Environment Variables
Overview
The purpose of this page is to list in detail each of the environment variables that are required to launch neosync services. There are three discrete services in Neosync, and each one has its own purpose. See the Platform Overview section of the docs to understand more about the makeup of Neosync.
Backend API
These environment variables are loaded when running the mgmt serve connect command which starts the main API instance.
| Variable | Description | Required | Default Value |
|---|---|---|---|
| DB_HOST | The database host | true | |
| DB_PORT | The port used to connect to the database | true | |
| DB_NAME | The name of the database | true | |
| DB_USER | The username that will be used to connect to the database | true | |
| DB_PASS | The password that will be used by the DB_USER to connect to the database | true | |
| DB_SSL_DISABLE | Postgres requires SSL by default. Set this to "true" to disable SSL, which is useful for dev environments | false | false |
| DB_AUTO_MIGRATE | If true, will automatically run the database migrations prior to startup. Only loaded if DB_AUTO_MIGRATE is set to "true" | false | false |
| DB_SCHEMA_DIR | The directory where the migrations scripts are found. | false | |
| HOST | The host that will be used when binding the HTTP server. Set this to "0.0.0.0" for production environments | false | 127.0.0.1 |
| PORT | The port that will be used to bind the HTTP server | false | 8080 |
| NUCLEUS_ENV | The environment that is being deployed to. Useful for metrics | false | unknown |
| SHUTDOWN_TIMEOUT_SECONDS | Configures the graceful shutdown of a pod in Kubernetes | false | |
| LOGS_FORMAT_JSON | Whether or not to format logs in JSON or in plaintext to stdout | false | true |
| AUTH_ENABLED | Whether or not to enable authentication in the API. Should be required for any production environment | false | false |
| AUTH_BASEURL | The base URL for the authentication server. This is used to find the JWKS URL to validate JWT tokens | false | |
| AUTH_AUDIENCE | The audience that is to be used for validating JWT tokens. Can pass multiple values using a comma separator | false | |
| AUTH_CLIENTID_SECRET | This is a JSON stringified map of clientId:secret used to validate authentication requests for JWT tokens | false | |
| AUTH_CLI_AUDIENCE | Used to validate which audience the CLI is to use to make requests to the API server | false | |
| TEMPORAL_URL | The URL used to connect to the temporal instance | false | localhost:7233 |
| TEMPORAL_CERT_KEY_PATH | The path where the API can find the mTLS certificate key to authenticate against Temporal | false | |
| TEMPORAL_CERT_PATH | The path where the API can find the mTLS certificate to authenticate against Temporal | false | |
| TEMPORAL_CERT | The Temporal mTLS certificate contents | false | |
| TEMPORAL_CERT_KEY | The Temporal mTLS certificate key contents | false | |
| TEMPORAL_DEFAULT_NAMESPACE | The default temporal namespace used for any new account | false | default |
| TEMPORAL_DEFAULT_SYNCJOB_QUEUE | The default Temporal queue name for Neosync jobs | false | sync-job |
| AUTH_API_CLIENT_ID | The clientID that the API uses to connect to Auth0 to retrieve user data | false | |
| AUTH_API_CLIENT_SECRET | The client secret that the API uses to connect to Auth0. | false | |
| AUTH_API_BASEURL | The base URL of the authentication server used for management operations by the API | false |
Backend API Database Migrations
These environment variables are loaded when running the mgmt migrate up command which runs database migrations.
| Variable | Description | Required | Default Value |
|---|---|---|---|
| DB_HOST | The database host | true | |
| DB_PORT | The port used to connect to the database | true | |
| DB_NAME | The name of the database | true | |
| DB_USER | The username that will be used to connect to the database | true | |
| DB_PASS | The password that will be used by the DB_USER to connect to the database | true | |
| DB_SSL_DISABLE | Postgres requires SSL by default. Set this to "true" to disable ssl, which is useful for dev environments | false | false |
| DB_SCHEMA_DIR | The directory where the migrations scripts are found. | false | |
| DB_MIGRATIONS_TABLE | The name of the table where the migrations will be tracked. Useful if you want to override the default, or put into a different schema | false | |
| DB_MIGRATIONS_TABLE_QUOTED | If the table set in DB_MIGRATIONS_TABLE contains quotes | false |
Frontend App
| Variable | Description | Is Required | Default Value |
|---|---|---|---|
| HOST | The host that will be used when binding the http server. Set this to "0.0.0.0" for production environments | false | 127.0.0.1 |
| PORT | The port that will be used to bind the http server | false | 8080 |
| TEMPORAL_URL | The url used to connect to the temporal instance | false | localhost:7233 |
| TEMPORAL_NAMESPACE | The Temporal namespace to connect to | false | default |
| TEMPORAL_TASK_QUEUE | The Temporal task queue name to connect to for Neosync jobs | true | |
| TEMPORAL_CERT_KEY_PATH | The path on the filesystem where the worker can find the mTLS certificate key it will use to authenticate against Temporal. This will be used over the TEMPORAL_CERT_KEY environment variable | false | |
| TEMPORAL_CERT_PATH | The path on the filesystem where the worker can find the mTLS certificate that will be used to authenticate against Temporal. This will be used over the TEMPORAL_CERT environment variable | false | |
| TEMPORAL_CERT | The Temporal mTLS certificate contents. Use this if you want to load contents directly instead of mounting them to the filesystem | false | |
| TEMPORAL_CERT_KEY | The Temporal mTLS certificate key contents. Use this if you want to load the contents directly instead of mounting them to the filesystem | false | |
| NEOSYNC_URL | The base url of the Neosync API that the worker will use to connect to | false | localhost:8080 |
| NEOSYNC_API_KEY | The API key that will be provided as a bearer token in the Authentication header when making requests to the Neosync API | false |
Worker
These environment variables are loaded when running the worker serve command which starts the main worker instance.
| Variable | Description | Is Required | Default Value |
|---|---|---|---|
| HOST | The host that will be used when binding the http server. Set this to "0.0.0.0" for production environments | false | 127.0.0.1 |
| PORT | The port that will be used to bind the http server | false | 8080 |
| TEMPORAL_URL | The url used to connect to the temporal instance | false | localhost:7233 |
| TEMPORAL_NAMESPACE | The Temporal namespace to connect to | false | default |
| TEMPORAL_TASK_QUEUE | The Temporal task queue name to connect to for Neosync jobs | true | |
| TEMPORAL_CERT_KEY_PATH | The path on the filesystem where the worker can find the mTLS certificate key it will use to authenticate against Temporal. This will be used over the TEMPORAL_CERT_KEY environment variable | false | |
| TEMPORAL_CERT_PATH | The path on the filesystem where the worker can find the mTLS certificate that will be used to authenticate against Temporal. This will be used over the TEMPORAL_CERT environment variable | false | |
| TEMPORAL_CERT | The Temporal mTLS certificate contents. Use this if you want to load contents directly instead of mounting them to the filesystem | false | |
| TEMPORAL_CERT_KEY | The Temporal mTLS certificate key contents. Use this if you want to load the contents directly instead of mounting them to the filesystem | false | |
| NEOSYNC_URL | The base url of the Neosync API that the worker will use to connect to | false | localhost:8080 |
| NEOSYNC_API_KEY | The API key that will be provided as a bearer token in the Authentication header when making requests to the Neosync API | false |
CLI
There are some environment variables that the CLI accepts to override default behavior to accomodate different environments.
| Variable | Description | Is Required | Default Value |
|---|---|---|---|
| NEOSYNC_API_URL | The base url of the Neosync API. This can be overridden to connect to different Neosync API environments | false | http://localhost:8080 |
| NEOSYNC_API_KEY | The api key for Neosync API. | false | |
| LOGIN_HOST | The http server that is booted up running neosync login via an oauth flow | false | 127.0.0.1 |
| LOGIN_REDIRECT_HOST | The redirect host that is sent alongside the oauth flow when running neosync login | false | 127.0.0.1 |
| LOGIN_PORT | The port the http server runs on when running neosync login | false | 4242 |
| NEOSYNC_CONFIG_DIR | The config directory to store Neosync-specific credentials. For Linux users, $XDG_CONFIG_HOME is also respected. | false | ~/.neosync |