Each cache panel includes interactive buttons to manage cache contents:

These operations are performed via REST endpoints and provide immediate feedback on success or failure.

The cache control panel is automatically enabled when you include the micronaut-control-panel-cache module in your project. You can disable it by setting:

Individual cache panels can also be disabled by setting the cache-specific property:

The detailed view of each cache shows:

This provides complete visibility into your application’s caching layer for debugging and monitoring purposes.

When Micronaut Security is active, control panel routes are protected by default. The default access mode is micronaut.control-panel.security.access=AUTHORIZED, which requires an authenticated user with ROLE_CONTROL_PANEL.

If your application already uses Micronaut Security, the control panel does not become a separate OAuth client. Your existing Micronaut Security authentication mechanism authenticates the browser request, and the control panel fallback rule authorizes the UI and helper-controller routes.

The following example shows the default role-protected mode explicitly:

This secures the control panel routes themselves with micronaut.control-panel.security.access=AUTHORIZED and micronaut.control-panel.security.role=ROLE_CONTROL_PANEL. You can change the role if your application uses a different administrative role:

Management endpoint security remains under the normal Micronaut management configuration for your application.

Control panel write operations inherit the read access decision by default. This preserves the existing behavior: a user who can open the control panel can also use write actions such as cache invalidation, object storage upload and delete, datasource SQL execution, logger reconfiguration, and Hibernate statistics or cache mutations.

You can disable all control-panel write operations while leaving read views available:

When writes are denied, write controls remain visible in the UI but are disabled with an explanatory reason. Direct HTTP calls to the control-panel helper routes are rejected by the server-side security rule.

You can also use separate read and write roles:

If write-access: AUTHORIZED is configured without write-role, the configured read role is used as the effective write role. The available write access modes are INHERITED, ANONYMOUS, AUTHENTICATED, AUTHORIZED, and DENIED.

The AUTHENTICATED mode requires any logged-in user, but does not require a specific role. The ANONYMOUS mode keeps the UI and helper controllers anonymously reachable. Use these modes only for trusted development or test environments:

Host intercept-url-map rules run before the control-panel fallback rule, so host rules can still be stricter than the configured control panel access mode.

This panel displays the health information of your application, and relies on the Health Endpoint to display its information. By default, the health endpoint only displays details to authenticated users. When the control panel itself is protected by Micronaut Security, the current authenticated request is reused and details-visible: AUTHENTICATED works as expected:

If you opt into micronaut.control-panel.security.access=ANONYMOUS, anonymous control-panel requests continue to see the anonymous health view.

This panel displays application information, and relies on the Info Endpoint to display its information. The panel appears when the Info endpoint is available and can be disabled independently:

The Info endpoint can expose configuration-backed info.* values, build and git metadata, and values from custom InfoSource beans. Configure it only in environments where the Control Panel should be available:

The panel renders nested maps and lists from info.*, git/build property files, and custom InfoSource output.

This panel displays all the configuration properties resolved, and relies on the Environment Endpoint to display all the properties. This endpoint is disabled by default, so you need to configure it to be enabled in the environments where the control panel is enabled:

Also, by default, all the values will be masked. If you want to see the actual configuration values in the control panel, you can enable the built-in filter by setting the following configuration property:

This will show all values apart from those that contain the words password, credential, certificate, key, secret or token anywhere in their name.

This panel displays a searchable, read-only view of Micrometer metrics. It relies on the Micronaut Micrometer module and the Metrics Endpoint bean. The panel appears only when Micrometer metrics are enabled and the Metrics endpoint is available.

The detail view shows the selected metric’s description, base unit, measurements, and available tags. Tag filtering uses the same repeatable tag parameter shape as the Metrics endpoint, for example tag=outcome:success. Tag values that contain additional : characters are preserved.

This panel is intended as a lightweight development-time inspector. It does not configure meter registries, expose exporters, mutate metrics, provide alerts, or replace production observability dashboards such as Grafana.

You can disable only this panel with:

This panel displays all the beans, and their relationships, grouped by packages. It relies on the Beans Endpoint to display all the bean definitions. Keep the role-protected control-panel access when you do not want to expose that information to anonymous users.

This panel shows all disabled beans, i.e., beans that have not met any of their requirement conditions. For each disabled bean, you can see the reasons why the bean was not loaded.

This panel allows you to view and re-configure the logging levels without restarting the application. It relies on the Loggers Endpoint to display the logging levels. The control panel updates logger levels through a control-panel route, so the raw management endpoint can keep its default write sensitivity when you only need writes from the control panel. The endpoint is disabled by default, so enable it in the environments where the control panel should manage logging:

When Micronaut Security is active and micronaut.control-panel.security.access=AUTHORIZED, only users with the configured control-panel role can re-configure loggers through the control panel. Direct HTTP calls to /loggers/{logger} still follow Micronaut Management endpoint sensitivity rules. Set endpoints.loggers.write-sensitive=false only when you intentionally want to expose direct writable management endpoint access outside the control panel.

The Tables tab lists tables without rendering the full datasource schema at once. Use the schema filter and table search field to narrow the current page, then click a table row to open its detail panel.

The table detail panel shows the selected table name and schema, columns, primary keys, foreign keys, unique keys, relationship links, and an E/R diagram for the selected table. Relationship links open the related table detail so you can move through the schema without returning to the datasource list.

The table list and detail panel are separated by a resizable divider. The detail panel can also be collapsed from the table detail icon when you need more room for the table list.

The SQL console can execute ad hoc queries and displays the result set in a paginated table:

Table actions can insert a SELECT * query or a database-specific JSON query for the selected table. PostgreSQL datasources use to_json/to_jsonb queries, and Oracle datasources use JSON_OBJECT(…​ RETURNING JSON) so the returned column metadata identifies JSON values.

When a query result column is JSON, the cell is highlighted as JSON. Click the cell to format the JSON in place; click it again to return to the compact value. Non-JSON columns continue to render as regular table cells.

If the selected table has relationships, the table actions also include a JSON-with-relationships query. The generated JSON contains all table properties plus relationship properties named after the foreign key or relationship name.

When a supported pool implementation is present on the classpath and the datasource uses that pool, the datasource detail includes a Pool tab:

The pool tab shows a refreshable connection status card with active, idle, remaining, total, min, max, and waiting connection counts. It also lists pool options such as JDBC URL, user, sizing, timeouts, validation SQL, and behavior flags.

HikariCP pools are detected when micronaut-jdbc-hikari/HikariCP is present. Oracle UCP pools are detected when micronaut-jdbc-ucp/Oracle UCP is present. The tab is omitted when no supported pool inspector is available for the datasource.

To get started, add the following module as a development-time dependency:

It is assumed that you already have datasources configured with either micronaut-sql or micronaut-data. If not, you can check the following documentation:

The datasource control panel is automatically enabled when you include the micronaut-control-panel-datasource module in your project. You can disable it by setting:

The detail view keeps static metadata separate from runtime counters and operational actions.

The Session details tab shows the selected persistence unit and a curated set of safe runtime configuration values. This includes the session factory name, the datasource name, whether statistics are enabled, cache capabilities, default catalog and schema, JDBC behavior, fetch settings, batch settings, query settings, transaction options, and selected Hibernate properties. Sensitive values are masked when the property name contains password, credential, certificate, key, secret, or token, matching the same legacy masking terms used by the Environment panel when plain values are enabled.

The JDBC Data Source tab shows the datasource that backs the selected session factory. It includes connection metadata such as the bean name, JDBC URL, username, driver, database product, schema or catalog values, transaction isolation, autocommit, read-only state, and driver capability flags. This information is static datasource metadata and does not require Hibernate statistics to be enabled.

The Entity types tab shows mapped entity classes and persistent collection roles.

The entity table includes the Hibernate entity name, Java type, identifier type, attribute count, cache region, and runtime load/update counters when statistics are enabled. The attribute count opens a hover card with the mapped property names, Java types, mapping kind, and association or collection flags. The Properties action opens a dialog with all property definitions for the selected entity.

Entity and collection rows include an Actions menu. The Query action opens the HQL Console with a generated query for the selected entity type or collection role. The Evict action opens a confirmation dialog before removing matching entries from the second-level cache. Entity and collection eviction only removes cached Hibernate data; it does not delete database rows or related entities.

The Named queries tab lists named HQL and native SQL queries discovered from the selected session factory. The table shows the query name, query type, query text, cacheable flag, cache region, and available actions. Native SQL queries are identified separately from HQL so the original SQL text remains visible in the UI.

Named query actions can open the HQL Console for supported HQL queries. Native SQL entries are displayed for inspection, but the HQL Console remains a Hibernate query console and does not execute arbitrary SQL.

The HQL Console executes read-only Hibernate queries against the selected session factory. It is useful for checking entity mappings and inspecting a small result set without leaving the control panel.

The console displays scalar results in a table with generated column names. When a result value is a Hibernate entity, the cell displays the entity type and identifier, and a hover card shows the loaded property values. Paginated navigation is available when more results exist.

Mutation statements are rejected by the control panel. Use the Datasource Control Panel SQL console when you need to inspect JDBC tables directly.

The Statistics tab contains the statistics switch and the runtime views that depend on Hibernate statistics. When statistics are disabled, the panel still shows static session details, datasource metadata, entity mappings, named queries, and cache regions, but runtime counters and query statistics are empty until statistics collection is enabled.

Statistics are split into nested tabs:

The Clear statistics action resets the accumulated statistics for the selected session factory after confirmation.

The Cache tab shows Hibernate second-level and query cache regions. The region list is visible even when statistics are disabled, so cache eviction is still available without enabling statistics.

When statistics are enabled, the cache tab also displays cache counters and provider-reported memory information. The summary cards split provider-reported element count and memory size into separate views. Some cache providers do not support extended region statistics; when Hibernate reports that extended statistics are unavailable, the panel displays the metric as unsupported instead of showing a misleading value.

Cache actions always use a confirmation dialog. The available actions include:

Cache eviction affects Hibernate cache entries only. It does not remove database rows.

The detail view exposes the following runtime operations:

The Hibernate control panel is automatically enabled when you include the micronaut-control-panel-hibernate module in your project. You can disable it by setting:

The Kafka Streams control panel is automatically enabled when you include the micronaut-control-panel-kafka module in your project. You can disable it by setting:

The Kafka Streams panel always renders the topology from the configured ConfiguredStreamBuilder. When Micronaut Management and the Micronaut Kafka Streams health indicator expose details to the current Control Panel request path, the detail page also shows runtime state for the matching Kafka Streams application. The runtime section includes the health status, stream thread names and states, client IDs, producer client IDs, and active or standby task information when those values are present in the Health endpoint response.

Runtime state is optional. If Health details are hidden, disabled, or unavailable, the Kafka Streams panel still renders the topology diagram and shows an unavailable runtime-state message. The Kafka Streams panel only reads the visible HealthEndpoint result; it does not query Kafka brokers directly or bypass Health endpoint detail visibility.

For local development with an authenticated Control Panel, authenticated Health details can be shown to authenticated users:

If the Control Panel itself is intentionally anonymous in a trusted local environment, use ANONYMOUS instead. Only expose anonymous Health details in development or another trusted environment-specific configuration. The runtime-state section is intended for quick development diagnostics and is not a replacement for Micrometer metrics, consumer lag monitoring, or a full Kafka monitoring product.

The easiest way to implement a custom panel is to extend from AbstractControlPanel. For example:

Check the ControlPanel interface to see the other methods that can be overridden, for example, to display a badge in the control panel header.

There are some values for the UI that can be configured:

For rendering the views, the Control Panel uses Micronaut Views with Handlebars.java templates.

Each control panel needs to provide 2 views: one for the control panel list, that can contain a summary of the information to be displayed, and another one for the detailed view. They must be placed in a views/<panel-name> directory on the classpath, and named body.hbs and detail.hbs, respectively. For example, in the above example:

The ControlPanel instance (MyApplicationControlPanel in this case) is stored on the Handlebars context, so you can implicitly access its methods and properties. For example, to access the badge:

In the case of the detail view, the control panel instance is passed as an implicit controlPanel variable. For example, to access the body of our control panel example: