Configuration
All Datafly Signal services share a common configuration model loaded from environment variables. This page is the complete reference.
For local development against the Docker Compose infrastructure, the defaults work out of the box. No environment variables need to be set.
Shared Environment Variables
These variables are read by every Go service via the shared config.Load() function in shared/config/config.go.
General
| Variable | Description | Default | Required in Production |
|---|---|---|---|
DATAFLY_ENV | Environment name (dev, staging, prod) | dev | Recommended |
PORT | HTTP listen port | 8080 | No |
LOG_LEVEL | Log verbosity (debug, info, warn, error) | info | No |
READ_TIMEOUT | HTTP server read timeout (Go duration string) | 10s | No |
WRITE_TIMEOUT | HTTP server write timeout (Go duration string) | 10s | No |
Kafka
| Variable | Description | Default |
|---|---|---|
KAFKA_BROKERS | Comma-separated list of Kafka broker addresses | localhost:9092 |
KAFKA_GROUP_ID | Consumer group ID | Service name (e.g., event-processor) |
Redis
| Variable | Description | Default |
|---|---|---|
REDIS_ADDR | Redis server address (host:port) | localhost:6379 |
REDIS_PASSWORD | Redis password | (empty) |
REDIS_DB | Redis database number | 0 |
PostgreSQL
| Variable | Description | Default |
|---|---|---|
DATABASE_URL | Full PostgreSQL connection string | postgres://datafly:datafly@localhost:5432/datafly?sslmode=disable |
Authentication & Security
| Variable | Description | Default | Required in Production |
|---|---|---|---|
JWT_SECRET | Secret key for signing JWT tokens | (empty) | Yes |
HMAC_SECRET | Secret key for HMAC pipeline key validation | (empty) | Yes |
ENCRYPTION_KEY | AES-256 encryption key (32 bytes, hex-encoded) | (empty) | Recommended |
JWT_SECRET and HMAC_SECRET are required when DATAFLY_ENV is set to prod. The service will refuse to start without them.
GeoIP
| Variable | Description | Default |
|---|---|---|
GEOIP_PATH | Path to the MaxMind GeoLite2-City database file | /data/GeoLite2-City.mmdb |
Per-Service Configuration
Each service reads the same shared config but uses only the fields relevant to its function. Below is which variables matter to which service.
Ingestion Gateway (port 8080)
Receives events from Datafly.js and server-side sources. Publishes to Kafka.
PORT— defaults to8080KAFKA_BROKERS— writes toraw-eventstopicREDIS_ADDR— vendor ID lookups, rate limitingDATABASE_URL— source and pipeline key validationHMAC_SECRET— pipeline key HMAC verificationGEOIP_PATH— IP geolocation enrichment
Event Processor (port 8081)
Consumes from raw-events, applies Org Data Layer and Pipeline transformations, publishes to delivery-* topics.
PORT— defaults to8081KAFKA_BROKERS— readsraw-events, writesdelivery-{integration_id}KAFKA_GROUP_ID— defaults toevent-processorREDIS_ADDR— vendor ID injection, identity graph lookupsDATABASE_URL— pipeline configs, transformation files, org data layer rules
Delivery Workers (port 8082)
Consume from delivery-* topics and deliver events to vendor APIs.
PORT— defaults to8082KAFKA_BROKERS— readsdelivery-{integration_id}topicsKAFKA_GROUP_ID— defaults todelivery-workersDATABASE_URL— integration credentials and configurationREDIS_ADDR— rate limiting, delivery state
Identity Hub (port 8083)
Cross-domain identity resolution via encrypted tokens.
PORT— defaults to8083REDIS_ADDR— identity graph storageENCRYPTION_KEY— token encryption/decryption
Management API (port 8084)
REST + WebSocket API for the admin dashboard.
PORT— defaults to8084DATABASE_URL— all CRUD operations (orgs, users, sources, integrations, pipelines)REDIS_ADDR— session cache, real-time event streamKAFKA_BROKERS— real-time event debugger (WebSocket consumer)JWT_SECRET— JWT token signing and verification
Management UI (port 3000)
The Next.js frontend connects to the Management API. Its configuration is set via Next.js environment variables.
| Variable | Description | Default |
|---|---|---|
NEXT_PUBLIC_API_URL | Management API base URL | http://localhost:8084 |
Example .env File
Create an .env file in the application/ directory for local overrides. This is not required for default Docker Compose development.
# =============================================================================
# Datafly Signal — Local Development Environment
# =============================================================================
# General
DATAFLY_ENV=dev
LOG_LEVEL=debug
# Kafka
KAFKA_BROKERS=localhost:9092
# Redis
REDIS_ADDR=localhost:6379
REDIS_PASSWORD=
REDIS_DB=0
# PostgreSQL
DATABASE_URL=postgres://datafly:datafly@localhost:5432/datafly?sslmode=disable
# Auth (leave empty for dev, required for prod)
JWT_SECRET=
HMAC_SECRET=
ENCRYPTION_KEY=
# GeoIP (optional, for IP geolocation enrichment)
GEOIP_PATH=/data/GeoLite2-City.mmdb
# Timeouts
READ_TIMEOUT=10s
WRITE_TIMEOUT=10s
# Management UI
NEXT_PUBLIC_API_URL=http://localhost:8084Production Configuration
For production deployments, set all variables via your orchestration layer (Kubernetes secrets, Helm values, or your CI/CD pipeline). Key differences from development:
DATAFLY_ENV=prod— enables strict validationJWT_SECRETandHMAC_SECRET— must be set to strong, unique valuesENCRYPTION_KEY— should be a cryptographically random 32-byte hex stringKAFKA_BROKERS— point to your production Kafka clusterREDIS_ADDR— point to your production Redis (consider Redis Cluster mode)DATABASE_URL— usesslmode=requireand strong credentialsLOG_LEVEL=infoorwarn— reduce log volume in production
See the Deployment section for Kubernetes and Helm configuration details.