Provisioning
Environment variables
| Env Variable | Required | Default Value | Used by | Description |
|---|---|---|---|---|
| ORGANIZATION | yes | - | bc/api | In the blockchain network, each node is represented by its organization name. This environment variable sets this organization name. It is used to create the organization stream on the blockchain and is also displayed in the frontend's top right corner. |
| API_HOST | no | bc/prov | The IP address of one api which is connected to the node you want to connect to (The IP addresses are usually the same as for the P2P host address). | |
| API_PORT | no | 8080 | bc/prov | The port used to connect to the api. |
| ROOT_SECRET | no | [random] | api | The root secret is the password for the root user. If you start with an empty blockchain, the root user is needed to add other users, approve new nodes,.. If you don't set a value via the environment variable, the API generates one randomly and prints it to the console Caution: If you want to run TruBudget in production, make sure to set a secure root secret. |
| LOG_LEVEL | no | info | all | Defines the log output. Supported levels are trace, debug, info, warn, error, fatal |
| JWT_SECRET | no | - (required) | email | A secret of min length of 32 - It is used to verify the JWT_TOKEN sent by users of the email-service endpoints |
| AUTHENTICATION | no | JWT | email | If set to none, no JWT-Token is required for all endpoints. If set JWT, a JWT token is necessary |
| DOCUMENT_FEATURE_ENABLED | no | false | api | If true, all uploaded documents are stored using trubudget's storage-service. If false, the document feature of TruBudget is disabled, and trying to upload a document will result in an error. |
| DOCUMENT_EXTERNAL_LINKS_ENABLED | no | false | api | If true, it is possible to use external documents links also without trubudget's storage-service. If false, the external documents links feature of TruBudget is still possible to use in case DOCUMENT_FEATURE_ENABLED equals "true". |
| STORAGE_SERVICE_HOST | no | localhost | storage | IP address of storage service |
| STORAGE_SERVICE_PORT | no | 8090 | storage | Port of storage service |
| STORAGE_SERVICE_EXTERNAL_URL | no | - | api | IP and port of own connected storage service accessible externally |
| STORAGE_PROVIDER | minio | Set to azure-storage if you use Azure Storage Account, otherwise defaults to minio |
| MINIO_ACCESS_KEY | no | minio | storage | Access key for Minio server |
| MINIO_SECRET_KEY | no | minio123 | storage | Secret (Password) for Minio server |
| MINIO_PORT | no | 9000 | storage | Port of connected Minio |
| MINIO_HOST | no | localhost | storage | IP address of connected Minio server |
| MINIO_BUCKET_NAME | no | trubudget | storage | Bucket name of the connected Minio server |
| MINIO_REGION | us-east-1 | Region where the bucket is created. This parameter is optional. Default value is us-east-1. |
| LOGGER_PORT | yes | 3000 | logging | Port where the frontend-collector is exposed |
| API_HOST | yes | localhost | logging | API host |
| API_PORT | yes | 8080 | logging | API port |
| LOG_LEVEL | yes | trace | logging | Log-level |
| LOGGING_SERVICE_CACHE_DURATION | yes | 20 | logging | Defines how long valid JWT should be cached (in minutes). |
| LOGGING_SERVICE_NODE_ENV | yes | production | logging | Environment |
| CI_COMMIT_SHA | "" | bc/api/excel/storage/email | Defines the CI_COMMIT_SHA property returned by the version endpoint. |
| RATE_LIMIT | no | - | api | If set, API will limit the number of requests from any individual IP address to the set number per minute. Can be set to any number, but shouldn't be set too low. |
Kubernetes
| Env Variable | Required | Default Value | Used by | Description |
|---|---|---|---|---|
| EXPOSE_MC | no | false | bc | If set to true Trubudget tries to expose it's multichain via kubernetes' ingress. First a kubernetes config file is searched in /.kube/config. If not found and the MC is deployed in a cluster, it is searching for the service account to get the information. After configuration the externalip arg is set to the ip of the service' ingress of the configured clusterSERVICE_NAME and NAMESPACE are required to access the ingress of the service. |
| KUBE_SERVICE_NAME | no | bc | This variable is only required if EXPOSE_MC is set to true. It defines which service the kubernetes client should search for in the configured kubernetes cluster | |
| KUBE_NAMESPACE | no | bc | This variable is only required if EXPOSE_MC is set to true. It defines in which namespace the kubernetes client should search for the given service |