Overview - Flipt

Configuration File

The default way that Flipt is configured is with the use of a configuration file default.yml.

This file is read when Flipt starts up and configures several important properties for the server.

We have both a JSON schema and a Cue schema that you can use to validate your configuration file and it’s properties.

You can edit any of these properties to your liking, and on restart Flipt will pick up the new changes.

These defaults are commented out in default.yml to give you an idea of what they are. To change them you’ll first need to uncomment them.

These properties are as follows:

General

Property	Description	Default	Since
ui.enabled	Enable UI and API docs	true
cors.enabled	Enable CORS support	false	v0.7.0
cors.allowed_origins	Sets Access-Control-Allow-Origin header on server	”*” (all domains)	v0.7.0
meta.check_for_updates	Enable check for newer versions of Flipt on startup	true	v0.17.0
meta.telemetry_enabled	Enable anonymous telemetry data (see Telemetry)	true	v1.8.0
meta.state_directory	Directory on the host to store local state	$HOME/.config/flipt	v1.8.0

Logging

Property	Description	Default	Since
log.level	Level at which messages are logged (trace, debug, info, warn, error, fatal, panic)	info
log.grpc_level	Level at which gRPC messages are logged (trace, debug, info, warn, error, fatal, panic)	error	v1.12.0
log.file	File to log to instead of STDOUT		v0.10.0
log.encoding	Encoding to use for logging (json, console)	console	v1.12.0
log.keys.time	Structured logging key used when outputting log timestamp	T	v1.18.1
log.keys.level	Structured logging key used when outputting log level	L	v1.18.1
log.keys.message	Structured logging key used when outputting log message	M	v1.18.1

Server

Property	Description	Default	Since
server.protocol	http or https	http	v0.8.0
server.host	The host address on which to serve the Flipt application	0.0.0.0
server.http_port	The HTTP port on which to serve the Flipt REST API and UI	8080
server.https_port	The HTTPS port on which to serve the Flipt REST API and UI	443	v0.8.0
server.grpc_port	The port on which to serve the Flipt GRPC server	9000
server.cert_file	Path to the certificate file (if protocol is set to https)		v0.8.0
server.cert_key	Path to the certificate key file (if protocol is set to https)		v0.8.0

Tracing

Property	Description	Default	Since
tracing.enabled	Enable tracing support	false	v1.18.2
tracing.exporter	The exporter to use (jaeger, zipkin, otlp)	jaeger	v1.18.2

Tracing: Jaeger

Property	Description	Default	Since
tracing.jaeger.host	The UDP host destination to report spans	localhost	v0.17.0
tracing.jaeger.port	The UDP port destination to report spans	6831	v0.17.0

Tracing: Zipkin

Property	Description	Default	Since
tracing.zipkin.endpoint	The Zipkin API endpoint to report spans	http://localhost:9411/api/v2/spans	v1.18.2

Tracing: OTLP

Property	Description	Default	Since
tracing.otlp.endpoint	The OTLP GRPC reciever address	localhost:4317	v1.18.2

Database

Property	Description	Default	Since
db.url	URL to access Flipt database	file:/var/opt/flipt/flipt.db
db.protocol	Protocol (Sqlite, MySQL, PostgreSQL, CockroachDB) for Flipt database (URL takes precedence)		v0.18.0
db.host	Host to access Flipt database (URL takes precedence)		v0.18.0
db.port	Port to access Flipt database (URL takes precedence)		v0.18.0
db.name	Name of Flipt database (URL takes precedence)		v0.18.0
db.user	User to access Flipt database (URL takes precedence)		v0.18.0
db.password	Password to access Flipt database (URL takes precedence)		v0.18.0
db.max_idle_conn	The maximum number of connections in the idle connection pool	2	v0.17.0
db.max_open_conn	The maximum number of open connections to the database	unlimited	v0.17.0
db.conn_max_lifetime	Sets the maximum amount of time in which a connection can be reused	unlimited	v0.17.0

Authentication

Property	Description	Default	Since
authentication.required	Enable or disable authentication validation on requests	false	v1.15.0
authentication.session.domain	Public domain on which Flipt instance is hosted		v1.17.0
authentication.session.secure	Configures the `Secure` property on created session cookies	false	v1.17.0
authentication.session.token_lifetime	Configures the lifetime of the session token (login duration)	24h	v1.17.0
authentication.session.state_lifetime	Configures the lifetime of state parameters during OAuth flow	10m	v1.17.0
authentication.session.csrf.key	Secret credential used to sign CSRF prevention tokens		v1.17.0

Authentication Methods: Token

Property	Description	Default	Since
authentication.methods.token.enabled	Enable static token creation	false	v1.15.0
authentication.methods.token.cleanup.interval	Interval between deletion of expired tokens	1h	v1.16.0
authentication.methods.token.cleanup.grace_period	How long an expired token can exist until considered deletable	30m	v1.16.0
authentication.methods.token.bootstrap.token	The static token to use for bootstrapping		v1.19.0
authentication.methods.token.bootstrap.expiration	How long after creation until the static bootstrap token expires		v1.19.0

Authentication Methods: OIDC

Property	Description	Default	Since
authentication.methods.oidc.enabled	Enable OIDC authentication	false	v1.17.0
authentication.methods.oidc.cleanup.interval	Interval between deletion of expired tokens	1h	v1.17.0
authentication.methods.oidc.cleanup.grace_period	How long an expired token can exist until considered deletable	30m	v1.17.0
authentication.methods.oidc.providers.[provider].issuer_url	Provider specific OIDC issuer URL (see your providers docs)		v1.17.0
authentication.methods.oidc.providers.[provider].client_id	Provider specific OIDC client ID (see your providers docs)		v1.17.0
authentication.methods.oidc.providers.[provider].client_secret	Provider specific OIDC client secret (see your providers docs)		v1.17.0
authentication.methods.oidc.providers.[provider].redirect_address	Public URL on which this Flipt instance is reachable		v1.17.0
authentication.methods.oidc.providers.[provider].scopes	Scopes to request from the provider		v1.17.0

Authentication Methods: Kubernetes

Property	Description	Default	Since
authentication.methods.kubernetes.enabled	Enable Kubernetes service account token authentication	false	v1.19.0
authentication.methods.kubernetes.cleanup.interval	Interval between deletion of expired tokens	1h	v1.19.0
authentication.methods.kubernetes.cleanup.grace_period	How long an expired token can exist until considered deletable	30m	v1.19.0
authentication.methods.kubernetes.discovery_url	Kubernetes API server URL for OIDC configuration discovery	https://kubernetes.default.svc.cluster.local	v1.19.0
authentication.methods.kubernetes.ca_path	Kubernetes API CA certification path	/var/run/secrets/kubernetes.io/serviceaccount/ca.crt	v1.19.0
authentication.methods.kubernetes.service_account_token_path	Path to Flipts service account token	/var/run/secrets/kubernetes.io/serviceaccount/token	v1.19.0

Cache

Property	Description	Default	Since
cache.enabled	Enable caching of data	false	v1.10.0
cache.ttl	Time to live for cached data	60s	v1.10.0
cache.backend	The backend to use for caching (options: memory, redis)	memory	v1.10.0

Cache: Memory

Property	Description	Default	Since
cache.memory.eviction_interval	Interval at which expired items are evicted from the in-memory cache	5m	v0.12.0

Cache: Redis

Property	Description	Default	Since
cache.redis.host	Host to access the Redis database	localhost	v1.10.0
cache.redis.port	Port to access the Redis database	6379	v1.10.0
cache.redis.db	Redis database to use	0	v1.10.0
cache.redis.password	Password to access the Redis database		v1.10.0

Deprecations

From time to time configuration options will need to be deprecated and eventually removed. Deprecated configuration options will be removed after ~6 months from the time they were deprecated.

All deprecated configuration options will be removed from the documentation, however, they will still work as expected until they are removed. A warning will be logged in the Flipt logs when a deprecated configuration option is used.

All deprecated options are listed in the DEPRECATIONS file in the Flipt repository as well as the CHANGELOG.

Environment Variables

All options in the configuration file can be overridden using environment variables using the syntax:

FLIPT_<SectionName>_<KeyName>

Using environment variables to override defaults is especially helpful when running with Docker as described in the Installation documentation.

Keys should be uppercase and . should be replaced by _. For example, given these configuration settings:

server:
  grpc_port: 9000

db:
  url: file:/var/opt/flipt/flipt.db

You can override them using:

export FLIPT_SERVER_GRPC_PORT=9001
export FLIPT_DB_URL="postgres://postgres@localhost:5432/flipt?sslmode=disable"

Multiple Values

Some configuration options can have a list of values. For example, the cors.allowed_origins option can have multiple origins.

In this case, you can use a space separated list of values for the environment variable override:

export FLIPT_CORS_ALLOWED_ORIGINS="http://localhost:3000 http://localhost:3001"

​Configuration File

​General

​Logging

​Server

​Tracing

​Tracing: Jaeger

​Tracing: Zipkin

​Tracing: OTLP

​Database

​Authentication

​Authentication Methods: Token

​Authentication Methods: OIDC

​Authentication Methods: Kubernetes

​Cache

​Cache: Memory

​Cache: Redis

​Deprecations

​Environment Variables

​Multiple Values