Environment Variables
All Datafly Signal services are configured via environment variables. This page lists the variables you need to configure for your deployment.
Security
These variables must be set for all services in your deployment.
| Variable | Required | Description |
|---|---|---|
JWT_SECRET | Yes | Secret key for signing and verifying authentication tokens. Must be cryptographically random. All services must share the same value. |
ENCRYPTION_KEY | Yes | Encryption key for securing stored credentials and identity tokens. Must be cryptographically random. |
LOG_LEVEL | No | Log level: debug, info, warn, error. Default: info |
⚠️
JWT_SECRET and ENCRYPTION_KEY have no defaults and must be explicitly set. Use cryptographically random values and store them in a secrets manager.
Ingestion Gateway
| Variable | Default | Required | Description |
|---|---|---|---|
COOKIE_DOMAIN | — | No | Domain for the _dfid and _dfdid cookies (e.g., .example.com). If unset, uses the request host |
CORS_ORIGINS | * | No | Comma-separated list of allowed origins for CORS. Use * for development only |
MAX_BATCH_SIZE | 500 | No | Maximum number of events in a single batch request |
MAX_PAYLOAD_SIZE | 524288 | No | Maximum request body size in bytes (default 512 KB) |
RATE_LIMIT_RPS | 1000 | No | Maximum requests per second per pipeline key |
In production, always set CORS_ORIGINS to the specific domains that should be allowed to send events. Using * disables CORS protection.
Event Processor
| Variable | Default | Required | Description |
|---|---|---|---|
PROCESSING_WORKERS | 4 | No | Number of concurrent event processing workers |
Delivery Workers
| Variable | Default | Required | Description |
|---|---|---|---|
RETRY_MAX_ATTEMPTS | 5 | No | Maximum number of retry attempts for failed deliveries |
RETRY_BACKOFF_BASE | 4 | No | Base for exponential backoff in seconds |
RATE_LIMIT_PER_SECOND | 100 | No | Default rate limit for vendor API requests (per integration) |
Management API
| Variable | Default | Required | Description |
|---|---|---|---|
ACCESS_TOKEN_TTL | 900 | No | Access token time-to-live in seconds (default 15 minutes) |
REFRESH_TOKEN_TTL | 604800 | No | Refresh token time-to-live in seconds (default 7 days) |
RATE_LIMIT_PER_MINUTE | 100 | No | API rate limit per authenticated user per minute |
LOGIN_MAX_ATTEMPTS | 5 | No | Maximum consecutive failed login attempts before account lockout |
LOGIN_LOCKOUT_DURATION | 900 | No | Account lockout duration in seconds after max failed attempts |
Management UI
The Management UI is a Next.js application with its own environment variables:
| Variable | Default | Required | Description |
|---|---|---|---|
NEXT_PUBLIC_API_URL | http://localhost:8084 | Yes | Management API URL (used by the browser) |
NEXT_PUBLIC_WS_URL | ws://localhost:8084 | No | WebSocket URL for real-time event debugger |
⚠️
Never commit .env files containing secrets to version control. Store all sensitive configuration in a secrets manager.