Skip to main content

TruBudget-API

Environment variables

Env Variable nameRequiredDefault ValueDescription
LOG_LEVELnoinfoDefines the log output.
ORGANIZATIONnoMyOrgaIn the blockchain network, each node is represented by its organization name. This environment variable sets this organization name. It is used to create the organization stream on the blockchain and is also displayed in the frontend's top right corner. Minimal value: 1. Maximal value: 100.
PORTno8091The port used to expose the API for your installation. Example: If you run TruBudget locally and set API_PORT to 8080, you can reach the API via localhost:8080/api. Value is a port with minimal value 0 and maximal value 65535
ORGANIZATION_VAULT_SECRETyes-This is the key to en-/decrypt user data of an organization. If you want to add a new node for your organization, you want users to be able to log in on either node. Caution: If you want to run TruBudget in production, make sure NOT to use the default value from the .env.example file! Minimal value: 5.
ROOT_SECRETno361d01c8e3ad45279314d5d28f9b6ac12634c90a7f9fdd719518c7b71349dc35The root secret is the password for the root user. If you start with an empty blockchain, the root user is needed to add other users, approve new nodes,.. If you don't set a value via the environment variable, the API generates one randomly and prints it to the console Caution: If you want to run TruBudget in production, make sure to set a secure root secret. Minimal value: 8.
MULTICHAIN_RPC_HOSTnolocalhostThe IP address of the blockchain (not multichain daemon,but they are usally the same) you want to connect to.
MULTICHAIN_RPC_PORTno8000The Port of the blockchain where the server is available for incoming http connections (e.g. readiness, versions, backup and restore)
MULTICHAIN_PROTOCOLnohttpThe protocol used to expose the multichain daemon of your Trubudget blockchain installation(bc). The protocol used to connect to the multichain daemon(api). This will be used internally for the communication between the API and the multichain daemon.
MULTICHAIN_RPC_USERnomultichainrpcThe user used to connect to the multichain daemon.
MULTICHAIN_RPC_PASSWORDnos750SiJnj50yIrmwxPnEdSzpfGlTAHzhaUwgqKeb0G1jPassword used by the API to connect to the blockchain. The password is set by the origin node upon start. Every beta node needs to use the same RPC password in order to be able to connect to the blockchain. Hint: Although the MULTICHAIN_RPC_PASSWORD is not required it is highly recommended to set an own secure one, at least 32 characters long. Minimal value: 32.
BLOCKCHAIN_PORTno8085The port used to expose the multichain daemon of your Trubudget blockchain installation(bc). The port used to connect to the multichain daemon(api). This will be used internally for the communication between the API and the multichain daemon.
BLOCKCHAIN_PROTOCOLnohttpThe Protocol of the blockchain where the server is available for incoming http connections.
SWAGGER_BASEPATH deprecatedno-deprecated This variable was used to choose which environment (prod or test) is used for testing the requests. The variable is deprecated now, as the Swagger documentation can be used for the prod and test environment separately. Example values: "/".
JWT_ALGORITHMnoHS256Algorithm used for signing and verifying JWTs.
JWT_SECRETyes (if JWT_ALGORITHM=RS256)9e33c0e28cd6ca61ce4dA string that is used to sign JWT which are created by the authenticate endpoint of the api. If JWT_ALGORITHM is set to RS256, this is required and holds BASE64 encoded PEM encoded private key for RSA.
JWT_PUBLIC_KEYyes (if JWT_ALGORITHM=RS256)-If JWT_ALGORITHM is set to RS256, this is required and holds BASE64 encoded PEM encoded public key for RSA.
DOCUMENT_FEATURE_ENABLEDno-If true, all uploaded documents are stored using trubudget's storage-service. If false, the document feature of TruBudget is disabled, and trying to upload a document will result in an error.
DOCUMENT_EXTERNAL_LINKS_ENABLEDno-If true, it is possible to use external documents links also without TruBudget's storage-service. If false, the external documents links feature of TruBudget is still possible to use in case DOCUMENT_FEATURE_ENABLED equals "true".
STORAGE_SERVICE_HOSTnolocalhostIP of connected storage service
STORAGE_SERVICE_PORTno8090Port of connected storage service
STORAGE_SERVICE_PROTOCOLnohttpProtocol of connected storage service.
STORAGE_SERVICE_EXTERNAL_URLyes (if DOCUMENT_FEATURE_ENABLED=true)-IP and port of own connected storage service accessible externally
EMAIL_HOSTnolocalhost-
EMAIL_PORTno8089-
EMAIL_PROTOCOLnohttpProtocol of connected storage service.
ACCESS_CONTROL_ALLOW_ORIGINno*Since the service uses CORS, the domain by which it can be called needs to be set. Setting this value to * means that it can be called from any domain. Read more about this topic here.
NODE_ENVnoproductionIf set to development api will allow any string as password. If set to production passwords must satisfy safePasswordSchema, see lib/joiValidation-.ts & -.spec.ts files
ENCRYPTION_PASSWORDno-If set, all data that is send to the MultiChain node and external storage will be symmetrically encrypted by the ENCRYPTION_PASSWORD
SIGNING_METHODnonodePossible signing methods are: node and user. Transactions on the chain will be signed using either the address of the node or the address of the specific user publishing that transaction.
RATE_LIMITno-If set, API will limit the number of requests from any individual IP address to the set number per minute. Can be set to any number, but shouldn't be set too low.
AUTHPROXY_ENABLEDno-Enables logging in using the authorization token from authentication proxy
AUTHPROXY_JWS_SIGNATUREyes (if AUTHPROXY_ENABLED=true)-secret/public key/certificate for verifying auth proxy token signature
DB_TYPEnopg-
SQL_DEBUGno--
REFRESH_TOKEN_EXPIRATIONno8Refresh token expiration in hours. After a defined time, login session will be invalid.
ACCESS_TOKEN_EXPIRATIONno0.25Access token expiration in hours
REFRESH_TOKEN_STORAGEno-Determining the type of storage for refresh tokens. Allowed values are "db" or "memory" or blank to disable refresh token functionality.
API_DB_USERyes (if REFRESH_TOKEN_STORAGE=db)postgresDatabase user for database connection, e.g. postgres
API_DB_PASSWORDyes (if REFRESH_TOKEN_STORAGE=db)testDatabase password for database connection
API_DB_HOSTyes (if REFRESH_TOKEN_STORAGE=db)localhostDatabase host
API_DB_NAMEyes (if REFRESH_TOKEN_STORAGE=db)trubudget_email_serviceName of the used database Example values: "trubudget-db".
API_DB_PORTyes (if REFRESH_TOKEN_STORAGE=db)5432Database port, e.g. 5432
API_DB_SSLyes (if REFRESH_TOKEN_STORAGE=db)-Database SSL connection. Allowed values: "true" or "false".
API_DB_SCHEMAyes (if REFRESH_TOKEN_STORAGE=db)publicDatabase schema, e.g. "public".
API_REFRESH_TOKENS_TABLEyes (if REFRESH_TOKEN_STORAGE=db)refresh_tokenName of table where refresh tokens will be stored, e.g. "refresh_token".
SNAPSHOT_EVENT_INTERVALno3-
SILENCE_LOGGING_ON_FREQUENT_ROUTESno-Set to "true" if you want to hide route logging on frequent and technical endpoints like /readiness, /version, etc.
APPLICATIONINSIGHTS_CONNECTION_STRINGno-Azure Application Insights Connection String