Skip to main content

Basic configuration

EnvironmentDescription
POSTGRES_DB_URIThe postgres connection string to connect in the database.
API_URLAPI URL address, usually where your DNS will be pointed to. If a prefix is included all endpoints and routes will be available at this prefix.
  • Local Authentication
  • Oauth2/OIDC Authentication
Local Authentication manages users and passwords locally and sign JWT access tokens to users.
EnvironmentDescription
AUTH_METHODThe authentication method to use (local, oidc, saml). Default to local

Extra configuration

All fields below are not required but can give you some extra configuration options to attend your needs.
EnvironmentDefault ValueDescription
ADMIN_USERNAMEadminChanges the name of the group to act as the admin role
AUDITOR_USERNAMEauditorChanges the name of the group to act as the auditor role
API_KEYWhen this environment is set, it enables authentication with full administrative privileges. The key must follow this format: {org-id}|{random-string}
ANALYTICS_TRACKINGenabledDisable the analytics tracking by setting it to disabled
DLP_PROVIDERgcpWhich DLP provider to use: mspresidio or gcp
DLP_MODEbest-effortThe redact mode policy: best-effort or strict. The former makes a best effort to redact the content and the later will return an error in case of any redaction issue.
DEFAULT_AGENT_GRPC_HOSTA custom gRPC host to use for the default agent. It’s usually used when the gateway has end to end TLS enabled.
DISABLE_SESSIONS_DOWNLOADfalseControl if the download session is disabled or not
GIN_MODEreleaseTurn on (debug) logging of routes
GOOGLE_APPLICATION_CREDENTIALS_JSONGCP DLP credentials
GRPC_URLgrpc://127.0.0.1:8010The gRPC URL to advertise to clients.
LOG_ENCODINGjsonThe encoding of output logs (console)
LOG_GRPC”1” enables logging gRPC protocol
LOG_LEVELinfoThe verbosity of logs (debug,info,warn,error)
SSH_CLIENT_HOST_KEYThe private key host key to use for the local SSH server client. It should be a key generated in PKCS#8 format encoded as base64.
INTEGRATION_AWS_INSTANCE_ROLE_ALLOWWhen this option is set to true, it allow to use AWS instance role when interacting with AWS Connect integration
MSPRESIDIO_ANALYZER_URLHost and port for MS Presidio Analyzer <host-to-analyzer:port>
MSPRESIDIO_ANONYMIZER_URLHost and port for MS Presidio Anonymizer <host-to-anonymizer:port>
ORG_MULTI_TENANTEnable organization multi-tenancy
PLUGIN_AUDIT_PATH/opt/hoop/sessionsThe path where the temporary sessions are stored
STATIC_UI_PATH/app/ui/publicThe path where the UI assets resides
TLS_CAThe path or value to the certificate authority (pem), e.g.: file:// or base64://
TLS_CERTThe path or value to the certificate server (pem) e.g.: file:// or base64://
TLS_KEYThe path or value to the RSA private key e.g.: file:// or base64://
WEBAPP_USERS_MANAGEMENTonEnable the users management in the Webapp. It allows to create, edit and delete users.
WEBHOOK_APPKEYThe application key to send messages to the Svix Webhook provider.
WEBHOOK_APPURLThe Svix Server URL for self hosted setups.