Configuration
You can load the config file from another source using the -c path/to/config.yaml or --config path/to/config.yaml flag: $keto --config path/to/config.yaml.
Config files can be formatted as JSON, YAML and TOML. Some configuration values support reloading without server restart. All configuration values can be set using environment variables, as documented below.
Disclaimer
This reference configuration documents all keys, also deprecated ones! It is a reference for all possible configuration values.
If you are looking for an example configuration, it is better to try out the quickstart.
To find out more about edge cases like setting string array values through environmental variables head to theConfiguration section.
## ORY Keto Configuration
$schema: http://a.aaa
dsn: postgres://user:password@host:123/database
serve:
read:
port: 0
host: localhost
write_listen_file: file:///tmp/keto-read-api
cors:
enabled: false
allowed_origins:
- https://example.com
- https://*.example.com
- https://*.foo.example.com
allowed_methods:
- GET
allowed_headers:
- ""
exposed_headers:
- ""
allow_credentials: false
max_age: -100000000
debug: false
tls:
key:
path: path/to/file.pem
base64: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tXG5NSUlEWlRDQ0FrMmdBd0lCQWdJRVY1eE90REFOQmdr...
cert:
path: path/to/file.pem
base64: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tXG5NSUlEWlRDQ0FrMmdBd0lCQWdJRVY1eE90REFOQmdr...
write:
port: 0
host: localhost
write_listen_file: file:///tmp/keto-write-api
cors:
enabled: false
allowed_origins:
- https://example.com
- https://*.example.com
- https://*.foo.example.com
allowed_methods:
- GET
allowed_headers:
- ""
exposed_headers:
- ""
allow_credentials: false
max_age: -100000000
debug: false
tls:
key:
path: path/to/file.pem
base64: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tXG5NSUlEWlRDQ0FrMmdBd0lCQWdJRVY1eE90REFOQmdr...
cert:
path: path/to/file.pem
base64: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tXG5NSUlEWlRDQ0FrMmdBd0lCQWdJRVY1eE90REFOQmdr...
metrics:
port: 0
host: localhost
write_listen_file: file:///tmp/keto-metrics-api
cors:
enabled: false
allowed_origins:
- https://example.com
- https://*.example.com
- https://*.foo.example.com
allowed_methods:
- GET
allowed_headers:
- ""
exposed_headers:
- ""
allow_credentials: false
max_age: -100000000
debug: false
tls:
key:
path: path/to/file.pem
base64: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tXG5NSUlEWlRDQ0FrMmdBd0lCQWdJRVY1eE90REFOQmdr...
cert:
path: path/to/file.pem
base64: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tXG5NSUlEWlRDQ0FrMmdBd0lCQWdJRVY1eE90REFOQmdr...
opl:
port: 0
host: localhost
write_listen_file: file:///tmp/keto-opl-api
cors:
enabled: false
allowed_origins:
- https://example.com
- https://*.example.com
- https://*.foo.example.com
allowed_methods:
- GET
allowed_headers:
- ""
exposed_headers:
- ""
allow_credentials: false
max_age: -100000000
debug: false
tls:
key:
path: path/to/file.pem
base64: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tXG5NSUlEWlRDQ0FrMmdBd0lCQWdJRVY1eE90REFOQmdr...
cert:
path: path/to/file.pem
base64: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tXG5NSUlEWlRDQ0FrMmdBd0lCQWdJRVY1eE90REFOQmdr...
profiling: cpu
log:
level: panic
format: json
leak_sensitive_values: false
redaction_text: ""
tracing:
provider: jaeger
service_name: Ory Hydra
providers:
jaeger:
local_agent_address: 127.0.0.1:6831
sampling:
server_url: http://localhost:5778/sampling
trace_id_ratio: 0.5
zipkin:
server_url: http://localhost:9411/api/v2/spans
sampling:
sampling_ratio: 0.4
otlp:
server_url: localhost:4318
insecure: false
sampling:
sampling_ratio: 0.4
namespaces: http://a.aaa
limit:
max_read_depth: 1
max_read_width: 1
max_batch_check_size: 1
batch_check_max_parallelization: 1
clients:
http:
disallow_private_ip_ranges: false
version: v0.0.0