1. Configuration
  2. Overview

Configuration File

The default way that Flipt is configured is with the use of a configuration file default.yml.

This file is read when Flipt starts up and configures several important properties for the server.

We have both a JSON schema and a Cue schema that you can use to validate your configuration file and it’s properties.

You can edit any of these properties to your liking, and on restart Flipt will pick up the new changes.

These defaults are commented out in default.yml to give you an idea of what they are. To change them you’ll first need to uncomment them.

These properties are as follows:

General

PropertyDescriptionDefaultSince
ui.enabledEnable UI and API docstrue
cors.enabledEnable CORS supportfalsev0.7.0
cors.allowed_originsSets Access-Control-Allow-Origin header on server”*” (all domains)v0.7.0
meta.check_for_updatesEnable check for newer versions of Flipt on startuptruev0.17.0
meta.telemetry_enabledEnable anonymous telemetry data (see Telemetry)truev1.8.0
meta.state_directoryDirectory on the host to store local state$HOME/.config/fliptv1.8.0

Logging

PropertyDescriptionDefaultSince
log.levelLevel at which messages are logged (trace, debug, info, warn, error, fatal, panic)info
log.grpc_levelLevel at which gRPC messages are logged (trace, debug, info, warn, error, fatal, panic)errorv1.12.0
log.fileFile to log to instead of STDOUTv0.10.0
log.encodingEncoding to use for logging (json, console)consolev1.12.0
log.keys.timeStructured logging key used when outputting log timestampTv1.18.1
log.keys.levelStructured logging key used when outputting log levelLv1.18.1
log.keys.messageStructured logging key used when outputting log messageMv1.18.1

Server

PropertyDescriptionDefaultSince
server.protocolhttp or httpshttpv0.8.0
server.hostThe host address on which to serve the Flipt application0.0.0.0
server.http_portThe HTTP port on which to serve the Flipt REST API and UI8080
server.https_portThe HTTPS port on which to serve the Flipt REST API and UI443v0.8.0
server.grpc_portThe port on which to serve the Flipt GRPC server9000
server.cert_filePath to the certificate file (if protocol is set to https)v0.8.0
server.cert_keyPath to the certificate key file (if protocol is set to https)v0.8.0

Tracing

PropertyDescriptionDefaultSince
tracing.enabledEnable tracing supportfalsev1.18.2
tracing.exporterThe exporter to use (jaeger, zipkin, otlp)jaegerv1.18.2

Tracing: Jaeger

PropertyDescriptionDefaultSince
tracing.jaeger.hostThe UDP host destination to report spanslocalhostv0.17.0
tracing.jaeger.portThe UDP port destination to report spans6831v0.17.0

Tracing: Zipkin

PropertyDescriptionDefaultSince
tracing.zipkin.endpointThe Zipkin API endpoint to report spanshttp://localhost:9411/api/v2/spansv1.18.2

Tracing: OTLP

PropertyDescriptionDefaultSince
tracing.otlp.endpointThe OTLP GRPC reciever addresslocalhost:4317v1.18.2

Database

PropertyDescriptionDefaultSince
db.urlURL to access Flipt databasefile:/var/opt/flipt/flipt.db
db.protocolProtocol (Sqlite, MySQL, PostgreSQL, CockroachDB) for Flipt database (URL takes precedence)v0.18.0
db.hostHost to access Flipt database (URL takes precedence)v0.18.0
db.portPort to access Flipt database (URL takes precedence)v0.18.0
db.nameName of Flipt database (URL takes precedence)v0.18.0
db.userUser to access Flipt database (URL takes precedence)v0.18.0
db.passwordPassword to access Flipt database (URL takes precedence)v0.18.0
db.max_idle_connThe maximum number of connections in the idle connection pool2v0.17.0
db.max_open_connThe maximum number of open connections to the databaseunlimitedv0.17.0
db.conn_max_lifetimeSets the maximum amount of time in which a connection can be reusedunlimitedv0.17.0

Authentication

PropertyDescriptionDefaultSince
authentication.requiredEnable or disable authentication validation on requestsfalsev1.15.0
authentication.session.domainPublic domain on which Flipt instance is hostedv1.17.0
authentication.session.secureConfigures the Secure property on created session cookiesfalsev1.17.0
authentication.session.token_lifetimeConfigures the lifetime of the session token (login duration)24hv1.17.0
authentication.session.state_lifetimeConfigures the lifetime of state parameters during OAuth flow10mv1.17.0
authentication.session.csrf.keySecret credential used to sign CSRF prevention tokensv1.17.0

Authentication Methods: Token

PropertyDescriptionDefaultSince
authentication.methods.token.enabledEnable static token creationfalsev1.15.0
authentication.methods.token.cleanup.intervalInterval between deletion of expired tokens1hv1.16.0
authentication.methods.token.cleanup.grace_periodHow long an expired token can exist until considered deletable30mv1.16.0
authentication.methods.token.bootstrap.tokenThe static token to use for bootstrappingv1.19.0
authentication.methods.token.bootstrap.expirationHow long after creation until the static bootstrap token expiresv1.19.0

Authentication Methods: OIDC

PropertyDescriptionDefaultSince
authentication.methods.oidc.enabledEnable OIDC authenticationfalsev1.17.0
authentication.methods.oidc.cleanup.intervalInterval between deletion of expired tokens1hv1.17.0
authentication.methods.oidc.cleanup.grace_periodHow long an expired token can exist until considered deletable30mv1.17.0
authentication.methods.oidc.providers.[provider].issuer_urlProvider specific OIDC issuer URL (see your providers docs)v1.17.0
authentication.methods.oidc.providers.[provider].client_idProvider specific OIDC client ID (see your providers docs)v1.17.0
authentication.methods.oidc.providers.[provider].client_secretProvider specific OIDC client secret (see your providers docs)v1.17.0
authentication.methods.oidc.providers.[provider].redirect_addressPublic URL on which this Flipt instance is reachablev1.17.0
authentication.methods.oidc.providers.[provider].scopesScopes to request from the providerv1.17.0

Authentication Methods: Kubernetes

PropertyDescriptionDefaultSince
authentication.methods.kubernetes.enabledEnable Kubernetes service account token authenticationfalsev1.19.0
authentication.methods.kubernetes.cleanup.intervalInterval between deletion of expired tokens1hv1.19.0
authentication.methods.kubernetes.cleanup.grace_periodHow long an expired token can exist until considered deletable30mv1.19.0
authentication.methods.kubernetes.discovery_urlKubernetes API server URL for OIDC configuration discoveryhttps://kubernetes.default.svc.cluster.localv1.19.0
authentication.methods.kubernetes.ca_pathKubernetes API CA certification path/var/run/secrets/kubernetes.io/serviceaccount/ca.crtv1.19.0
authentication.methods.kubernetes.service_account_token_pathPath to Flipts service account token/var/run/secrets/kubernetes.io/serviceaccount/tokenv1.19.0

Cache

PropertyDescriptionDefaultSince
cache.enabledEnable caching of datafalsev1.10.0
cache.ttlTime to live for cached data60sv1.10.0
cache.backendThe backend to use for caching (options: memory, redis)memoryv1.10.0

Cache: Memory

PropertyDescriptionDefaultSince
cache.memory.eviction_intervalInterval at which expired items are evicted from the in-memory cache5mv0.12.0

Cache: Redis

PropertyDescriptionDefaultSince
cache.redis.hostHost to access the Redis databaselocalhostv1.10.0
cache.redis.portPort to access the Redis database6379v1.10.0
cache.redis.dbRedis database to use0v1.10.0
cache.redis.passwordPassword to access the Redis databasev1.10.0

Deprecations

From time to time configuration options will need to be deprecated and eventually removed. Deprecated configuration options will be removed after ~6 months from the time they were deprecated.

All deprecated configuration options will be removed from the documentation, however, they will still work as expected until they are removed. A warning will be logged in the Flipt logs when a deprecated configuration option is used.

All deprecated options are listed in the DEPRECATIONS file in the Flipt repository as well as the CHANGELOG.

Environment Variables

All options in the configuration file can be overridden using environment variables using the syntax:

FLIPT_<SectionName>_<KeyName>

Using environment variables to override defaults is especially helpful when running with Docker as described in the Installation documentation.

Keys should be uppercase and . should be replaced by _. For example, given these configuration settings:

server:
  grpc_port: 9000

db:
  url: file:/var/opt/flipt/flipt.db

You can override them using:

export FLIPT_SERVER_GRPC_PORT=9001
export FLIPT_DB_URL="postgres://postgres@localhost:5432/flipt?sslmode=disable"

Multiple Values

Some configuration options can have a list of values. For example, the cors.allowed_origins option can have multiple origins.

In this case, you can use a space separated list of values for the environment variable override:

export FLIPT_CORS_ALLOWED_ORIGINS="http://localhost:3000 http://localhost:3001"