> For the complete documentation index, see [llms.txt](https://docs.opendatadiscovery.org/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.opendatadiscovery.org/configuration-and-deployment.md). # Configuration and Deployment - [Deployment Options](https://docs.opendatadiscovery.org/configuration-and-deployment/deployment.md): Pick a deployment path for ODD Platform and Collector — Docker Compose, Helm, AWS EKS, or from source — with step-by-step setup and pointers to the config deep-dives. - [Try locally](https://docs.opendatadiscovery.org/configuration-and-deployment/trylocally.md): Run ODD locally with docker-compose — a demo sandbox with the platform, sample database, lightweight pull collector, and metadata enricher. For production paths see Deployment Options. - [Deploy to Amazon Elastic Kubernetes Service (EKS)](https://docs.opendatadiscovery.org/configuration-and-deployment/quick_launch_on_amazon_elastic_kubernetes_service.md): Quick Launch of Open Data Discovery platform and collector on Amazon Elastic Kubernetes Service (EKS) - [Configure ODD Platform](https://docs.opendatadiscovery.org/configuration-and-deployment/odd-platform.md): This section defines how to configure ODD Platform in order to leverage all of its functionality and features. - [Health and monitoring](https://docs.opendatadiscovery.org/configuration-and-deployment/health-and-monitoring.md): Wire liveness/readiness probes to ODD Platform's /actuator/health and scrape metrics from /actuator/prometheus — what the health verdict does and does not cover. - [Collector secrets backend](https://docs.opendatadiscovery.org/configuration-and-deployment/collectors-secrets-backend.md): Load collector secrets (Platform token, DB passwords, cloud credentials) from an external backend — AWS SSM today, pluggable for additional providers — instead of plaintext YAML. - [Enable security](https://docs.opendatadiscovery.org/configuration-and-deployment/enable-security.md): ODD's two independent authentication surfaces — the UI/API surface (auth.type) and the ingestion endpoint (auth.ingestion.filter.enabled). Enabling one does not protect the other. - [Authentication](https://docs.opendatadiscovery.org/configuration-and-deployment/enable-security/authentication.md): ODD Platform's four supported authentication mechanisms for the UI/API surface — Disabled, Login form, OAuth2/OIDC, and LDAP — plus the S2S API-key surface for programmatic clients. - [Disabled authentication](https://docs.opendatadiscovery.org/configuration-and-deployment/enable-security/authentication/disabled-authentication.md): Disable platform authentication entirely — the default configuration for local deployments and demo sandboxes where no security is required. - [Login form](https://docs.opendatadiscovery.org/configuration-and-deployment/enable-security/authentication/login-form.md): Simplest auth mode — username/password credentials via auth.login-form-credentials. All login-form users receive ADMIN privileges; not suitable for production deployments. - [OAUTH2/OIDC](https://docs.opendatadiscovery.org/configuration-and-deployment/enable-security/authentication/oauth2-oidc.md): Configure ODD Platform to authenticate users via OAuth2/OIDC against AWS Cognito, GitHub, Google, Azure AD, Okta, Keycloak, or any custom OIDC-compliant identity provider. - [LDAP](https://docs.opendatadiscovery.org/configuration-and-deployment/enable-security/authentication/ldap.md): Configure ODD Platform to authenticate users against an existing LDAP server, including group-to-role mapping and the cross-mode user-name collision caveat for multi-mode deployments. - [Server-to-server (S2S)](https://docs.opendatadiscovery.org/configuration-and-deployment/enable-security/authentication/s2s.md): Configure server-to-server (S2S / M2M) API-key authentication for programmatic clients — CI/CD jobs, automation scripts, and non-human callers — alongside the configured interactive auth mode. - [Authorization](https://docs.opendatadiscovery.org/configuration-and-deployment/enable-security/authorization.md): ODD's RBAC model — permissions, policies, roles, owners, and user-owner association — centred on the user-identity / owner-identity bridge that resolves who-can-do-what. - [Policies](https://docs.opendatadiscovery.org/configuration-and-deployment/enable-security/authorization/policies.md): Policies are JSON-defined permission grants attached to owners through roles. Reference for policy structure, JSON Schema validation, resources, conditions, and the permissions a statement can grant. - [Permissions](https://docs.opendatadiscovery.org/configuration-and-deployment/enable-security/authorization/permissions.md): The five permission classes in ODD Platform — data entity, term, query example, lookup table, and management — with the full enumeration of permission keys and the surfaces each one gates. - [Roles](https://docs.opendatadiscovery.org/configuration-and-deployment/enable-security/authorization/roles.md): Roles bundle permissions. User roles (auth-chain-derived) versus Owner roles (operator-curated), and the precedence rule that resolves which wins for a given signed-in user. - [Owners](https://docs.opendatadiscovery.org/configuration-and-deployment/enable-security/authorization/owners.md): Owners are catalog-side data-steward identities, distinct from authenticated users. Reference for the Owner CRUD model, Owner roles, and the operator caveats around lifecycle and audit. - [User-owner association](https://docs.opendatadiscovery.org/configuration-and-deployment/enable-security/authorization/user-owner-association.md): Link a signed-in user to an Owner entity for owner-scoped permissions — three write-paths — self-request, self-request with auto-approve, and admin direct-bind. - [Admin promotion across providers](https://docs.opendatadiscovery.org/configuration-and-deployment/enable-security/admin-promotion.md): Single reference for ADMIN-promotion divergence across the four auth modes and the six OAuth2 provider sub-shapes — the matrix, the per-provider knobs that look the same but behave differently. - [Audit trail scope](https://docs.opendatadiscovery.org/configuration-and-deployment/enable-security/audit-trail-scope.md): ODD's bifurcated audit posture — what the platform records (activity feed + owner-association log), what it does not, and the compensating controls for SOX / HIPAA / GDPR / SOC2 reviews. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.opendatadiscovery.org/configuration-and-deployment.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.