Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Environment Variables Reference

Complete listing of all environment variables supported by Brokkr. All variables use the BROKKR__ prefix with double underscores (__) as nested separators.

Configuration precedence (highest wins): Environment variables > Config file > Embedded defaults.

Database

VariableTypeDefaultDescription
BROKKR__DATABASE__URLStringpostgres://brokkr:brokkr@localhost:5432/brokkrPostgreSQL connection URL
BROKKR__DATABASE__SCHEMAString(none)Schema name for multi-tenant isolation. When set, all queries use this schema.

Logging

VariableTypeDefaultDescription
BROKKR__LOG__LEVELStringdebugLog level: trace, debug, info, warn, error
BROKKR__LOG__FORMATStringtextLog format: text (human-readable) or json (structured)

The log level is hot-reloadable — changes take effect without restarting.

Broker

VariableTypeDefaultDescription
BROKKR__BROKER__PAK_HASHString(generated)Admin PAK hash (set during first startup)
BROKKR__BROKER__DIAGNOSTIC_CLEANUP_INTERVAL_SECONDSInteger900Interval for diagnostic cleanup task (seconds)
BROKKR__BROKER__DIAGNOSTIC_MAX_AGE_HOURSInteger1Max age for completed diagnostics before deletion (hours)
BROKKR__BROKER__WEBHOOK_ENCRYPTION_KEYString(random)Hex-encoded 32-byte AES-256 key for encrypting webhook URLs and auth headers. If empty, a random key is generated on startup (not recommended for production — webhooks won’t decrypt after restart).
BROKKR__BROKER__WEBHOOK_DELIVERY_INTERVAL_SECONDSInteger5Webhook delivery worker poll interval (seconds)
BROKKR__BROKER__WEBHOOK_DELIVERY_BATCH_SIZEInteger50Max webhook deliveries processed per batch
BROKKR__BROKER__WEBHOOK_CLEANUP_RETENTION_DAYSInteger7How long to keep completed/dead webhook deliveries (days)
BROKKR__BROKER__AUDIT_LOG_RETENTION_DAYSInteger90How long to keep audit log entries (days)
BROKKR__BROKER__AUTH_CACHE_TTL_SECONDSInteger60TTL for PAK authentication cache (seconds). Set to 0 to disable caching.

Agent

VariableTypeDefaultDescription
BROKKR__AGENT__BROKER_URLStringhttp://localhost:3000Broker API base URL
BROKKR__AGENT__POLLING_INTERVALInteger10How often to poll broker for updates (seconds)
BROKKR__AGENT__KUBECONFIG_PATHString(in-cluster)Path to kubeconfig file. If unset, uses in-cluster configuration.
BROKKR__AGENT__MAX_RETRIESInteger60Max retries when waiting for broker on startup
BROKKR__AGENT__PAKString(required)Agent’s PAK for broker authentication
BROKKR__AGENT__AGENT_NAMEStringDEFAULTAgent name (must match broker registration)
BROKKR__AGENT__CLUSTER_NAMEStringDEFAULTCluster name (must match broker registration)
BROKKR__AGENT__MAX_EVENT_MESSAGE_RETRIESInteger2Max retries for event message delivery
BROKKR__AGENT__EVENT_MESSAGE_RETRY_DELAYInteger5Delay between event message retries (seconds)
BROKKR__AGENT__HEALTH_PORTInteger8080Port for agent health check HTTP server
BROKKR__AGENT__DEPLOYMENT_HEALTH_ENABLEDBooleantrueEnable deployment health checking
BROKKR__AGENT__DEPLOYMENT_HEALTH_INTERVALInteger60Interval for deployment health checks (seconds)

PAK (Pre-Authentication Key) Generation

VariableTypeDefaultDescription
BROKKR__PAK__PREFIXStringbrokkrPrefix for generated PAKs
BROKKR__PAK__RNGStringosrngRandom number generator type
BROKKR__PAK__DIGESTInteger8Digest algorithm identifier
BROKKR__PAK__SHORT_TOKEN_LENGTHInteger8Length of the short token portion
BROKKR__PAK__LONG_TOKEN_LENGTHInteger24Length of the long token portion
BROKKR__PAK__SHORT_TOKEN_PREFIXStringBRPrefix for the short token

Generated PAK format: {prefix}_{short_token_prefix}{short_token}_{long_token}

Example: brokkr_BR3rVsDa_GK3QN7CDUzYc6iKgMkJ98M2WSimM5t6U8

CORS

VariableTypeDefaultDescription
BROKKR__CORS__ALLOWED_ORIGINSString (comma-separated)http://localhost:3001Allowed CORS origins. Use * to allow all (not recommended for production).
BROKKR__CORS__ALLOWED_METHODSString (comma-separated)GET,POST,PUT,DELETE,OPTIONSAllowed HTTP methods
BROKKR__CORS__ALLOWED_HEADERSString (comma-separated)Authorization,Content-TypeAllowed request headers
BROKKR__CORS__MAX_AGE_SECONDSInteger3600Preflight response cache duration (seconds)

Note: Array-type CORS settings accept comma-separated strings when set via environment variables (e.g., BROKKR__CORS__ALLOWED_ORIGINS=http://a.com,http://b.com).

Telemetry (OpenTelemetry)

Base Settings

VariableTypeDefaultDescription
BROKKR__TELEMETRY__ENABLEDBooleanfalseEnable OpenTelemetry tracing
BROKKR__TELEMETRY__OTLP_ENDPOINTStringhttp://localhost:4317OTLP gRPC endpoint for trace export
BROKKR__TELEMETRY__SERVICE_NAMEStringbrokkrService name for traces
BROKKR__TELEMETRY__SAMPLING_RATEFloat0.1Sampling rate (0.0 to 1.0, where 1.0 = 100%)

Broker-Specific Overrides

These override the base telemetry settings for the broker component only. If unset, the base value is used.

VariableTypeDefaultDescription
BROKKR__TELEMETRY__BROKER__ENABLEDBoolean(inherits)Override enabled for broker
BROKKR__TELEMETRY__BROKER__OTLP_ENDPOINTString(inherits)Override OTLP endpoint for broker
BROKKR__TELEMETRY__BROKER__SERVICE_NAMEStringbrokkr-brokerOverride service name for broker
BROKKR__TELEMETRY__BROKER__SAMPLING_RATEFloat(inherits)Override sampling rate for broker

Agent-Specific Overrides

VariableTypeDefaultDescription
BROKKR__TELEMETRY__AGENT__ENABLEDBoolean(inherits)Override enabled for agent
BROKKR__TELEMETRY__AGENT__OTLP_ENDPOINTString(inherits)Override OTLP endpoint for agent
BROKKR__TELEMETRY__AGENT__SERVICE_NAMEStringbrokkr-agentOverride service name for agent
BROKKR__TELEMETRY__AGENT__SAMPLING_RATEFloat(inherits)Override sampling rate for agent

Configuration File and Hot-Reload

These environment variables control the configuration system itself and are not part of the BROKKR__ namespace:

VariableTypeDefaultDescription
BROKKR_CONFIG_FILEString(none)Path to TOML configuration file
BROKKR_CONFIG_WATCHER_ENABLEDBoolean(auto)Enable/disable ConfigMap hot-reload watcher
BROKKR_CONFIG_WATCHER_DEBOUNCE_SECONDSInteger5Debounce window for config file changes

Hot-Reloadable Settings

The following settings can be changed at runtime without restarting the broker (via config file change or admin API):

  • log.level
  • broker.diagnostic_cleanup_interval_seconds
  • broker.diagnostic_max_age_hours
  • broker.webhook_delivery_interval_seconds
  • broker.webhook_delivery_batch_size
  • broker.webhook_cleanup_retention_days
  • cors.allowed_origins
  • cors.max_age_seconds