Configuration Complete configuration reference for self-hosted Brokle
Complete reference for all Brokle configuration options.
Variable Description Example APP_MODEApplication mode server or workerDATABASE_URLPostgreSQL connection string postgresql://user:pass@host:5432/dbCLICKHOUSE_URLClickHouse HTTP URL http://localhost:8123REDIS_URLRedis connection string redis://localhost:6379JWT_SECRETJWT signing secret (min 32 chars) your-secure-secret-hereAI_KEY_ENCRYPTION_KEYBase64-encoded 32-byte key base64string==
Variable Default Description PORT8080HTTP server port HOST0.0.0.0HTTP server host ENVIRONMENTdevelopmentEnvironment name LOG_LEVELinfoLog level (debug, info, warn, error) LOG_FORMATjsonLog format (json, text)
Variable Default Description JWT_SECRETRequired JWT signing secret JWT_EXPIRY24hAccess token expiry REFRESH_TOKEN_EXPIRY7dRefresh token expiry SESSION_COOKIE_NAMEbrokle_sessionSession cookie name SESSION_COOKIE_SECUREtrueUse secure cookies SESSION_COOKIE_DOMAIN- Cookie domain
Variable Default Description RATE_LIMIT_ENABLEDtrueEnable rate limiting RATE_LIMIT_REQUESTS100Requests per window RATE_LIMIT_WINDOW1mRate limit window RATE_LIMIT_BURST50Burst allowance
Variable Default Description DATABASE_URLRequired Connection string DATABASE_MAX_CONNS25Max connections DATABASE_MIN_CONNS5Min connections DATABASE_MAX_CONN_LIFETIME1hMax connection lifetime DATABASE_MAX_CONN_IDLE_TIME30mMax idle time
Variable Default Description CLICKHOUSE_URLRequired HTTP URL CLICKHOUSE_DATABASEdefaultDatabase name CLICKHOUSE_USERNAME- Username CLICKHOUSE_PASSWORD- Password CLICKHOUSE_MAX_IDLE_CONNS5Max idle connections CLICKHOUSE_MAX_OPEN_CONNS10Max open connections
Variable Default Description REDIS_URLRequired Connection URL REDIS_MAX_RETRIES3Max retries REDIS_MIN_IDLE_CONNS5Min idle connections REDIS_POOL_SIZE10Connection pool size REDIS_POOL_TIMEOUT4sPool timeout
Variable Default Description AI_KEY_ENCRYPTION_KEYRequired 32-byte key (base64) ENCRYPTION_ALGORITHMaes-256-gcmEncryption algorithm
Generate encryption key:
Variable Default Description SMTP_HOST- SMTP server host SMTP_PORT587SMTP port SMTP_USERNAME- SMTP username SMTP_PASSWORD- SMTP password SMTP_FROM- From email address SMTP_TLStrueUse TLS
Variable Default Description ENABLE_SIGNUPtrueAllow new signups ENABLE_ANONYMOUSfalseAllow anonymous traces ENABLE_METRICStrueEnable /metrics endpoint ENABLE_PROFILINGfalseEnable pprof profiling
Variable Default Description WORKER_CONCURRENCY10Worker goroutines WORKER_BATCH_SIZE100Batch size for processing WORKER_FLUSH_INTERVAL5sFlush interval WORKER_QUEUE_SIZE1000Queue buffer size
Variable Default Description INGESTION_BATCH_SIZE100Traces per batch INGESTION_FLUSH_INTERVAL1sMax time between flushes INGESTION_MAX_TRACE_SIZE1MBMax single trace size INGESTION_RETENTION_DAYS30Data retention period
Variable Default Description STORAGE_TYPElocalStorage type (local, s3) STORAGE_PATH./dataLocal storage path S3_BUCKET- S3 bucket name S3_REGION- S3 region S3_ENDPOINT- S3 endpoint (for MinIO) S3_ACCESS_KEY- S3 access key S3_SECRET_KEY- S3 secret key
Variable Default Description CORS_ENABLEDtrueEnable CORS CORS_ALLOWED_ORIGINS*Allowed origins CORS_ALLOWED_METHODSGET,POST,PUT,DELETEAllowed methods CORS_ALLOWED_HEADERS*Allowed headers CORS_MAX_AGE86400Preflight cache (seconds)
You can also use a configuration file:
# config.yaml server : port : 8080 host : 0.0.0.0 database : url : postgresql://user:pass@localhost:5432/brokle max_conns : 25 min_conns : 5 clickhouse : url : http://localhost:8123 database : default redis : url : redis://localhost:6379 pool_size : 10 auth : jwt_secret : your-secret-here jwt_expiry : 24h rate_limit : enabled : true requests : 100 window : 1m worker : concurrency : 10 batch_size : 100 features : signup : true anonymous : false metrics : true Load with:
./brokle server --config config.yaml # .env.development APP_MODE = server PORT = 8080 ENVIRONMENT = development LOG_LEVEL = debug LOG_FORMAT = text DATABASE_URL = postgresql://brokle:brokle@localhost:5432/brokle CLICKHOUSE_URL = http://localhost:8123 REDIS_URL = redis://localhost:6379 JWT_SECRET = development-secret-not-for-production AI_KEY_ENCRYPTION_KEY = ZGV2ZWxvcG1lbnQta2V5LW5vdC1mb3ItcHJvZA = = ENABLE_SIGNUP = true ENABLE_PROFILING = true CORS_ALLOWED_ORIGINS = http://localhost:3000 # .env.production APP_MODE = server PORT = 8080 ENVIRONMENT = production LOG_LEVEL = info LOG_FORMAT = json DATABASE_URL = postgresql://brokle: ${DB_PASSWORD} @db.internal:5432/brokle DATABASE_MAX_CONNS = 50 CLICKHOUSE_URL = https://clickhouse.internal:8443 REDIS_URL = redis://redis.internal:6379 JWT_SECRET = ${JWT_SECRET} AI_KEY_ENCRYPTION_KEY = ${ENCRYPTION_KEY} RATE_LIMIT_ENABLED = true RATE_LIMIT_REQUESTS = 1000 RATE_LIMIT_WINDOW = 1m ENABLE_SIGNUP = false ENABLE_METRICS = true SESSION_COOKIE_SECURE = true SESSION_COOKIE_DOMAIN = .example.com CORS_ALLOWED_ORIGINS = https://app.example.com,https://api.example.com # .env.high-volume APP_MODE = worker ENVIRONMENT = production DATABASE_URL = postgresql://brokle: ${DB_PASSWORD} @db.internal:5432/brokle CLICKHOUSE_URL = https://clickhouse.internal:8443 REDIS_URL = redis://redis.internal:6379 WORKER_CONCURRENCY = 50 WORKER_BATCH_SIZE = 500 WORKER_FLUSH_INTERVAL = 500ms WORKER_QUEUE_SIZE = 10000 INGESTION_BATCH_SIZE = 500 INGESTION_FLUSH_INTERVAL = 500ms The server validates configuration at startup:
./brokle server --validate-config Missing required variables will cause startup failure with clear error messages:
Error: configuration validation failed: - JWT_SECRET is required - AI_KEY_ENCRYPTION_KEY is required # Base configuration export DATABASE_URL = postgresql://localhost:5432/brokle # Override for testing DATABASE_URL = postgresql://localhost:5432/brokle_test ./brokle server apiVersion : v1 kind : Secret metadata : name : brokle-secrets type : Opaque stringData : jwt-secret : "your-jwt-secret" encryption-key : "your-encryption-key" database-url : "postgresql://user:pass@host:5432/db" # Fetch from Secrets Manager JWT_SECRET = $( aws secretsmanager get-secret-value --secret-id brokle/jwt-secret --query SecretString --output text ) # Fetch from Vault JWT_SECRET = $( vault kv get -field=jwt-secret secret/brokle )
Never commit secrets to version control. Use environment variables, secrets managers, or encrypted configuration files.
