Skip to main content

Workspace Configuration

This page describes how to configure a Cloudomation workspace installation.

info
These options are only applicable for on-premise installations.

Configuration Options

Configuration is done using environment variables. See the table below for all recognized options and their description.

Main Settings

NameDescriptionDefault valueRequired
LOG_LEVELThe verbosity of the logging. One of CRITICAL, ERROR, WARNING, INFO, or DEBUG.INFO
LOG_FORMATThe format of the logging. text is human-readable, json contains more data.json
LOGGING_CONFPath to a Python logging configuration file. See https://docs.python.org/3/library/logging.config.html#logging-config-fileformat
RESET_DEBUG_LOGLEVEL_MINUTESAfter how many minutes a DEBUG log level should be reset to INFO60
SOCKET and SANDBOX_SOCKETPath to a writable unix-domain-socket file used for communication between the workspace and the sandbox. The workspace will create the file./socket/socket
SKIP_PROBESIf non-empty, the workspace will not create /alive and /ready REST endpoints for monitoring.
LISTEN_IPThe IP address the REST API will bind to.0.0.0.0
LISTEN_PORTThe port number the REST API will bind to.8080
POSTGRES_HOSTThe hostname of the Cloudomation database. required
POSTGRES_PORTThe port number of the Cloudomation database.5432
POSTGRES_DATABASEThe name of the Cloudomation database. required
POSTGRES_USERThe username used to authenticate against the database. required
POSTGRES_PASSWORDThe password used to authenticate against the database.
POSTGRES_PASSWORD_FILEPath to a file containing the database password. required if POSTGRES_PASSWORD is unset
POSTGRES_SERVER_CA_FILEPath to the databases certificate file.
POSTGRES_CLIENT_CERT_FILEPath to a database client certificate file.
POSTGRES_CLIENT_KEY_FILEPath to a database client certificate key file.
TMPTemporary path./c/tmp
TMP_GIT_TASKTemporary path for the GIT connector./c/tmp_git_task
TMP_GIT_SYNCTemporary path where the git repositories are synced to./c/tmp
SMTP_HOSTThe hostname of the SMTP server used to send notifications.
SMTP_PORTThe port number of the SMTP server.25
SMTP_USE_TLSIf to use the SMTP "usetls" command.true
SMTP_USERThe username used to authenticate against the SMTP server.
SMTP_PASSWORDThe password used to authenticate against the SMTP server.
NOTIFICATION_PATHPath to a folder where internal notifications are written to. Only used when no SMTP connection is configured.
REPORT_ENABLEIf to periodically write a usage report.True
REPORT_PATHThe path where usage report is written to./tmp/report.csv
DOMAINThe domain where your workspace is accessible. Used to generate links to the workspace in mails. required
SUBDOMAINThe subdomain where your workspace is accessible. Used to generate links to the workspace in mails. required
SELF_URLThe FQDN to your workspace. Used to generate links to the workspace in mails. required
EXTENSION_URLThe URL where Cloudomation extensions are fetched fromhttps://starflows-prod.cloudomation.com/api/latest/webhook/extension/call
BOOTSTRAP_EXTENSIONSA comma separated list of extensions which are fetched on workspace startupBase functionality

License Settings

NameDescriptionRequired
WORKSPACE_IDThe ID of the workspace installation. required
WORKSPACE_NAMEThe name of the workspace. required
ORGANIZATION_IDThe ID of the organization. required
ORGANIZATION_NAMEThe name of the organization. required
API_KEYAn API key used for the communication between the workspace and the license server. required

Security Settings

NameDescriptionDefault valueRequired
LOGIN_TOKEN_VALIDITY_HOURSThe number of hours a login token remains valid after login. Cannot be more than 720 (30 days).720
INVITATION_CODE_VALIDITY_HOURSThe number of hours an invitation code is valid. Cannot be more than 168 (7 days)168
RECOVER_CODE_VALIDITY_HOURSThe number of hours a recovery code is valid. Cannot be more than 24 (1 day)1
MAX_FAILED_AUTH_COUNTNumber of failed login attempts before a Cloudomation user is locked out. Cannot be less than 15
JWT_PUBLIC_KEYPath to the public RSA key used to verify login tokens. required
JWT_PRIVATE_KEYPath to the private RSA key used to generate login tokens. required
JWT_PUBLIC_KEY_2Path to the previous public RSA key used to verify login tokens during key rotation.
COOKIE_SAME_SITEThe value used for the SameSite cookie flag of login tokens. One of Strict, Lax, or unsetLax
BOOTSTRAP_USERThe email address of the initial user of the workspace. This use cannot be renamed or deleted and has all permissions. required
INACTIVE_IDLE_LIMIT_MINUTESAfter how many minutes of inactivity development-mode executions will be paused.10
HTTP_PROXYThe proxy server to use for http:// requests
HTTPS_PROXYThe proxy server to use for https:// requests
WS_PROXYThe proxy server to use for ws:// (web-socket) requests
WSS_PROXYThe proxy server to use for wss:// (web-socket secure) requests
REQUIRE_SECOND_FACTORIf set to true new users must activate a 2FA device and it is not possible to disable 2FAfalse

Performance Settings

NameDescriptionDefault value
DB_KEEPALIVE_INTERVALHow often to register the process as "alive" in the database. If the database does not respond within this timeout the process will shut down.60
DB_KEEPALIVE_TIMEOUTA process which did not register as "alive" after this timeout will be considered "dead" and removed from the database.120
SYNC_LOOP_INTERVALHow often to synchronize git repositories (in seconds).600 (10 minutes)
POLL_DELAYThe number of seconds between checks of the primary process.30
POLL_SLOW_DELAYThe number of seconds between database consistency checks.1800 (30 minutes)
SYNC_LOOP_INTERVALNumber of seconds to synchronize active executions between workspaces. This is only relevant for additional status updates. Newly started or ended executions are always synced immediately.30
CHUNK_SIZEThe number of bytes to read from a file at once.4194304 (4 MiB)
SLEEP_MAX_SECONDSExecutions being idle longer than this setting will be unloaded from memory.60