We use cookies

We use cookies to ensure you get the best experience on our website. For more information on how we use cookies, please see our cookie policy.

By clicking "Accept", you agree to our use of cookies.
Learn more.

Self HostingEngine Configuration Options

Configuration Options

The Hatchet server and engine can be configured via SERVER and DATABASE environment variables. This document contains a list of all available options.

Runtime Configuration

VariableDescriptionDefault Value
SERVER_PORTPort for the core server8080
SERVER_URLFull server URL, including protocolhttp://localhost:8080
SERVER_GRPC_PORTPort for the GRPC service7070
SERVER_GRPC_BIND_ADDRESSGRPC server bind address127.0.0.1
SERVER_GRPC_BROADCAST_ADDRESSGRPC server broadcast address127.0.0.1:7070
SERVER_GRPC_INSECUREControls if the GRPC server is insecurefalse
SERVER_SHUTDOWN_WAITShutdown wait duration20s
SERVER_ENFORCE_LIMITSEnforce tenant limitsfalse
SERVER_ALLOW_SIGNUPAllow new tenant signupstrue
SERVER_ALLOW_INVITESAllow new invitestrue
SERVER_ALLOW_CREATE_TENANTAllow tenant creationtrue
SERVER_ALLOW_CHANGE_PASSWORDAllow password changestrue

Database Configuration

VariableDescriptionDefault Value
DATABASE_URLPostgreSQL connection string127.0.0.1
DATABASE_POSTGRES_HOSTPostgreSQL host127.0.0.1
DATABASE_POSTGRES_PORTPostgreSQL port5431
DATABASE_POSTGRES_USERNAMEPostgreSQL usernamehatchet
DATABASE_POSTGRES_PASSWORDPostgreSQL passwordhatchet
DATABASE_POSTGRES_DB_NAMEPostgreSQL database namehatchet
DATABASE_POSTGRES_SSL_MODEPostgreSQL SSL modedisable
DATABASE_MAX_CONNSMax database connections5
DATABASE_LOG_QUERIESLog database queriesfalse
CACHE_DURATIONCache duration60s

Security Check Configuration

VariableDescriptionDefault Value
SERVER_SECURITY_CHECK_ENABLEDEnable security checktrue
SERVER_SECURITY_CHECK_ENDPOINTSecurity check endpointhttps://security.hatchet.run

Limit Configuration

VariableDescriptionDefault Value
SERVER_LIMITS_DEFAULT_TENANT_RETENTION_PERIODDefault tenant retention period720h
SERVER_LIMITS_DEFAULT_WORKFLOW_RUN_LIMITDefault workflow run limit1000
SERVER_LIMITS_DEFAULT_WORKFLOW_RUN_ALARM_LIMITDefault workflow run alarm limit750
SERVER_LIMITS_DEFAULT_WORKFLOW_RUN_WINDOWDefault workflow run window24h
SERVER_LIMITS_DEFAULT_WORKER_LIMITDefault worker limit4
SERVER_LIMITS_DEFAULT_WORKER_ALARM_LIMITDefault worker alarm limit2
SERVER_LIMITS_DEFAULT_EVENT_LIMITDefault event limit1000
SERVER_LIMITS_DEFAULT_EVENT_ALARM_LIMITDefault event alarm limit750
SERVER_LIMITS_DEFAULT_EVENT_WINDOWDefault event window24h
SERVER_LIMITS_DEFAULT_CRON_LIMITDefault cron limit5
SERVER_LIMITS_DEFAULT_CRON_ALARM_LIMITDefault cron alarm limit2
SERVER_LIMITS_DEFAULT_SCHEDULE_LIMITDefault schedule limit1000
SERVER_LIMITS_DEFAULT_SCHEDULE_ALARM_LIMITDefault schedule alarm limit750

Alerting Configuration

VariableDescriptionDefault Value
SERVER_ALERTING_SENTRY_ENABLEDEnable Sentry for alerting
SERVER_ALERTING_SENTRY_DSNSentry DSN
SERVER_ALERTING_SENTRY_ENVIRONMENTSentry environmentdevelopment

Encryption Configuration

VariableDescriptionDefault Value
SERVER_ENCRYPTION_MASTER_KEYSETRaw master keyset, base64-encoded JSON string
SERVER_ENCRYPTION_MASTER_KEYSET_FILEPath to the master keyset file
SERVER_ENCRYPTION_JWT_PUBLIC_KEYSETPublic JWT keyset, base64-encoded JSON string
SERVER_ENCRYPTION_JWT_PUBLIC_KEYSET_FILEPath to the public JWT keyset file
SERVER_ENCRYPTION_JWT_PRIVATE_KEYSETPrivate JWT keyset, base64-encoded JSON string
SERVER_ENCRYPTION_JWT_PRIVATE_KEYSET_FILEPath to the private JWT keyset file
SERVER_ENCRYPTION_CLOUDKMS_ENABLEDWhether Google Cloud KMS is enabledfalse
SERVER_ENCRYPTION_CLOUDKMS_KEY_URIURI of the key in Google Cloud KMS
SERVER_ENCRYPTION_CLOUDKMS_CREDENTIALS_JSONJSON credentials for Google Cloud KMS

Authentication Configuration

VariableDescriptionDefault Value
SERVER_AUTH_RESTRICTED_EMAIL_DOMAINSRestricted email domains
SERVER_AUTH_BASIC_AUTH_ENABLEDWhether basic auth is enabledtrue
SERVER_AUTH_SET_EMAIL_VERIFIEDWhether the user’s email is set to verified automaticallyfalse
SERVER_AUTH_COOKIE_NAMEName of the cookiehatchet
SERVER_AUTH_COOKIE_DOMAINDomain for the cookie
SERVER_AUTH_COOKIE_SECRETSCookie secrets
SERVER_AUTH_COOKIE_INSECUREWhether the cookie is insecurefalse
SERVER_AUTH_GOOGLE_ENABLEDWhether Google auth is enabledfalse
SERVER_AUTH_GOOGLE_CLIENT_IDGoogle auth client ID
SERVER_AUTH_GOOGLE_CLIENT_SECRETGoogle auth client secret
SERVER_AUTH_GOOGLE_SCOPESGoogle auth scopes["openid", "profile", "email"]
SERVER_AUTH_GITHUB_ENABLEDWhether GitHub auth is enabledfalse
SERVER_AUTH_GITHUB_CLIENT_IDGitHub auth client ID
SERVER_AUTH_GITHUB_CLIENT_SECRETGitHub auth client secret
SERVER_AUTH_GITHUB_SCOPESGitHub auth scopes["read:user", "user:email"]

Task Queue Configuration

VariableDescriptionDefault Value
SERVER_MSGQUEUE_KINDMessage queue kind
SERVER_MSGQUEUE_RABBITMQ_URLRabbitMQ URLamqp://user:password@localhost:5672/

TLS Configuration

VariableDescriptionDefault Value
SERVER_TLS_STRATEGYTLS strategy
SERVER_TLS_CERTTLS certificate
SERVER_TLS_CERT_FILEPath to the TLS certificate file
SERVER_TLS_KEYTLS key
SERVER_TLS_KEY_FILEPath to the TLS key file
SERVER_TLS_ROOT_CATLS root CA
SERVER_TLS_ROOT_CA_FILEPath to the TLS root CA file
SERVER_TLS_SERVER_NAMETLS server name

Logging Configuration

VariableDescriptionDefault Value
SERVER_LOGGER_LEVELLogger level
SERVER_LOGGER_FORMATLogger format
DATABASE_LOGGER_LEVELLogger level
DATABASE_LOGGER_FORMATLogger format

OpenTelemetry Configuration

VariableDescriptionDefault Value
SERVER_OTEL_SERVICE_NAMEService name for OpenTelemetry
SERVER_OTEL_COLLECTOR_URLCollector URL for OpenTelemetry
SERVER_OTEL_INSECUREWhether to use an insecure connection to the collector URL

Tenant Alerting Configuration

VariableDescriptionDefault Value
SERVER_TENANT_ALERTING_SLACK_ENABLEDEnable Slack for tenant alerting
SERVER_TENANT_ALERTING_SLACK_CLIENT_IDSlack client ID
SERVER_TENANT_ALERTING_SLACK_CLIENT_SECRETSlack client secret
SERVER_TENANT_ALERTING_SLACK_SCOPESSlack scopes["incoming-webhook"]
High AvailabilityPrometheus Metrics