All configuration is controlled through environment variables. This page documents the application defaults from crates/services/api/src/settings/mod.rs and calls out the local docker-compose.yaml overrides where they differ.
Variable App default Local compose Description
POSTGRES_HOSTlocalhostlocalhostPostgreSQL host POSTGRES_PORT54325433PostgreSQL port POSTGRES_USERNAMEsyndbsyndbPostgreSQL user POSTGRES_PASSWORDsyndbsyndbPostgreSQL password POSTGRES_PATHsyndbsyndb_testDatabase name POSTGRES_READ_HOSTunset unset Optional read replica host DB_POOL_MAX20unchanged Max connection pool size DB_POOL_MIN2unchanged Min idle connections DB_CONNECT_TIMEOUT_SECS10unchanged PostgreSQL connect timeout CLICKHOUSE_HOSTlocalhostlocalhostClickHouse host CLICKHOUSE_PORT84438123ClickHouse HTTP port CLICKHOUSE_USERNAMEdefaultdefaultClickHouse user CLICKHOUSE_DATABASEsyndbsyndbClickHouse database CLICKHOUSE_SECUREtruefalseUse HTTPS/TLS for ClickHouse
Variable Default Description
S3_ACCESS_KEY— Access key S3_SECRET_KEY— Secret key S3_ENDPOINTunset Custom endpoint for MinIO or other S3-compatible storage S3_REGIONunset AWS region
Bucket names: syndb-mesh, syndb-swb, syndb-search, syndb-jobs. No underscores allowed in bucket names.
Variable Default Description
PASSLIB_SECRET— PASETO v4.local symmetric key (minimum 32 bytes) SERVICE_SECRET— Service account registration secret UI_BASE_URLhttp://localhost:8090/uiOAuth callback redirect base URL ACCESS_TOKEN_LIFETIME900 (15 min)Access token TTL in seconds REFRESH_TOKEN_LIFETIME2592000 (30 days)Refresh token TTL in seconds COOKIE_SAME_SITEStrictSameSite attribute for auth cookies COOKIE_SECUREtrueWhether auth cookies require HTTPS REQUIRE_AUTHENTICATIONtrueRequire auth on protected endpoints
Variable Description
OA_GITHUB_ID, OA_GITHUB_SECRETGitHub OAuth app credentials OA_GOOGLE_ID, OA_GOOGLE_SECRETGoogle OAuth credentials OA_ORCID_ID, OA_ORCID_SECRETORCID OAuth credentials OA_CILOGON_ID, OA_CILOGON_SECRETCILogon OAuth credentials OA_GITLAB_ID, OA_GITLAB_SECRETGitLab OAuth credentials OA_GITLAB_URLCustom GitLab instance URL OA_ORCID_SANDBOXUse sandbox.orcid.org (false) OA_CILOGON_SANDBOXUse test.cilogon.org (false) OAUTH_PROVIDER_BASE_URLOverride provider URLs (testing)
Variable Default Description
FEDERATION_LISTEN_ADDROS-assigned libp2p listen address FEDERATION_ENABLE_MDNStrueEnable mDNS LAN discovery FEDERATION_HUB_MULTIADDRS— Comma-separated hub multiaddrs for WAN FEDERATION_CLUSTER_NAME— Cluster identifier (required for node mode) FEDERATION_CLUSTER_DESCRIPTION— Cluster description FEDERATION_CLUSTER_INSTITUTION— Institution name FEDERATION_PASSWORD— Shared federation secret FEDERATION_CLUSTER_NATIVE_PORT9440ClickHouse native port for remote() FEDERATION_NODE_FLIGHT_PORT50052Internal Flight gRPC port FEDERATION_NODE_FLIGHT_ADVERTISEunset Advertised internal Flight endpoint (host:port); defaults to localhost:<FEDERATION_NODE_FLIGHT_PORT> when omitted FEDERATION_DELEGATION_TIMEOUT_SECS30Timeout for delegated requests
Variable Default Description
API_DOMAINlocalhostPublic API host name used for generated links DEV_MODEfalsePermissive CORS, data seeding DEBUGfalseVerbose SQL logging TESTINGfalseSkip federation/job queue init REQUEST_TIMEOUT_SECS60HTTP handler timeout HTTP_CLIENT_TIMEOUT_SECS30Internal HTTP client timeout UPLOAD_TIMEOUT21600 (6 hours)Upload timeout FLIGHT_PORT50051Arrow Flight server port
Variable Default Description
RATE_LIMIT_PER_SECOND100Sustained request rate per IP RATE_LIMIT_BURST200Burst capacity per IP
Variable Default Description
JOB_QUEUE_MAX_WORKERS4Max concurrent job workers JOB_RESULT_TTL_HOURS24Result retention JOB_MAX_RESULT_BYTES1073741824 (1 GB)Max result size
Variable Default Description
MEILISEARCH_URLunset Base URL for Meilisearch, for example http://localhost:7700 MEILISEARCH_API_KEY— Meilisearch API key