Environment Variables
Every field in the service's Go config struct tagged with env:"..." is
parsed at runtime by the envdecode loader. The table below is regenerated
whenever the service's config struct changes.
Environment variables for the synaplan service
| Name | Introduction Version | Type | Description | Default Value |
|---|---|---|---|---|
OC_LOG_LEVELSYNAPLAN_LOG_LEVEL | string | The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'. | `` | |
SYNAPLAN_DEBUG_ADDR | string | Bind address of the debug server. | 127.0.0.1:9267 | |
SYNAPLAN_DEBUG_TOKEN | string | Token to secure the metrics endpoint. | `` | |
SYNAPLAN_DEBUG_PPROF | bool | Enables pprof. | false | |
SYNAPLAN_DEBUG_ZPAGES | bool | Enables zpages. | false | |
SYNAPLAN_HTTP_ADDR | string | The bind address of the HTTP service. | 127.0.0.1:9106 | |
SYNAPLAN_HTTP_ROOT | string | Subdirectory that serves as the root for this HTTP service. | /api/synaplan | |
OC_CORS_ALLOW_ORIGINSSYNAPLAN_CORS_ALLOW_ORIGINS | []string | `` | [*] | |
OC_CORS_ALLOW_METHODSSYNAPLAN_CORS_ALLOW_METHODS | []string | `` | [GET POST] | |
OC_CORS_ALLOW_HEADERSSYNAPLAN_CORS_ALLOW_HEADERS | []string | `` | [Authorization Origin Content-Type Accept X-Requested-With X-Request-Id] | |
OC_CORS_ALLOW_CREDENTIALSSYNAPLAN_CORS_ALLOW_CREDENTIALS | bool | `` | true | |
OC_HTTP_TLS_ENABLED | 1.0.0 | bool | Activates TLS for the http based services using the server certifcate and key configured via OC_HTTP_TLS_CERTIFICATE and OC_HTTP_TLS_KEY. If OC_HTTP_TLS_CERTIFICATE is not set a temporary server certificate is generated - to be used with PROXY_INSECURE_BACKEND=true. | false |
OC_HTTP_TLS_CERTIFICATE | 1.0.0 | string | Path/File name of the TLS server certificate (in PEM format) for the http services. | `` |
OC_HTTP_TLS_KEY | 1.0.0 | string | Path/File name for the TLS certificate key (in PEM format) for the server certificate to use for the http services. | `` |
OC_GRPC_CLIENT_TLS_MODE | 1.0.0 | string | TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows using transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server certificate verification. | off |
OC_GRPC_CLIENT_TLS_CACERT | 1.0.0 | string | Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the go-micro based grpc services. | `` |
OC_JWT_SECRETSYNAPLAN_JWT_SECRET | string | The secret to mint and validate jwt tokens. | `` | |
OC_REVA_GATEWAY | string | CS3 gateway used to look up user metadata | eu.opencloud.api.gateway | |
OC_INSECURESYNAPLAN_INSECURE | bool | Run in insecure mode. | false | |
SYNAPLAN_URL | string | Base URL of the Synaplan instance. | http://host.docker.internal:8000 | |
SYNAPLAN_API_KEY | string | Shared Synaplan API key (sk_...). When set, the backend uses this for every outbound call and skips OIDC token exchange. Discouraged: all calls appear to Synaplan as a single user with no per-user identity. | `` | |
SYNAPLAN_OIDC_TOKEN_ENDPOINT | string | Keycloak token endpoint for token exchange. | http://host.docker.internal:8080/realms/synaplan/protocol/openid-connect/token | |
SYNAPLAN_OIDC_EXCHANGE_CLIENT_ID | string | Client ID for the token exchange confidential client. | synaplan-opencloud | |
SYNAPLAN_OIDC_EXCHANGE_CLIENT_SECRET | string | Client secret for the token exchange confidential client. | synaplan-opencloud-secret | |
SYNAPLAN_OIDC_TARGET_AUDIENCE | string | Target audience (Synaplan client ID) for token exchange. | synaplan-app |