AUTH_JWT_ISSUER | | |
AUTH_JWT_ISSUER | | |
CLIENT_LOAD_LIMIT_NOTATION | If supplied, rate limit would be enforced on the servers websocket endpoint. Format is limits -style notation (e.g. 10 per second). Learn more. | |
BROADCAST_URI | | |
BROADCAST_CHANNEL_NAME | | |
BROADCAST_CONN_LOSS_BUGFIX_EXPERIMENT_ENABLED | | |
AUTH_PRIVATE_KEY_FORMAT | | |
AUTH_PRIVATE_KEY_PASSPHRASE | | |
AUTH_PRIVATE_KEY | | |
AUTH_JWKS_URL | | |
AUTH_JWKS_STATIC_DIR | | |
AUTH_MASTER_TOKEN | | |
POLICY_SOURCE_TYPE | Set your policy source, this can be GIT / API. | |
POLICY_REPO_URL | Set your remote repo URL - this is relevant only to GIT source type E.g. view example. | |
POLICY_BUNDLE_URL | Set your API bundle URL, this is relevant only to API source type. | |
POLICY_REPO_CLONE_PATH | Base path to create local git folder inside this path, that manages policy change. | |
POLICY_REPO_CLONE_FOLDER_PREFIX | Prefix for the local git folder. | |
POLICY_REPO_REUSE_CLONE_PATH | Set if OPAL server should use a fixed clone path (and reuse if it already exists) instead of randomizing its suffix on each run. | |
POLICY_REPO_MAIN_BRANCH | | |
POLICY_REPO_SSH_KEY | | |
POLICY_REPO_MANIFEST_PATH | Path of the directory holding the '.manifest' file (updated way), or of the manifest file itself (old way). Repo's root is used by default. | |
POLICY_REPO_CLONE_TIMEOUT | If set to 0, waits forever until successful clone. | |
LEADER_LOCK_FILE_PATH | | |
POLICY_BUNDLE_SERVER_TOKEN | The Bearer Token to sent to the API bundle server. | |
POLICY_BUNDLE_TMP_PATH | Path for temp policy file. It needs to be writable. | |
POLICY_BUNDLE_GIT_ADD_PATTERN | File pattern to add files to all the git default files. | |
REPO_WATCHER_ENABLED | | |
PUBLISHER_ENABLED | | |
BROADCAST_KEEPALIVE_INTERVAL | The time to wait between sending two consecutive broadcaster keepalive messages. | |
BROADCAST_KEEPALIVE_TOPIC | The topic on which we should send broadcaster keepalive messages. | |
MAX_CHANNELS_PER_CLIENT | Max number of records per client, after this number it will not be added to statistics, relevant only if STATISTICS_ENABLED . | |
STATISTICS_WAKEUP_CHANNEL | The topic a waking-up OPAL server uses to notify others he needs their statistics data. | |
STATISTICS_STATE_SYNC_CHANNEL | The topic other servers with statistics provide their state to a waking-up server. | |
ALL_DATA_TOPIC | Top level topic for data. | |
ALL_DATA_ROUTE | | |
ALL_DATA_URL | URL for all data config [If you choose to have it all at one place]. | |
DATA_CONFIG_ROUTE | URL to fetch the full basic configuration of data. | |
DATA_CALLBACK_DEFAULT_ROUTE | Exists as a sane default in case the user did not set OPAL_DEFAULT_UPDATE_CALLBACKS . | |
DATA_CONFIG_SOURCES | Configuration of data sources by topics. | |
DATA_UPDATE_TRIGGER_ROUTE | URL to trigger data update events. | |
POLICY_REPO_WEBHOOK_SECRET | | |
POLICY_REPO_WEBHOOK_TOPIC | | |
POLICY_REPO_WEBHOOK_ENFORCE_BRANCH | | |
POLICY_REPO_WEBHOOK_PARAMS | | |
POLICY_REPO_POLLING_INTERVAL | | |
ALLOWED_ORIGINS | | |
OPA_FILE_EXTENSIONS | | |
NO_RPC_LOGS | | |
SERVER_WORKER_COUNT | (If run using the CLI) - Worker count for the server [Default calculated to CPU-cores]. | |
SERVER_HOST | (If run using the CLI) - Address for the server to bind. | |
SERVER_PORT | (If run using the CLI) - Port for the server to bind. | |
ENABLE_DATADOG_APM | Set if OPAL server should enable tracing with datadog APM. | |
SERVER_ROLE | Server is leader or follower . | |
SCOPES | | |
REDIS_URL | | |
CELERY_BACKEND | | |
BASE_DIR | | |
POLICY_REFRESH_INTERVAL | | |
SERVER_URL | | |
WORKER_TOKEN | | |
SERVER_URL | | |
OPAL_WS_ROUTE | | |
SERVER_WS_URL | | |
SERVER_PUBSUB_URL | | |
CLIENT_TOKEN | The OPAL Server Auth Token. | |
CLIENT_API_SERVER_WORKER_COUNT | (If run using the CLI) - Worker count for the opal-client's internal server. | |
CLIENT_API_SERVER_HOST | (If run using the CLI) - Address for the opal-client's internal server to bind. | |
CLIENT_API_SERVER_PORT | (If run using the CLI) - Port for the opal-client's internal server to bind. | |
WAIT_ON_SERVER_LOAD | If set, client would wait for 200 from server's loadlimit endpoint before starting background tasks. | |
OPAL_POLICY_REPO_URL | The repo url the policy repo is located at. Must be available from the machine running OPAL (opt for public internet addresses). Supported URI schemes: https:// and ssh{" "} (i.e: git@). | |
OPAL_POLICY_REPO_SSH_KEY | The content of the var is a private crypto key (i.e: SSH key). You will need to register the matching public key with your repo. For example, see the{" "} GitHub tutorial {" "} on the subject. The passed value must be the contents of the SSH key in one line (replace new-line with underscore, i.e: \n with{" "} _). | |
OPAL_POLICY_REPO_CLONE_PATH | Where (i.e: base target path) to clone the repo in your docker filesystem (not important unless you mount a docker volume). | |
OPAL_POLICY_REPO_MAIN_BRANCH | Name of the git branch to track for policy files (default: master ). | |
OPAL_BUNDLE_IGNORE | Paths to omit from policy bundle. List of glob style paths, or paths without wildcards but ending with "/**" indicating a parent path (ignoring all under it). | bundle_ignore: Optional[List[str]] |