Configuration

engine the following environmental variables are used to configure the jumpwire engine container name required default description release cookie ✔️ shared secret used for distributed connectivity must be identical on all nodes in the cluster jumpwire audit log path audit log path to a file for storing logs generated by audit policies jumpwire token ✔️ jwt used to authenticate with the web app jumpwire node {ip address} override the autodetected node name must be an ip address or dns name reachable by all nodes in the cluster jumpwire frontend ✔️ dns name or ip address of the web application set to false to disable the web connection jumpwire config path directory to load yaml config files from see local file configuration docid 5k1q6x6r1unfy7oeyohsw for details jumpwire database migration limit 100 when migrating existing data (eg encrypting rows that existed before jumpwire), this limit specifies the maximum number of rows that will be updated at once vault addr http //localhost 8200 url of a hashicorp vault server to use for key management vault kv version 2 whether to use version 1 or 2 of the vault kv api vault kv path secret/jumpwire path in vault to a kv store the provided token/role should have write access to this vault db path database mount point of database secrets in vault jumpwire will lookup databases and roles under this path for possible proxy credentials vault approle id id of an approle to authenticate with vault either a token or an approle must be provided to enable vault vault approle secret secret of an approle to authenticate with vault either a token or an approle must be provided to enable vault vault token token to use to authenticate with vault either a token or an approle must be provided to enable vault vault namespace namespace to use with vault enterprise jumpwire aws kms enable when set to true aws kms will be used for generating encryption keys jumpwire aws kms key name jumpwire a prefix to use for aliases when creating aws kms keys jumpwire tls cert public cert to use for tls on incoming proxy connections both jumpwire tls cert and jumpwire tls key must be configured to enable tls jumpwire tls key private key to use for tls on incoming proxy connections jumpwire tls ca mozilla's public cert bundle ca cert bundle to use for https connections jumpwire tls proxy ca the value of jumpwire tls ca ca cert bundle to use when verifying the certificate of proxied databases and apis jumpwire domain domain used to connect to the engine this will be shown in client setup instructions jumpwire postgres proxy port 6432 port to listen on for incoming postgres clients jumpwire postgres proxy pool size 4 size of connection pool used when connecting to a postgresql database jumpwire http port 4004 port to listen on for incoming http requests jumpwire https port 4443 port to listen on for incoming https requests jumpwire prometheus port 9568 port to serve prometheus stats on, under the /metrics endpoint sentry dsn url of a sentry endpoint to send crash and error logs by default crashes will be sent to a sentry instance controlled by jumpwire jumpwire parse requests true when true, requests being proxied through jumpwire will be inspected and access policies will be applied jumpwire parse responses true when true, responses from requests proxied through jumpwire will be inspected and access policies will be applied additional configuration is available for observability docid\ dmvf7lnptccwej2jphx5f data web the following environment variables are used to configure the jumpwire web container name required default description database url ✔️ connection string for internal postgresql instance jumpwire secret key ✔️ secret used for secure session handling and cookies port 4000 port to listen on for inbound http requests google client id client id for authenticating users with google oauth google client secret client secret for authenticating users with google oauth auth0 client id client id for authenticating users with auth0 oauth auth0 will take precedence over google if both are set auth0 domain domain for authenticating users with auth0 oauth auth0 token secret secret for authenticating users with auth0 oauth jumpwire auth domains comma delimited list of email domains that are allowed to access the web ui only enforced for google oauth jumpwire org token ✔️ jwt used to authenticate the engine to the frontend jumpwire org name name of the organization using jumpwire jumpwire domain ✔️ user facing domain name for the web interface jumpwire engine host localhost hostname of the jumpwire engine used to generate user facing urls for connecting to the proxy can be overridden from the web interface