Configuration
Tyk Edge Gateway (Edge Gateway) is configured primarily using environment variables.Configuration Precedence
The application loads configuration in the following order of precedence (highest to lowest):- Shell Environment Variables: Variables set in the OS/Shell (e.g.,
export PORT=9090) always override everything else. .envFile: Variables loaded from the file specified by the-envflag.- Note: The application checks if a variable is already set in the environment before loading it from the file, ensuring shell variables are preserved.
Command Line Flags
You can specify a.env file using the -env flag when starting the binary:
Supported Formats
- Main Configuration: Only the
.envformat (key=value pairs) is supported via the-envflag. - Plugin Configuration: Supports JSON and YAML files for plugin definitions, specified via the
PLUGINS_CONFIG_PATHenvironment variable.
Environment Variable Type Mapping
When configuring Tyk components using environment variables, it’s important to understand how different data types are represented. The type of each variable is based on its definition in the Go source code. This section provides a guide on how to format values for common data types.| Go Type | Environment Variable Format | Example |
|---|---|---|
string | A regular string of text. | TYK_GW_SECRET="mysecret" |
int, int64 | A whole number. | TYK_GW_LISTENPORT=8080 |
bool | true or false. | TYK_GW_USEDBAPPCONFIG=true |
[]string | A comma-separated list of strings. | TYK_PMP_PUMPS_STDOUT_FILTERS_SKIPPEDAPIIDS="api1,api2,api3" |
map[string]string | A comma-separated list of key:value pairs. | TYK_GW_GLOBALHEADERS="X-Tyk-Test:true,X-Tyk-Version:1.0" |
map[string]interface{} | A JSON string representing the object. | TYK_GW_POLICIES_POLICYSOURCE_CONFIG='{"connection_string": "..."}' |
For complex types like
map[string]interface{}, the value should be a valid JSON string. For []string and map[string]string, ensure there are no spaces around the commas unless they are part of the value itself.Variables
PORT
ENV: PORTType:
integerDefault:
8080The port for the server to listen on.
HOST
ENV: HOSTType:
stringDefault:
0.0.0.0The host for the server to bind to.
TLS_ENABLED
ENV: TLS_ENABLEDType:
booleanDefault:
falseEnable TLS.
TLS_CERT_PATH
ENV: TLS_CERT_PATHType:
stringThe path to the TLS certificate file.
TLS_KEY_PATH
ENV: TLS_KEY_PATHType:
stringThe path to the TLS key file.
READ_TIMEOUT
ENV: READ_TIMEOUTType:
stringDefault:
300sThe read timeout for the server.
WRITE_TIMEOUT
ENV: WRITE_TIMEOUTType:
stringDefault:
300sThe write timeout for the server.
IDLE_TIMEOUT
ENV: IDLE_TIMEOUTType:
stringDefault:
120sThe idle timeout for the server.
SHUTDOWN_TIMEOUT
ENV: SHUTDOWN_TIMEOUTType:
stringDefault:
30sThe shutdown timeout for the server.
DATABASE_TYPE
ENV: DATABASE_TYPEType:
stringDefault:
sqliteThe type of database to use (
sqlite or postgres).
DATABASE_DSN
ENV: DATABASE_DSNType:
stringDefault:
file:./data/microgateway.db?cache=shared&mode=rwcThe database connection string.
DB_MAX_OPEN_CONNS
ENV: DB_MAX_OPEN_CONNSType:
integerDefault:
25The maximum number of open database connections.
DB_MAX_IDLE_CONNS
ENV: DB_MAX_IDLE_CONNSType:
integerDefault:
25The maximum number of idle database connections.
DB_CONN_MAX_LIFETIME
ENV: DB_CONN_MAX_LIFETIMEType:
stringDefault:
5mThe maximum lifetime of a database connection.
DB_AUTO_MIGRATE
ENV: DB_AUTO_MIGRATEType:
booleanDefault:
trueEnable automatic database migrations.
DB_LOG_LEVEL
ENV: DB_LOG_LEVELType:
stringDefault:
warnThe log level for the database.
CACHE_ENABLED
ENV: CACHE_ENABLEDType:
booleanDefault:
trueEnable caching.
CACHE_MAX_SIZE
ENV: CACHE_MAX_SIZEType:
integerDefault:
1000The maximum size of the cache.
CACHE_TTL
ENV: CACHE_TTLType:
stringDefault:
1hThe time-to-live for cache entries.
CACHE_CLEANUP_INTERVAL
ENV: CACHE_CLEANUP_INTERVALType:
stringDefault:
10mThe cleanup interval for the cache.
CACHE_PERSIST_TO_DB
ENV: CACHE_PERSIST_TO_DBType:
booleanDefault:
falsePersist the cache to the database.
GATEWAY_TIMEOUT
ENV: GATEWAY_TIMEOUTType:
stringDefault:
30sThe timeout for the gateway.
GATEWAY_MAX_REQUEST_SIZE
ENV: GATEWAY_MAX_REQUEST_SIZEType:
integerDefault:
10485760The maximum request size for the gateway.
GATEWAY_MAX_RESPONSE_SIZE
ENV: GATEWAY_MAX_RESPONSE_SIZEType:
integerDefault:
52428800The maximum response size for the gateway.
GATEWAY_DEFAULT_RATE_LIMIT
ENV: GATEWAY_DEFAULT_RATE_LIMITType:
integerDefault:
100The default rate limit for the gateway.
GATEWAY_ENABLE_FILTERS
ENV: GATEWAY_ENABLE_FILTERSType:
booleanDefault:
trueEnable filters in the gateway.
GATEWAY_ENABLE_ANALYTICS
ENV: GATEWAY_ENABLE_ANALYTICSType:
booleanDefault:
trueEnable analytics in the gateway.
ANALYTICS_ENABLED
ENV: ANALYTICS_ENABLEDType:
booleanDefault:
trueEnable analytics.
ANALYTICS_BUFFER_SIZE
ENV: ANALYTICS_BUFFER_SIZEType:
integerDefault:
1000The buffer size for analytics.
ANALYTICS_FLUSH_INTERVAL
ENV: ANALYTICS_FLUSH_INTERVALType:
stringDefault:
10sThe flush interval for analytics.
ANALYTICS_RETENTION_DAYS
ENV: ANALYTICS_RETENTION_DAYSType:
integerDefault:
90The retention period for analytics in days.
ANALYTICS_REALTIME
ENV: ANALYTICS_REALTIMEType:
booleanDefault:
falseEnable real-time analytics.
JWT_SECRET
ENV: JWT_SECRETType:
stringDefault:
change-me-in-productionThe secret key for JWTs.
ENCRYPTION_KEY
ENV: ENCRYPTION_KEYType:
stringDefault:
change-me-in-productionThe encryption key.
BCRYPT_COST
ENV: BCRYPT_COSTType:
integerDefault:
10The cost factor for bcrypt.
TOKEN_LENGTH
ENV: TOKEN_LENGTHType:
integerDefault:
32The length of generated tokens.
SESSION_TIMEOUT
ENV: SESSION_TIMEOUTType:
stringDefault:
24hThe timeout for sessions.
ENABLE_RATE_LIMITING
ENV: ENABLE_RATE_LIMITINGType:
booleanDefault:
trueEnable rate limiting.
ENABLE_IP_WHITELIST
ENV: ENABLE_IP_WHITELISTType:
booleanDefault:
falseEnable IP whitelisting.
LOG_LEVEL
ENV: LOG_LEVELType:
stringDefault:
infoThe log level.
LOG_FORMAT
ENV: LOG_FORMATType:
stringDefault:
textThe log format (
json or text).
ENABLE_METRICS
ENV: ENABLE_METRICSType:
booleanDefault:
trueEnable metrics.
METRICS_PATH
ENV: METRICS_PATHType:
stringDefault:
/metricsThe path for metrics.
ENABLE_TRACING
ENV: ENABLE_TRACINGType:
booleanDefault:
falseEnable tracing.
TRACING_ENDPOINT
ENV: TRACING_ENDPOINTType:
stringThe endpoint for tracing.
ENABLE_PROFILING
ENV: ENABLE_PROFILINGType:
booleanDefault:
falseEnable profiling.
GATEWAY_MODE
ENV: GATEWAY_MODEType:
stringDefault:
standaloneThe gateway mode (
standalone or edge).
CONTROL_ENDPOINT
ENV: CONTROL_ENDPOINTType:
stringThe gRPC endpoint of the control plane.
EDGE_ID
ENV: EDGE_IDType:
stringA unique ID for the edge gateway.
EDGE_NAMESPACE
ENV: EDGE_NAMESPACEType:
stringThe namespace for the edge gateway.
EDGE_RECONNECT_INTERVAL
ENV: EDGE_RECONNECT_INTERVALType:
stringDefault:
5sThe interval to wait before reconnecting to the control plane.
EDGE_HEARTBEAT_INTERVAL
ENV: EDGE_HEARTBEAT_INTERVALType:
stringDefault:
30sThe interval for sending heartbeats to the control plane.
EDGE_SYNC_TIMEOUT
ENV: EDGE_SYNC_TIMEOUTType:
stringDefault:
10sThe timeout for syncing configuration from the control plane.
EDGE_AUTH_TOKEN
ENV: EDGE_AUTH_TOKENType:
stringThe authentication token for connecting to the control plane.
EDGE_TLS_ENABLED
ENV: EDGE_TLS_ENABLEDType:
booleanDefault:
trueEnable TLS for the connection to the control plane.
EDGE_TLS_CERT_PATH
ENV: EDGE_TLS_CERT_PATHType:
stringThe path to the client TLS certificate file.
EDGE_TLS_KEY_PATH
ENV: EDGE_TLS_KEY_PATHType:
stringThe path to the client TLS key file.
EDGE_TLS_CA_PATH
ENV: EDGE_TLS_CA_PATHType:
stringThe path to the CA certificate file for verifying the control plane’s certificate.
EDGE_SKIP_TLS_VERIFY
ENV: EDGE_SKIP_TLS_VERIFYType:
booleanDefault:
falseSkip TLS certificate verification.
EDGE_ALLOW_INSECURE
ENV: EDGE_ALLOW_INSECUREType:
booleanDefault:
falseAllow insecure connections to the control plane.