label_selector, a string

File location of namespace for Kubernetes API.

dbms.kubernetes.namespace, a path

Service port name for discovery for Kubernetes API.

dbms.kubernetes.service_port_name, a string

File location of token for Kubernetes API.

dbms.kubernetes.token, a path

Determines if Cypher will allow using file URLs when loading data using LOAD CSV. Setting this value to false will cause Neo4j to fail LOAD CSV clauses that load data from the file system.

dbms.security.allow_csv_import_from_file_urls, a boolean

The maximum capacity for authentication and authorization caches (respectively).

dbms.security.auth_cache_max_capacity, an integer

The time to live (TTL) for cached authentication and authorization info when using external auth providers (LDAP or plugin). Setting the TTL to 0 will disable auth caching. Disabling caching while using the LDAP auth provider requires the use of an LDAP system account for resolving authorization information.

dbms.security.auth_cache_ttl, a duration (Valid units are: ns, μs, ms, s, m, h and d; default unit is s)

Enable time-based eviction of the authentication and authorization info cache for external auth providers (LDAP or plugin). Disabling this setting will make the cache live forever and only be evicted when dbms.security.auth_cache_max_capacity is exceeded.

dbms.security.auth_cache_use_ttl, a boolean

Enable auth requirement to access Neo4j.

dbms.security.auth_enabled, a boolean

The minimum number of characters required in a password.

dbms.security.auth_minimum_password_length, an integer

The amount of time user account should be locked after a configured number of unsuccessful authentication attempts. The locked out user will not be able to log in until the lock period expires, even if correct credentials are provided. Setting this configuration option to a low value is not recommended because it might make it easier for an attacker to brute force the password.

dbms.security.auth_lock_time, a duration (Valid units are: ns, μs, ms, s, m, h and d; default unit is s) which is minimum 0s

The maximum number of unsuccessful authentication attempts before imposing a user lock for the configured amount of time, as defined by dbms.security.auth_lock_time.The locked out user will not be able to log in until the lock period expires, even if correct credentials are provided. Setting this configuration option to values less than 3 is not recommended because it might make it easier for an attacker to brute force the password.

dbms.security.auth_max_failed_attempts, an integer which is minimum 0

A list of security authentication providers containing the users and roles. This can be any of the built-in native or ldap providers, or it can be an externally provided plugin, with a custom name prefixed by plugin-, i.e. plugin-<AUTH_PROVIDER_NAME>. They will be queried in the given order when login is attempted.

dbms.security.authentication_providers, a ',' separated list with elements of type 'a string'.

A list of security authorization providers containing the users and roles. This can be any of the built-in native or ldap providers, or it can be an externally provided plugin, with a custom name prefixed by plugin-, i.e. plugin-<AUTH_PROVIDER_NAME>. They will be queried in the given order when login is attempted.

dbms.security.authorization_providers, a ',' separated list with elements of type 'a string'.

Require authorization for access to the Causal Clustering status endpoints.

dbms.security.cluster_status_auth_enabled, a boolean

Value of the Access-Control-Allow-Origin header sent over any HTTP or HTTPS connector. This defaults to '*', which allows broadest compatibility. Note that any URI provided here limits HTTP/HTTPS access to that URI only.

dbms.security.http_access_control_allow_origin, a string

Defines an allowlist of http paths where Neo4j authentication is not required.

dbms.security.http_auth_allowlist, a ',' separated list with elements of type 'a string'.

Value of the HTTP Strict-Transport-Security (HSTS) response header. This header tells browsers that a webpage should only be accessed using HTTPS instead of HTTP. It is attached to every HTTPS response. Setting is not set by default so 'Strict-Transport-Security' header is not sent. Value is expected to contain directives like 'max-age', 'includeSubDomains' and 'preload'.

dbms.security.http_strict_transport_security, a string

Name of the 256 length AES encryption key, which is used for the symmetric encryption.

dbms.security.key.name, a string

Password for accessing the keystore holding a 256 length AES encryption key, which is used for the symmetric encryption.

dbms.security.keystore.password, a secure string

Location of the keystore holding a 256 length AES encryption key, which is used for the symmetric encryption of secrets held in system database.

dbms.security.keystore.path, a path