Infrahub configuration
The Infrahub containers have a number of environmental variables available at runtime to affect their behavior.
Here are a few common methods of setting configuration:
- Exporting in a shell, example:
export INFRAHUB_ADDRESS="http://localhost:8000" - Using a
.envfile - Using a
.tomlconfiguration file (setting names use lowercase with underscores, e.g.,address = "http://localhost:8000") - Using direnv
note
infrahubctl has it's own environmental variables. See the infrahubctl documentation for more information.
Main​
| Name | Description | Type | Default |
|---|---|---|---|
INFRAHUB_DOCS_INDEX_PATH | Full path of saved json containing pre-indexed documentation | string | /opt/infrahub/docs/build/search-index.json |
INFRAHUB_INTERNAL_ADDRESS | None | None | None |
INFRAHUB_ALLOW_ANONYMOUS_ACCESS | Indicates if the system allows anonymous read access | boolean | True |
INFRAHUB_ANONYMOUS_ACCESS_ROLE | Name of the role defining which permissions anonymous users have | string | Anonymous User |
INFRAHUB_TELEMETRY_OPTOUT | Disable anonymous usage reporting | boolean | False |
INFRAHUB_TELEMETRY_ENDPOINT | None | string | https://telemetry.opsmill.cloud/infrahub |
INFRAHUB_PERMISSION_BACKENDS | List of modules to handle permissions, they will be run in the given order | array[string] | ['infrahub.permissions.LocalPermissionBackend'] |
INFRAHUB_PUBLIC_URL | Define the public URL of the Infrahub, might be required for OAuth2 and OIDC depending on your infrastructure. | None | None |
INFRAHUB_SCHEMA_STRICT_MODE | Enable strict schema validation. When set to False, human_friendly_id schema fields should not necessarily target a unique combination of peer attributes. | boolean | True |
INFRAHUB_DIFF_UPDATE_AFTER_MERGE | When enabled, diff updates are triggered for active branches after a branch merge. | boolean | True |
INFRAHUB_DELETE_BRANCH_AFTER_MERGE | When enabled, the Infrahub branch is automatically deleted after a successful merge. | boolean | False |
Api​
| Name | Description | Type | Default |
|---|---|---|---|
INFRAHUB_API_CORS_ALLOW_ORIGINS | A list of origins that are authorized to make cross-site HTTP requests | array[string] | None |
INFRAHUB_API_CORS_ALLOW_METHODS | A list of HTTP verbs that are allowed for the actual request | array[string] | None |
INFRAHUB_API_CORS_ALLOW_HEADERS | The list of non-standard HTTP headers allowed in requests from the browser | array[string] | None |
INFRAHUB_API_CORS_ALLOW_CREDENTIALS | If True, cookies will be allowed to be included in cross-site HTTP requests | boolean | True |
Git​
| Name | Description | Type | Default |
|---|---|---|---|
INFRAHUB_GIT_REPOSITORIES_DIRECTORY | None | string | repositories |
INFRAHUB_GIT_SYNC_INTERVAL | Time (in seconds) between git repositories synchronizations | integer | 10 |
INFRAHUB_GIT_APPEND_GIT_SUFFIX | Automatically append '.git' to HTTP URLs if for these domains. | array[string] | None |
INFRAHUB_GIT_IMPORT_SYNC_BRANCH_NAMES | Names or regex of branches to be created in infrahub during import e.g. 'infrahub/.', 'release/.', '^branch-'. Note: other branches created with sync with git will be imported also | array[string] | None |
INFRAHUB_GIT_USER_NAME | User name of the git user. This will be used as the user name when Infrahub commits code to a repository | string | Infrahub |
INFRAHUB_GIT_USER_EMAIL | Email of the git user. This will be used as the user email when Infrahub commits code to a repository | string | [email protected] |
INFRAHUB_GIT_GLOBAL_CONFIG_FILE | The location of the git config file. This will be set as the system GIT_CONFIG_GLOBAL environment variable if the environment variable is not initially set | string | /opt/infrahub/.gitconfig |
INFRAHUB_GIT_USE_EXPLICIT_MERGE_COMMIT | Whether to allow explicit merge commits when infrahub merges branches | boolean | False |
INFRAHUB_GIT_DELETE_GIT_BRANCH_AFTER_MERGE | When enabled, the corresponding Git branch is deleted after the Infrahub branch is deleted. Requires delete_branch_after_merge to be enabled. | boolean | False |
Dev​
The development settings are only relevant for local development.
| Name | Description | Type | Default |
|---|---|---|---|
INFRAHUB_DEV_FRONTEND_REDIRECT_SSO | Indicates of the frontend should be responsible for the SSO redirection | boolean | False |
INFRAHUB_DEV_ALLOW_ENTERPRISE_CONFIGURATION | Allow enterprise configuration in development mode, this will not enable the features just allow the configuration. | boolean | False |
INFRAHUB_DEV_GIT_CREDENTIAL_HELPER | Location of git credential helper | string | infrahub-git-credential |
Http​
The HTTP settings control how Infrahub interacts with external HTTP servers. This can be things like webhooks and OAuth2 providers.
| Name | Description | Type | Default |
|---|---|---|---|
INFRAHUB_HTTP_TIMEOUT | Default connection timeout in seconds | integer | 10 |
INFRAHUB_HTTP_TLS_INSECURE | Indicates if Infrahub will validate server certificates or if the validation is ignored. | boolean | False |
INFRAHUB_HTTP_TLS_CA_BUNDLE | Custom CA bundle in PEM format. The value should either be the CA bundle as a string, alternatively as a file path. | None | None |
Database​
| Name | Description | Type | Default |
|---|---|---|---|
INFRAHUB_DB_INFRAHUB_DB_TYPE | None | string (neo4j, memgraph) | neo4j |
INFRAHUB_DB_PROTOCOL | None | string | bolt |
INFRAHUB_DB_USERNAME | None | string | neo4j |
INFRAHUB_DB_PASSWORD | None | string | admin |
INFRAHUB_DB_ADDRESS | None | string | localhost |
INFRAHUB_DB_PORT | None | integer | 7687 |
INFRAHUB_DB_DATABASE | Name of the database | None | None |
INFRAHUB_DB_POLICY | Routing policy for database connections | None | None |
INFRAHUB_DB_TLS_ENABLED | Indicates if TLS is enabled for the connection | boolean | False |
INFRAHUB_DB_TLS_INSECURE | Indicates if TLS certificates are verified | boolean | False |
INFRAHUB_DB_TLS_CA_FILE | File path to CA cert or bundle in PEM format | None | None |
INFRAHUB_DB_QUERY_SIZE_LIMIT | The max number of records to fetch in a single query before performing internal pagination. | integer | 5000 |
INFRAHUB_DB_MAX_DEPTH_SEARCH_HIERARCHY | Maximum number of level to search in a hierarchy. | integer | 5 |
INFRAHUB_DB_RETRY_LIMIT | Maximum number of times a transient issue in a transaction should be retried. | integer | 3 |
INFRAHUB_DB_RETRY_BASE_DELAY | Base delay in seconds for exponential backoff on transaction retries. | number | 0.1 |
INFRAHUB_DB_RETRY_MAX_DELAY | Maximum delay in seconds for exponential backoff on transaction retries. | number | 2.0 |
INFRAHUB_DB_RETRY_JITTER_MAX | Maximum jitter in seconds added to retry delay to avoid thundering herd. | number | 0.1 |
INFRAHUB_DB_MAX_CONCURRENT_QUERIES | Maximum number of concurrent queries that can run (0 means unlimited). | integer | 0 |
INFRAHUB_DB_MAX_CONCURRENT_QUERIES_DELAY | Delay to add when max_concurrent_queries is reached. | number | 0.01 |
Broker​
Configuration settings for the message bus.
| Name | Description | Type | Default |
|---|---|---|---|
INFRAHUB_BROKER_TLS_ENABLED | Indicates if TLS is enabled for the connection | boolean | False |
INFRAHUB_BROKER_TLS_INSECURE | Indicates if TLS certificates are verified | boolean | False |
INFRAHUB_BROKER_TLS_CA_FILE | File path to CA cert or bundle in PEM format | None | None |
INFRAHUB_BROKER_USERNAME | None | string | infrahub |
INFRAHUB_BROKER_PASSWORD | None | string | infrahub |
INFRAHUB_BROKER_ADDRESS | None | string | localhost |
INFRAHUB_BROKER_PORT | Specified if running on a non default port. | None | None |
INFRAHUB_BROKER_RABBITMQ_HTTP_PORT | None | None | None |
INFRAHUB_BROKER_NAMESPACE | None | string | infrahub |
INFRAHUB_BROKER_MAXIMUM_MESSAGE_RETRIES | The maximum number of retries that are attempted for failed messages | integer | 10 |
INFRAHUB_BROKER_MAXIMUM_CONCURRENT_MESSAGES | The maximum number of concurrent messages fetched by each worker | integer | 2 |
INFRAHUB_BROKER_VIRTUALHOST | The virtual host to connect to | string | / |
INFRAHUB_BROKER_DRIVER | None | string (rabbitmq, nats) | rabbitmq |
Cache​
| Name | Description | Type | Default |
|---|---|---|---|
INFRAHUB_CACHE_ADDRESS | None | string | localhost |
INFRAHUB_CACHE_PORT | Specified if running on a non default port (6379) | None | None |
INFRAHUB_CACHE_DATABASE | Id of the database to use | integer | 0 |
INFRAHUB_CACHE_DRIVER | None | string (redis, nats) | redis |
INFRAHUB_CACHE_USERNAME | None | string | |
INFRAHUB_CACHE_PASSWORD | None | string | |
INFRAHUB_CACHE_TLS_ENABLED | Indicates if TLS is enabled for the connection | boolean | False |
INFRAHUB_CACHE_TLS_INSECURE | Indicates if TLS certificates are verified | boolean | False |
INFRAHUB_CACHE_TLS_CA_FILE | File path to CA cert or bundle in PEM format | None | None |
INFRAHUB_CACHE_CLEAN_UP_DEADLOCKS_INTERVAL_MINS | Age threshold in minutes: locks older than this and owned by inactive workers are deleted by the cleanup task. | integer | 15 |
Workflow​
| Name | Description | Type | Default |
|---|---|---|---|
INFRAHUB_WORKFLOW_ADDRESS | None | string | localhost |
INFRAHUB_WORKFLOW_PORT | Specified if running on a non default port. | None | None |
INFRAHUB_WORKFLOW_TLS_ENABLED | Indicates if TLS is enabled for the connection | boolean | False |
INFRAHUB_WORKFLOW_DRIVER | None | string (local, worker) | worker |
INFRAHUB_WORKFLOW_DEFAULT_WORKER_TYPE | None | string | infrahubasync |
INFRAHUB_WORKFLOW_EXTRA_LOGGERS | A list of additional logger that will be captured during task execution. | array[string] | None |
INFRAHUB_WORKFLOW_EXTRA_LOG_LEVEL | Log level applied to all extra loggers. | string (CRITICAL, ERROR, WARNING, INFO, DEBUG) | INFO |
INFRAHUB_WORKFLOW_WORKER_POLLING_INTERVAL | Specify how often the worker should poll the server for tasks (sec) | integer | 2 |
INFRAHUB_WORKFLOW_FLOW_RUN_COUNT_CACHE_THRESHOLD | Threshold for caching flow run counts (0 to always cache, higher values to disable) | integer | 100000 |
Miscellaneous​
| Name | Description | Type | Default |
|---|---|---|---|
INFRAHUB_MISC_PRINT_QUERY_DETAILS | None | boolean | False |
INFRAHUB_MISC_START_BACKGROUND_RUNNER | None | boolean | True |
INFRAHUB_MISC_MAXIMUM_VALIDATOR_EXECUTION_TIME | The maximum allowed time (in seconds) for a validator to run. | integer | 1800 |
INFRAHUB_MISC_RESPONSE_DELAY | Arbitrary delay to add when processing API requests. | integer | 0 |
Analytics​
| Name | Description | Type | Default |
|---|---|---|---|
INFRAHUB_ANALYTICS_ENABLE | None | boolean | True |
INFRAHUB_ANALYTICS_ADDRESS | None | None | None |
INFRAHUB_ANALYTICS_API_KEY | None | None | None |
Initial​
| Name | Description | Type | Default |
|---|---|---|---|
INFRAHUB_INITIAL_DEFAULT_BRANCH | Defines the name of the default branch within Infrahub, can only be set once during initialization of the system. | string | main |
INFRAHUB_INITIAL_ADMIN_TOKEN | An optional initial token for the admin account. | None | None |
INFRAHUB_INITIAL_ADMIN_PASSWORD | The initial password for the admin user | string | infrahub |
INFRAHUB_INITIAL_AGENT_TOKEN | An optional initial token for a git-agent account. | None | None |
INFRAHUB_INITIAL_AGENT_PASSWORD | An optional initial password for a git-agent account. | None | None |
Policy​
| Name | Description | Type | Default |
|---|---|---|---|
INFRAHUB_POLICY_REQUIRED_PROPOSED_CHANGE_APPROVALS | Number of approvals required for proposed changes. (Enterprise only: not available in the community version.) | integer | 0 |
INFRAHUB_POLICY_REVOKE_PROPOSED_CHANGE_APPROVALS | Boolean indicating whether performing changes on a proposed change branch should revoke existing approvals. (Enterprise only: not available in the community version.) | boolean | False |
Security​
| Name | Description | Type | Default |
|---|---|---|---|
INFRAHUB_SECURITY_ACCESS_TOKEN_LIFETIME | Lifetime of access token in seconds | integer | 3600 |
INFRAHUB_SECURITY_REFRESH_TOKEN_LIFETIME | Lifetime of refresh token in seconds | integer | 2592000 |
INFRAHUB_SECURITY_SECRET_KEY | The secret key used to validate authentication tokens | string | None |
INFRAHUB_SECURITY_OAUTH2_PROVIDERS | The selected OAuth2 providers | array[string] | None |
INFRAHUB_SECURITY_OAUTH2_PROVIDER_SETTINGS | None | object | Check nested parameters |
INFRAHUB_SECURITY_OIDC_PROVIDERS | The selected OIDC providers | array[string] | None |
INFRAHUB_SECURITY_OIDC_PROVIDER_SETTINGS | None | object | Check nested parameters |
INFRAHUB_SECURITY_RESTRICT_UNTRUSTED_JINJA2_FILTERS | Indicates if untrusted Jinja2 filters should be disallowed for computed attributes | boolean | True |
INFRAHUB_SECURITY_SSO_USER_DEFAULT_GROUP | Name of the group to which users authenticated via SSO will belong if not provided by identity provider | None | None |
INFRAHUB_SECURITY_SSO_ACCOUNT_NAME_FALLBACK | When enabled, an SSO login that has no linked identity and matches an existing account by display name claims that account, as long as it has not already been linked to another identity. When disabled, such a login always provisions a separate account instead of reusing an existing one. | boolean | True |
INFRAHUB_SECURITY_OAUTH2_PROVIDER_SETTINGS​
| Name | Description | Type | Default |
|---|---|---|---|
INFRAHUB_OAUTH2_GOOGLE_ICON | None | string | mdi:google |
INFRAHUB_OAUTH2_GOOGLE_USERINFO_METHOD | None | string (post, get) | get |
INFRAHUB_OAUTH2_GOOGLE_PKCE_ENABLED | Enable PKCE (RFC 7636) with S256 method for authorization code flow | boolean | True |
INFRAHUB_OAUTH2_GOOGLE_CLIENT_ID | Client ID of the application created in the auth provider | string | None |
INFRAHUB_OAUTH2_GOOGLE_CLIENT_SECRET | Client secret as defined in auth provider | None | None |
INFRAHUB_OAUTH2_GOOGLE_AUTHORIZATION_URL | None | string | https://accounts.google.com/o/oauth2/auth |
INFRAHUB_OAUTH2_GOOGLE_TOKEN_URL | None | string | https://oauth2.googleapis.com/token |
INFRAHUB_OAUTH2_GOOGLE_USERINFO_URL | None | string | https://www.googleapis.com/oauth2/v3/userinfo |
INFRAHUB_OAUTH2_GOOGLE_SCOPES | None | array[string] | None |
INFRAHUB_OAUTH2_GOOGLE_DISPLAY_LABEL | None | string | |
INFRAHUB_OAUTH2_GOOGLE_FETCH_GROUPS | Whether to use Cloud Identity API to fetch user groups. Note: requires additional scopes: https://www.googleapis.com/auth/cloud-identity.groups.readonly | boolean | False |
INFRAHUB_OAUTH2_GOOGLE_CLOUDIDENTITY_URL | Google Cloud endpoint for Cloud Identity. Using searchDirectGroups by default because it is available for the Free plan | string | https://cloudidentity.googleapis.com/v1/groups/-/memberships:searchDirectGroups |
INFRAHUB_OAUTH2_PROVIDER1_ICON | None | string | mdi:account-key |
INFRAHUB_OAUTH2_PROVIDER1_USERINFO_METHOD | None | string (post, get) | get |
INFRAHUB_OAUTH2_PROVIDER1_PKCE_ENABLED | Enable PKCE (RFC 7636) with S256 method for authorization code flow | boolean | True |
INFRAHUB_OAUTH2_PROVIDER1_CLIENT_ID | Client ID of the application created in the auth provider | string | None |
INFRAHUB_OAUTH2_PROVIDER1_CLIENT_SECRET | Client secret as defined in auth provider | None | None |
INFRAHUB_OAUTH2_PROVIDER1_AUTHORIZATION_URL | None | string | None |
INFRAHUB_OAUTH2_PROVIDER1_TOKEN_URL | None | string | None |
INFRAHUB_OAUTH2_PROVIDER1_USERINFO_URL | None | string | None |
INFRAHUB_OAUTH2_PROVIDER1_SCOPES | None | array[string] | None |
INFRAHUB_OAUTH2_PROVIDER1_DISPLAY_LABEL | None | string | Single Sign on |
INFRAHUB_OAUTH2_PROVIDER2_ICON | None | string | mdi:account-key |
INFRAHUB_OAUTH2_PROVIDER2_USERINFO_METHOD | None | string (post, get) | get |
INFRAHUB_OAUTH2_PROVIDER2_PKCE_ENABLED | Enable PKCE (RFC 7636) with S256 method for authorization code flow | boolean | True |
INFRAHUB_OAUTH2_PROVIDER2_CLIENT_ID | Client ID of the application created in the auth provider | string | None |
INFRAHUB_OAUTH2_PROVIDER2_CLIENT_SECRET | Client secret as defined in auth provider | None | None |
INFRAHUB_OAUTH2_PROVIDER2_AUTHORIZATION_URL | None | string | None |
INFRAHUB_OAUTH2_PROVIDER2_TOKEN_URL | None | string | None |
INFRAHUB_OAUTH2_PROVIDER2_USERINFO_URL | None | string | None |
INFRAHUB_OAUTH2_PROVIDER2_SCOPES | None | array[string] | None |
INFRAHUB_OAUTH2_PROVIDER2_DISPLAY_LABEL | None | string | Single Sign on |
INFRAHUB_SECURITY_OIDC_PROVIDER_SETTINGS​
| Name | Description | Type | Default |
|---|---|---|---|
INFRAHUB_OIDC_GOOGLE_ICON | None | string | mdi:google |
INFRAHUB_OIDC_GOOGLE_DISPLAY_LABEL | None | string | |
INFRAHUB_OIDC_GOOGLE_USERINFO_METHOD | None | string (post, get) | get |
INFRAHUB_OIDC_GOOGLE_PKCE_ENABLED | Enable PKCE (RFC 7636) with S256 method for authorization code flow | boolean | True |
INFRAHUB_OIDC_GOOGLE_ID_TOKEN_VERIFY_SIGNATURE | Verify the cryptographic signature, audience and issuer of the OIDC id_token. | boolean | True |
INFRAHUB_OIDC_GOOGLE_CLIENT_ID | Client ID of the application created in the auth provider | string | None |
INFRAHUB_OIDC_GOOGLE_CLIENT_SECRET | Client secret as defined in auth provider | None | None |
INFRAHUB_OIDC_GOOGLE_DISCOVERY_URL | None | string | https://accounts.google.com/.well-known/openid-configuration |
INFRAHUB_OIDC_GOOGLE_SCOPES | None | array[string] | None |
INFRAHUB_OIDC_GOOGLE_FETCH_GROUPS | Whether to use Cloud Identity API to fetch user groups. Note: requires additional scope: https://www.googleapis.com/auth/cloud-identity.groups.readonly | boolean | False |
INFRAHUB_OIDC_GOOGLE_CLOUDIDENTITY_URL | Google Cloud endpoint for Cloud Identity. Using searchDirectGroups by default because it is available for the Free plan | string | https://cloudidentity.googleapis.com/v1/groups/-/memberships:searchDirectGroups |
INFRAHUB_OIDC_PROVIDER1_ICON | None | string | mdi:account-key |
INFRAHUB_OIDC_PROVIDER1_DISPLAY_LABEL | None | string | Single Sign on |
INFRAHUB_OIDC_PROVIDER1_USERINFO_METHOD | None | string (post, get) | get |
INFRAHUB_OIDC_PROVIDER1_PKCE_ENABLED | Enable PKCE (RFC 7636) with S256 method for authorization code flow | boolean | True |
INFRAHUB_OIDC_PROVIDER1_ID_TOKEN_VERIFY_SIGNATURE | Verify the cryptographic signature, audience and issuer of the OIDC id_token. | boolean | True |
INFRAHUB_OIDC_PROVIDER1_CLIENT_ID | Client ID of the application created in the auth provider | string | None |
INFRAHUB_OIDC_PROVIDER1_CLIENT_SECRET | Client secret as defined in auth provider | None | None |
INFRAHUB_OIDC_PROVIDER1_DISCOVERY_URL | The OIDC discovery URL xyz/.well-known/openid-configuration | string | None |
INFRAHUB_OIDC_PROVIDER1_SCOPES | None | array[string] | None |
INFRAHUB_OIDC_PROVIDER2_ICON | None | string | mdi:account-key |
INFRAHUB_OIDC_PROVIDER2_DISPLAY_LABEL | None | string | Single Sign on |
INFRAHUB_OIDC_PROVIDER2_USERINFO_METHOD | None | string (post, get) | get |
INFRAHUB_OIDC_PROVIDER2_PKCE_ENABLED | Enable PKCE (RFC 7636) with S256 method for authorization code flow | boolean | True |
INFRAHUB_OIDC_PROVIDER2_ID_TOKEN_VERIFY_SIGNATURE | Verify the cryptographic signature, audience and issuer of the OIDC id_token. | boolean | True |
INFRAHUB_OIDC_PROVIDER2_CLIENT_ID | Client ID of the application created in the auth provider | string | None |
INFRAHUB_OIDC_PROVIDER2_CLIENT_SECRET | Client secret as defined in auth provider | None | None |
INFRAHUB_OIDC_PROVIDER2_DISCOVERY_URL | The OIDC discovery URL xyz/.well-known/openid-configuration | string | None |
INFRAHUB_OIDC_PROVIDER2_SCOPES | None | array[string] | None |
Storage​
| Name | Description | Type | Default |
|---|---|---|---|
INFRAHUB_STORAGE_DRIVER | None | string (local, s3) | local |
INFRAHUB_STORAGE_LOCAL | None | object | Check nested parameters |
INFRAHUB_STORAGE_S3 | None | object | Check nested parameters |
INFRAHUB_STORAGE_MAX_FILE_SIZE | Maximum file size in MB for file uploads | integer | 50 |
INFRAHUB_STORAGE_LOCAL​
| Name | Description | Type | Default |
|---|---|---|---|
INFRAHUB_STORAGE_LOCAL_PATH | None | string | /opt/infrahub/storage |
INFRAHUB_STORAGE_S3​
| Name | Description | Type | Default |
|---|---|---|---|
AWS_ACCESS_KEY_ID | None | string | |
AWS_SECRET_ACCESS_KEY | None | string | |
INFRAHUB_STORAGE_BUCKET_NAME | None | string | |
INFRAHUB_STORAGE_ENDPOINT_URL | None | string | |
INFRAHUB_STORAGE_USE_SSL | None | boolean | True |
INFRAHUB_STORAGE_DEFAULT_ACL | None | string | private |
INFRAHUB_STORAGE_QUERYSTRING_AUTH | None | boolean | False |
INFRAHUB_STORAGE_CUSTOM_DOMAIN | None | string |
Trace​
| Name | Description | Type | Default |
|---|---|---|---|
INFRAHUB_TRACE_ENABLE | None | boolean | False |
INFRAHUB_TRACE_INSECURE | Use insecure connection (HTTP) if True, otherwise use secure connection (HTTPS) | boolean | True |
INFRAHUB_TRACE_EXPORTER_TYPE | Type of exporter to be used for tracing | string (console, otlp) | console |
INFRAHUB_TRACE_EXPORTER_PROTOCOL | Protocol to be used for exporting traces | string (grpc, http/protobuf) | grpc |
INFRAHUB_TRACE_EXPORTER_ENDPOINT | OTLP endpoint for exporting traces | None | None |
Experimental features​
| Name | Description | Type | Default |
|---|---|---|---|
INFRAHUB_EXPERIMENTAL_GRAPHQL_ENUMS | None | boolean | False |
INFRAHUB_EXPERIMENTAL_VALUE_DB_INDEX | None | boolean | False |
Log forwarding​
| Name | Description | Type | Default |
|---|---|---|---|
INFRAHUB_LOG_FORWARDING_HOSTNAME | Hostname to use in syslog message headers. If not set, defaults to the system FQDN. | None | None |
INFRAHUB_LOG_FORWARDING_DESTINATION_NAMES | Comma-separated list of destination names to load from per-destination environment variables (e.g. INFRAHUB_LOG_FORWARDING_DESTINATION_PRIMARY_HOST where PRIMARY is the destination name). Names must match [a-z0-9_]+. Mutually exclusive with destinations. | array[string] | None |
INFRAHUB_LOG_FORWARDING_DESTINATIONS | List of log forwarding destinations. (Enterprise only: not available in the community version.) | array[object] | Check nested parameters |
INFRAHUB_LOG_FORWARDING_DESTINATIONS​
| Name | Description | Type | Default |
|---|---|---|---|
NAME | Unique name for the destination, used in all observability output. | string | None |
TYPE | Destination type. | string (syslog) | syslog |
HOST | Destination host or IP address. | string | None |
PORT | Destination port number. Defaults to 6514 for TLS, 514 otherwise. | None | None |
PROTOCOL | Transport protocol (tcp or udp). | string (tcp, udp) | udp |
FORMAT | Syslog format standard. | string (rfc5424, rfc3164) | rfc5424 |
TCP_FRAMING | TCP framing method (newline or octet-counting). | string (newline, octet-counting) | newline |
TLS_ENABLED | Enable TLS encryption for TCP connections. | boolean | False |
TLS_CA_BUNDLE | Path or PEM string for CA bundle to validate syslog server certificate. | None | None |
QUEUE_SIZE | Maximum number of messages in the per-destination queue. | integer | 10000 |
MAX_RECONNECT_INTERVAL | Maximum reconnection backoff interval in seconds. | integer | 60 |
SHUTDOWN_DRAIN_TIMEOUT | Seconds to wait for queue drain on graceful shutdown. | integer | 10 |
FORWARD_APPLICATION_LOGS | Forward application log messages to this destination. | boolean | False |
MIN_LOG_SEVERITY | Minimum Python log severity to forward when application log forwarding is enabled. | string (CRITICAL, ERROR, WARNING, INFO, DEBUG) | WARNING |