> ## Documentation Index
> Fetch the complete documentation index at: https://tyk.io/docs/llms.txt
> Use this file to discover all available pages before exploring further.
# Tyk Dashboard Configuration Options
> Configuration options and environment variables for Tyk Dashboard.
You can use environment variables to override the config file for the Tyk Dashboard. The Dashboard configuration file can be found in the `tyk-dashboard` folder and by default is called `tyk_analytics.conf`, though it can be renamed and specified using the `--conf` flag. Environment variables are created from the dot notation versions of the JSON objects contained with the config files.
To understand how the environment variables notation works, see [Environment Variables](/tyk-oss-gateway/configuration).
The Tyk Dashboard has a separate configuration file, it is small and comes packaged with the tarball. It uses a separate configuration file as it may be installed on a different host to your Tyk Gateway nodes.
The Dashboard configuration file can be found in the `tyk-dashboard` folder and by default is called `tyk_analytics.conf`, though it can be renamed and specified using the `--conf` flag.
Please consult the [data storage configuration](/api-management/dashboard-configuration#data-storage-solutions) guide for further information relating to how to configure Tyk's data storage across different database engines.
### Environment Variables
All the Dashboard environment variables have the prefix `TYK_DB_`. The environment variables will take precedence over the values in the configuration file.
### Environment Variable Type Mapping
When configuring Tyk components using environment variables, it's important to understand how different data types are represented. The type of each variable is based on its definition in the Go source code. This section provides a guide on how to format values for common data types.
| Go Type | Environment Variable Format | Example |
| ------------------------ | ------------------------------------------ | -------------------------------------------------------------------- |
| `string` | A regular string of text. | `TYK_GW_SECRET="mysecret"` |
| `int`, `int64` | A whole number. | `TYK_GW_LISTENPORT=8080` |
| `bool` | `true` or `false`. | `TYK_GW_USEDBAPPCONFIG=true` |
| `[]string` | A comma-separated list of strings. | `TYK_PMP_PUMPS_STDOUT_FILTERS_SKIPPEDAPIIDS="api1,api2,api3"` |
| `map[string]string` | A comma-separated list of key:value pairs. | `TYK_GW_GLOBALHEADERS="X-Tyk-Test:true,X-Tyk-Version:1.0"` |
| `map[string]interface{}` | A JSON string representing the object. | `TYK_GW_POLICIES_POLICYSOURCE_CONFIG='{"connection_string": "..."}'` |
For complex types like `map[string]interface{}`, the value should be a valid JSON string. For `[]string` and `map[string]string`, ensure there are no spaces around the commas unless they are part of the value itself.
Environment variables (env var) can be used to override the settings defined in the configuration file. Where an environment variable is specified, its value will take precedence over the value in the configuration file.
The file will look like the sample below, the various fields are explained in the following sections:
```json theme={null}
{
"listen_port": 3000,
"log_level": "info",
"tyk_api_config": {
"Host": "http://tyk-gateway",
"Port": "8080",
"Secret": "352d20ee67be67f6340b4c0605b044b7"
},
"enable_aggregate_lookups": true,
"storage": {
"main": {
"type": "postgres",
"connection_string": "user=laurentiughiur password=test123 database='tyk-test' host=127.0.0.1 port=5432",
"table_sharding": true
},
"analytics": {
"type": "postgres",
"connection_string": "user=laurentiughiur password=test123 database='tyk-test' host=127.0.0.1 port=5432",
"table_sharding": true
},
"logs": {
"type": "postgres",
"connection_string": "user=laurentiughiur password=test123 database='tyk-test' host=127.0.0.1 port=5432",
"table_sharding": true
},
"uptime": {
"type": "postgres",
"connection_string": "user=laurentiughiur password=test123 database='tyk-test' host=127.0.0.1 port=5432",
"table_sharding": true
}
},
"enable_ownership": false,
"mongo_url": "mongodb://tyk-mongo:27017/tyk_analytics",
"mongo_use_ssl": false,
"mongo_ssl_insecure_skip_verify": false,
"mongo_session_consistency": "",
"mongo_batch_size": 2000,
"page_size": 10,
"admin_secret": "12345",
"shared_node_secret": "352d20ee67be67f6340b4c0605b044b7",
"redis_port": 6379,
"redis_host": "tyk-redis",
"redis_username": "",
"redis_password": "",
"redis_master_name": "",
"redis_timeout": 0,
"redis_database": 0,
"enable_cluster": false,
"redis_use_ssl": false,
"redis_ssl_insecure_skip_verify": false,
"force_api_defaults": false,
"notify_on_change": true,
"license_key": "",
"redis_hosts": null,
"redis_addrs": null,
"hash_keys": true,
"enable_hashed_keys_listing": false,
"email_backend": {
"enable_email_notifications": false,
"code": "sendgrid",
"settings": {
"ClientKey": ""
},
"default_from_email": "you@somewhere.com",
"default_from_name": "Some Person",
"dashboard_hostname": ""
},
"hide_listen_path": false,
"sentry_code": "",
"sentry_js_code": "",
"use_sentry": false,
"enable_master_keys": false,
"enable_duplicate_slugs": true,
"show_org_id": true,
"host_config": {
"enable_host_names": true,
"disable_org_slug_prefix": true,
"hostname": "www.tyk-test.com",
"override_hostname": "www.tyk-test.com:8080",
"portal_domains": {},
"portal_root_path": "/portal",
"generate_secure_paths": false,
"secure_cookies": false,
"use_strict_hostmatch": false
},
"http_server_options": {
"use_ssl": false,
"certificates": [],
"min_version": 0,
"ssl_ciphers": null,
"ssl_insecure_skip_verify": false
},
"basic-config-and-security/security": {
"allow_admin_reset_password": false,
"login_failure_username_limit": 0,
"login_failure_ip_limit": 0,
"login_failure_expiration": 0,
"login_disallow_forward_proxy": false,
"audit_log_path": "",
"user_password_max_days": 0,
"enforce_password_history": 0,
"force_first_login_pw_reset": false,
"enable_content_security_policy": false,
"allowed_content_sources": "",
"private_certificate_encoding_secret": "some-secret",
"open_policy":{
"enabled": true,
"debug": true,
"enable_api": true
},
"additional_permissions": {
"api_manager": "API Manager"
}
},
"ui": {
"languages": {
"Chinese": "cn",
"English": "en",
"Korean": "ko"
},
"hide_help": true,
"default_lang": "en",
"login_page": {},
"nav": {
"dont_show_admin_sockets": false,
"hide_activity_by_api_section": false,
"hide_geo": false,
"hide_licenses_section": false,
"hide_logs": false,
"hide_tib_section": false
},
"uptime": {},
"portal_section": null,
"designer": {},
"dont_show_admin_sockets": false,
"dont_allow_license_management": false,
"dont_allow_license_management_view": false,
"cloud": false
},
"home_dir": "/opt/tyk-dashboard",
"identity_broker": {
"enabled": false,
"host": {
"connection_string": "",
"secret": ""
}
},
"tagging_options": {
"tag_all_apis_by_org": false
},
"use_sharded_analytics": true,
"enable_aggregate_lookups": true,
"aggregate_lookup_cutoff": "26/05/2016",
"maintenance_mode": false,
"allow_explicit_policy_id": true,
"private_key_path": "",
"node_schema_path": "",
"oauth_redirect_uri_separator": ";",
"statsd_connection_string": "",
"statsd_prefix": "",
"disable_parallel_sessions": false,
"dashboard_session_lifetime": 0,
"alternative_dashboard_url": "",
"sso_permission_defaults": null,
"sso_default_group_id": "",
"sso_custom_login_url": "",
"sso_custom_portal_login_url": "",
"sso_enable_user_lookup": false,
"notifications_listen_port": 5000,
"portal_session_lifetime": 0,
"enable_delete_key_by_hash": false,
"enable_update_key_by_hash": false,
"audit": {
"enabled": false,
"format": "",
"path": "",
"detailed_recording": false
},
"enable_multi_org_users": false,
"version_check_url": "",
"health_check_endpoint_name": ""
}
```
### listen\_port
ENV: TYK\_DB\_LISTENPORT
Type: `int`
Setting this value will change the port that Tyk Dashboard listens on. Default: 3000.
### tyk\_api\_config
This section contains details for a Tyk Gateway node that the Tyk Dashboard can speak to. The Dashboard controls Tyk using the Gateway API and only requires visibility to one node, so long as all nodes are using the same API Definitions.
If the Dashboard cannot see a Tyk node, key management functions will not work properly.
In a sharded environment, the Gateway node specified in tyk\_api\_config must not be sharded.
### tyk\_api\_config.Host
ENV: TYK\_DB\_TYKAPI\_HOST
Type: `string`
This is the full URL of your Tyk node.
### tyk\_api\_config.Port
ENV: TYK\_DB\_TYKAPI\_PORT
Type: `string`
The port that Tyk is running on
### tyk\_api\_config.Secret
ENV: TYK\_DB\_TYKAPI\_SECRET
Type: `string`
The secret set in your tyk.conf file. This is the key that Tyk Dashboard will use to speak to the Tyk node’s Gateway API. Note that this value **has to match** the secret value in tyk.conf.
### mongo\_url
ENV: TYK\_DB\_MONGOURL
Type: `string`
The full URL to your MongoDB instance, this can be a clustered instance if necessary and should include the database and username / password data.
### mongo\_use\_ssl
ENV: TYK\_DB\_MONGOUSESSL
Type: `bool`
Set to true to enable Mongo SSL connection
### mongo\_ssl\_insecure\_skip\_verify
ENV: TYK\_DB\_MONGOSSLINSECURESKIPVERIFY
Type: `bool`
Allows the use of self-signed certificates when connecting to an encrypted MongoDB database.
### mongo\_ssl\_allow\_invalid\_hostnames
ENV: TYK\_DB\_MONGOSSLALLOWINVALIDHOSTNAMES
Type: `bool`
Ignore hostname check when it differs from the original (for example with SSH tunneling). The rest of the TLS verification will still be performed.
### mongo\_ssl\_ca\_file
ENV: TYK\_DB\_MONGOSSLCAFILE
Type: `string`
Path to the PEM file with trusted root certificates
### mongo\_ssl\_pem\_keyfile
ENV: TYK\_DB\_MONGOSSLPEMKEYFILE
Type: `string`
Path to the PEM file which contains both client certificate and private key. This is required for Mutual TLS.
### mongo\_session\_consistency
ENV: TYK\_DB\_MONGOSESSIONCONSISTENCY
Type: `string`
Mongo session constency: “strong”, “eventual”, or “monotonic”. default is “strong”
### mongo\_batch\_size
ENV: TYK\_DB\_MONGOBATCHSIZE
Type: `int`
Sets the batch size for mongo results. Defaults to 2000.
Increasing this number can decrease dashboard performance. This value cannot be lower than 100 and will fallback to 100 if a lower value has been set.
### mongo\_driver
ENV: TYK\_DB\_MONGODRIVER
Type: `string`
Determines the MongoDB driver used. It could be `mongo-go` to use the official [mongo driver for go v1.12](https://www.mongodb.com/docs/drivers/go/v1.12/) or `mgo` to use [mgo driver](https://github.com/go-mgo/mgo). Since v5.3, the default value is `mongo-go`. It can be set at storage level as well if the database type is mongo. This config is available since dashboard v5.0.2.
### mongo\_direct\_connection
ENV: TYK\_DB\_MONGODIRECTCONNECTION
Type: `bool`
MongoDirectConnection informs whether to establish connections only with the specified seed servers,
or to obtain information for the whole cluster and establish connections with further servers too.
If true, the client will only connect to the host provided in the ConnectionString
and won't attempt to discover other hosts in the cluster. Useful when network restrictions
prevent discovery, such as with SSH tunneling. Default is false.
### page\_size
ENV: TYK\_DB\_PAGESIZE
Type: `int`
The page size that the dashboard should use. Defaults to 10.
### storage
This option allows you to store different types of data in different databases. For example, logs can be stored in one database, analytics in another, and main resources in another.
### storage.main
Main database where the dashboard resources are stored (users, orgs, policies, etc)
### storage.main.type
ENV: TYK\_DB\_STORAGE\_MAIN\_TYPE
Type: `DBType`
Type is the type of the database.
Possible values are:
* "mongo": Use MongoDB.
* "postgres": Use PostgreSQL.
* "mysql": Use MySQL.
### storage.main.connection\_string
ENV: TYK\_DB\_STORAGE\_MAIN\_CONNECTIONSTRING
Type: `string`
ConnectionString is the connection string for the database.
Overrides ReadConnectionString and WriteConnectionString.
### storage.main.read\_connection\_string
ENV: TYK\_DB\_STORAGE\_MAIN\_READCONNECTIONSTRING
Type: `string`
ReadConnectionString is the connection string for read operations.
Only used if ConnectionString is not set.
### storage.main.write\_connection\_string
ENV: TYK\_DB\_STORAGE\_MAIN\_WRITECONNECTIONSTRING
Type: `string`
WriteConnectionString is the connection string for write operations.
Only used if ConnectionString is not set.
### storage.main.mongo
Connection setting for a mongo database
### storage.main.mongo.driver
ENV: TYK\_DB\_STORAGE\_MAIN\_MONGO\_DRIVER
Type: `string`
Driver to use when connected to a mongo database. It could be `mongo-go` to use the official [mongo driver for go v1.12](https://www.mongodb.com/docs/drivers/go/v1.12/) or `mgo` to use [mgo driver](https://github.com/go-mgo/mgo). Since v5.3, the default value is `mongo-go`. This config is available since dashboard v5.0.2
### storage.main.postgres
Connection settings for a Postgres database
### storage.main.postgres.prefer\_simple\_protocol
ENV: TYK\_DB\_STORAGE\_MAIN\_POSTGRES\_PREFERSIMPLEPROTOCOL
Type: `bool`
disables implicit prepared statement usage
### storage.main.mysql
Connection settings for a MySQL database
### storage.main.mysql.default\_string\_size
ENV: TYK\_DB\_STORAGE\_MAIN\_MYSQL\_DEFAULTSTRINGSIZE
Type: `uint`
default size for string fields. By default set to: 256
### storage.main.mysql.disable\_datetime\_precision
ENV: TYK\_DB\_STORAGE\_MAIN\_MYSQL\_DISABLEDATETIMEPRECISION
Type: `bool`
disable datetime precision, which not supported before MySQL 5.6
### storage.main.mysql.dont\_support\_rename\_index
ENV: TYK\_DB\_STORAGE\_MAIN\_MYSQL\_DONTSUPPORTRENAMEINDEX
Type: `bool`
drop & create when rename index, rename index not supported before MySQL 5.7, MariaDB
### storage.main.mysql.dont\_support\_rename\_column
ENV: TYK\_DB\_STORAGE\_MAIN\_MYSQL\_DONTSUPPORTRENAMECOLUMN
Type: `bool`
`change` when rename column, rename column not supported before MySQL 8, MariaDB
### storage.main.mysql.skip\_initialize\_with\_version
ENV: TYK\_DB\_STORAGE\_MAIN\_MYSQL\_SKIPINITIALIZEWITHVERSION
Type: `bool`
auto configure based on currently MySQL version
### storage.main.table\_sharding
ENV: TYK\_DB\_STORAGE\_MAIN\_TABLESHARDING
Type: `bool`
Enable table sharding for the database
### storage.analytics
Where all the analytics related data is stored
### storage.analytics.type
ENV: TYK\_DB\_STORAGE\_ANALYTICS\_TYPE
Type: `DBType`
Type is the type of the database.
Possible values are:
* "mongo": Use MongoDB.
* "postgres": Use PostgreSQL.
* "mysql": Use MySQL.
### storage.analytics.connection\_string
ENV: TYK\_DB\_STORAGE\_ANALYTICS\_CONNECTIONSTRING
Type: `string`
ConnectionString is the connection string for the database.
Overrides ReadConnectionString and WriteConnectionString.
### storage.analytics.read\_connection\_string
ENV: TYK\_DB\_STORAGE\_ANALYTICS\_READCONNECTIONSTRING
Type: `string`
ReadConnectionString is the connection string for read operations.
Only used if ConnectionString is not set.
### storage.analytics.write\_connection\_string
ENV: TYK\_DB\_STORAGE\_ANALYTICS\_WRITECONNECTIONSTRING
Type: `string`
WriteConnectionString is the connection string for write operations.
Only used if ConnectionString is not set.
### storage.analytics.mongo
Connection setting for a mongo database
### storage.analytics.mongo.driver
ENV: TYK\_DB\_STORAGE\_ANALYTICS\_MONGO\_DRIVER
Type: `string`
Driver to use when connected to a mongo database. It could be `mongo-go` to use the official [mongo driver for go v1.12](https://www.mongodb.com/docs/drivers/go/v1.12/) or `mgo` to use [mgo driver](https://github.com/go-mgo/mgo). Since v5.3, the default value is `mongo-go`. This config is available since dashboard v5.0.2
### storage.analytics.postgres
Connection settings for a Postgres database
### storage.analytics.postgres.prefer\_simple\_protocol
ENV: TYK\_DB\_STORAGE\_ANALYTICS\_POSTGRES\_PREFERSIMPLEPROTOCOL
Type: `bool`
disables implicit prepared statement usage
### storage.analytics.mysql
Connection settings for a MySQL database
### storage.analytics.mysql.default\_string\_size
ENV: TYK\_DB\_STORAGE\_ANALYTICS\_MYSQL\_DEFAULTSTRINGSIZE
Type: `uint`
default size for string fields. By default set to: 256
### storage.analytics.mysql.disable\_datetime\_precision
ENV: TYK\_DB\_STORAGE\_ANALYTICS\_MYSQL\_DISABLEDATETIMEPRECISION
Type: `bool`
disable datetime precision, which not supported before MySQL 5.6
### storage.analytics.mysql.dont\_support\_rename\_index
ENV: TYK\_DB\_STORAGE\_ANALYTICS\_MYSQL\_DONTSUPPORTRENAMEINDEX
Type: `bool`
drop & create when rename index, rename index not supported before MySQL 5.7, MariaDB
### storage.analytics.mysql.dont\_support\_rename\_column
ENV: TYK\_DB\_STORAGE\_ANALYTICS\_MYSQL\_DONTSUPPORTRENAMECOLUMN
Type: `bool`
`change` when rename column, rename column not supported before MySQL 8, MariaDB
### storage.analytics.mysql.skip\_initialize\_with\_version
ENV: TYK\_DB\_STORAGE\_ANALYTICS\_MYSQL\_SKIPINITIALIZEWITHVERSION
Type: `bool`
auto configure based on currently MySQL version
### storage.analytics.table\_sharding
ENV: TYK\_DB\_STORAGE\_ANALYTICS\_TABLESHARDING
Type: `bool`
Enable table sharding for the database
### storage.logs.type
ENV: TYK\_DB\_STORAGE\_LOGS\_TYPE
Type: `DBType`
Type is the type of the database.
Possible values are:
* "mongo": Use MongoDB.
* "postgres": Use PostgreSQL.
* "mysql": Use MySQL.
### storage.logs.connection\_string
ENV: TYK\_DB\_STORAGE\_LOGS\_CONNECTIONSTRING
Type: `string`
ConnectionString is the connection string for the database.
Overrides ReadConnectionString and WriteConnectionString.
### storage.logs.read\_connection\_string
ENV: TYK\_DB\_STORAGE\_LOGS\_READCONNECTIONSTRING
Type: `string`
ReadConnectionString is the connection string for read operations.
Only used if ConnectionString is not set.
### storage.logs.write\_connection\_string
ENV: TYK\_DB\_STORAGE\_LOGS\_WRITECONNECTIONSTRING
Type: `string`
WriteConnectionString is the connection string for write operations.
Only used if ConnectionString is not set.
### storage.logs.mongo
Connection setting for a mongo database
### storage.logs.mongo.driver
ENV: TYK\_DB\_STORAGE\_LOGS\_MONGO\_DRIVER
Type: `string`
Driver to use when connected to a mongo database. It could be `mongo-go` to use the official [mongo driver for go v1.12](https://www.mongodb.com/docs/drivers/go/v1.12/) or `mgo` to use [mgo driver](https://github.com/go-mgo/mgo). Since v5.3, the default value is `mongo-go`. This config is available since dashboard v5.0.2
### storage.logs.postgres
Connection settings for a Postgres database
### storage.logs.postgres.prefer\_simple\_protocol
ENV: TYK\_DB\_STORAGE\_LOGS\_POSTGRES\_PREFERSIMPLEPROTOCOL
Type: `bool`
disables implicit prepared statement usage
### storage.logs.mysql
Connection settings for a MySQL database
### storage.logs.mysql.default\_string\_size
ENV: TYK\_DB\_STORAGE\_LOGS\_MYSQL\_DEFAULTSTRINGSIZE
Type: `uint`
default size for string fields. By default set to: 256
### storage.logs.mysql.disable\_datetime\_precision
ENV: TYK\_DB\_STORAGE\_LOGS\_MYSQL\_DISABLEDATETIMEPRECISION
Type: `bool`
disable datetime precision, which not supported before MySQL 5.6
### storage.logs.mysql.dont\_support\_rename\_index
ENV: TYK\_DB\_STORAGE\_LOGS\_MYSQL\_DONTSUPPORTRENAMEINDEX
Type: `bool`
drop & create when rename index, rename index not supported before MySQL 5.7, MariaDB
### storage.logs.mysql.dont\_support\_rename\_column
ENV: TYK\_DB\_STORAGE\_LOGS\_MYSQL\_DONTSUPPORTRENAMECOLUMN
Type: `bool`
`change` when rename column, rename column not supported before MySQL 8, MariaDB
### storage.logs.mysql.skip\_initialize\_with\_version
ENV: TYK\_DB\_STORAGE\_LOGS\_MYSQL\_SKIPINITIALIZEWITHVERSION
Type: `bool`
auto configure based on currently MySQL version
### storage.logs.table\_sharding
ENV: TYK\_DB\_STORAGE\_LOGS\_TABLESHARDING
Type: `bool`
Enable table sharding for the database
### storage.uptime
Where all the uptime related data is stored
### storage.uptime.type
ENV: TYK\_DB\_STORAGE\_UPTIME\_TYPE
Type: `DBType`
Type is the type of the database.
Possible values are:
* "mongo": Use MongoDB.
* "postgres": Use PostgreSQL.
* "mysql": Use MySQL.
### storage.uptime.connection\_string
ENV: TYK\_DB\_STORAGE\_UPTIME\_CONNECTIONSTRING
Type: `string`
ConnectionString is the connection string for the database.
Overrides ReadConnectionString and WriteConnectionString.
### storage.uptime.read\_connection\_string
ENV: TYK\_DB\_STORAGE\_UPTIME\_READCONNECTIONSTRING
Type: `string`
ReadConnectionString is the connection string for read operations.
Only used if ConnectionString is not set.
### storage.uptime.write\_connection\_string
ENV: TYK\_DB\_STORAGE\_UPTIME\_WRITECONNECTIONSTRING
Type: `string`
WriteConnectionString is the connection string for write operations.
Only used if ConnectionString is not set.
### storage.uptime.mongo
Connection setting for a mongo database
### storage.uptime.mongo.driver
ENV: TYK\_DB\_STORAGE\_UPTIME\_MONGO\_DRIVER
Type: `string`
Driver to use when connected to a mongo database. It could be `mongo-go` to use the official [mongo driver for go v1.12](https://www.mongodb.com/docs/drivers/go/v1.12/) or `mgo` to use [mgo driver](https://github.com/go-mgo/mgo). Since v5.3, the default value is `mongo-go`. This config is available since dashboard v5.0.2
### storage.uptime.postgres
Connection settings for a Postgres database
### storage.uptime.postgres.prefer\_simple\_protocol
ENV: TYK\_DB\_STORAGE\_UPTIME\_POSTGRES\_PREFERSIMPLEPROTOCOL
Type: `bool`
disables implicit prepared statement usage
### storage.uptime.mysql
Connection settings for a MySQL database
### storage.uptime.mysql.default\_string\_size
ENV: TYK\_DB\_STORAGE\_UPTIME\_MYSQL\_DEFAULTSTRINGSIZE
Type: `uint`
default size for string fields. By default set to: 256
### storage.uptime.mysql.disable\_datetime\_precision
ENV: TYK\_DB\_STORAGE\_UPTIME\_MYSQL\_DISABLEDATETIMEPRECISION
Type: `bool`
disable datetime precision, which not supported before MySQL 5.6
### storage.uptime.mysql.dont\_support\_rename\_index
ENV: TYK\_DB\_STORAGE\_UPTIME\_MYSQL\_DONTSUPPORTRENAMEINDEX
Type: `bool`
drop & create when rename index, rename index not supported before MySQL 5.7, MariaDB
### storage.uptime.mysql.dont\_support\_rename\_column
ENV: TYK\_DB\_STORAGE\_UPTIME\_MYSQL\_DONTSUPPORTRENAMECOLUMN
Type: `bool`
`change` when rename column, rename column not supported before MySQL 8, MariaDB
### storage.uptime.mysql.skip\_initialize\_with\_version
ENV: TYK\_DB\_STORAGE\_UPTIME\_MYSQL\_SKIPINITIALIZEWITHVERSION
Type: `bool`
auto configure based on currently MySQL version
### storage.uptime.table\_sharding
ENV: TYK\_DB\_STORAGE\_UPTIME\_TABLESHARDING
Type: `bool`
Enable table sharding for the database
### admin\_secret
ENV: TYK\_DB\_ADMINSECRET
Type: `string`
This secret is to be used by a special set of endpoints that we call “Admin APIs”. This API is part of the super-admin context and therefore has a separate endpoint prefix `/admin`. It also requires a special auth header called admin-auth. This purpose of these endpoints is to allow functionality that regular Dashboard users should not have, such as create new organizations, create super users etc. See the [Admin API](https://tyk.io/docs/dashboard-admin-api/) for more information on these endpoints.
### shared\_node\_secret
ENV: TYK\_DB\_NODESECRET
Type: `string`
This value should match with the node\_secret Gateway configuration option value.
Each node communicates with the Dashboard via a shared secret (this setting) and a nonce to ensure that out-of-band requests cannot be made. Nodes will send a heartbeat every few seconds to notify the Dashboard that they are running.
### redis\_port
ENV: TYK\_DB\_REDISPORT
Type: `int`
The port that your Redis installation listens on.
The Tyk Dashboard uses Redis to store its session data and to communicate with your Tyk Gateway nodes occasionally. The Redis details used by the dashboard must be the same as those set for your Tyk installation.
### redis\_host
ENV: TYK\_DB\_REDISHOST
Type: `string`
The hostname for the Redis collection and can be an IP address.
### redis\_addrs
ENV: TYK\_DB\_REDISADDRS
Type: `[]string`
Used for configuring Redis clusters. See [Redis Cluster and Tyk Dashboard](https://tyk.io/docs/tyk-open-source/#redis-cluster-and-tyk-dashboard) for more info. Example:
```
"addrs": [
"server1:6379",
"server2:6380",
"server3:6381"
],
```
### redis\_hosts
ENV: TYK\_DB\_HOSTS
Type: `map[string]string`
**DEPRECATED**. Use `redis_addrs` instead. You can also specify multiple Redis hosts here. Tyk will use this array if it is not empty, or it will use the individual legacy parameters above. You can specify multiple host:port combinations here.
### redis\_username
ENV: TYK\_DB\_REDISUSERNAME
Type: `string`
If you are using Redis AUTH using its `requirepass` setting, enter your username here (recommended). If this is not used, the Dashboard will not attempt to login to Redis.
### redis\_password
ENV: TYK\_DB\_REDISPASSWORD
Type: `string`
The password for your Redis Auth username.
### redis\_master\_name
ENV: TYK\_DB\_REDISMASTERNAME
Type: `string`
Redis Sentinel Master name
### redis\_sentinel\_password
ENV: TYK\_DB\_REDISSENTINELPASSWORD
Type: `string`
Redis Sentinel password
### redis\_timeout
ENV: TYK\_DB\_REDISTIMEOUT
Type: `int`
Set a custom Redis network timeout. Default value is 5 seconds.
### redis\_database
ENV: TYK\_DB\_REDISDATABASE
Type: `int`
Set this to the index of your Redis database if you are using more than one.
### enable\_cluster
ENV: TYK\_DB\_ENABLECLUSTER
Type: `bool`
Set this to true if you are using a Redis cluster.
### redis\_use\_ssl
ENV: TYK\_DB\_REDISUSESSL
Type: `bool`
Use Redis SSL connection
### redis\_ssl\_insecure\_skip\_verify
ENV: TYK\_DB\_REDISSSLINSECURESKIPVERIFY
Type: `bool`
Ignore TLS verification for Redis connections.
### redis\_ca\_file
ENV: TYK\_DB\_REDISCAFILE
Type: `string`
Redis SSL CA File
The SSL CA file is imported into an X509 certificate pool. It
contains the set of root certificate authorities. When establishing
a connection to redis, Tyk will use this to verify server certificates.
If empty, Tyk will use the host's root CA set.
### redis\_cert\_file
ENV: TYK\_DB\_REDISCERTFILE
Type: `string`
Redis SSL Cert file.
The cert file and the key file combine to form an X509 certificate.
The certificate is presented when establishing a connection to redis.
For more information, see [crypto/tls#X509KeyPair](https://pkg.go.dev/crypto/tls#X509KeyPair).
### redis\_key\_file
ENV: TYK\_DB\_REDISKEYFILE
Type: `string`
Redis SSL Key file.
The cert file and the key file combine to form an X509 certificate.
The certificate is presented when establishing a connection to redis.
For more information, see [crypto/tls#X509KeyPair](https://pkg.go.dev/crypto/tls#X509KeyPair).
### redis\_tls\_max\_version
ENV: TYK\_DB\_REDISTLSMAXVERSION
Type: `string`
Maximum TLS version that is supported.
Options: \["1.0", "1.1", "1.2", "1.3"].
Defaults to "1.3".
### redis\_tls\_min\_version
ENV: TYK\_DB\_REDISTLSMINVERSION
Type: `string`
Minimum TLS version that is supported.
Options: \["1.0", "1.1", "1.2", "1.3"].
Defaults to "1.2".
### redis\_max\_active
ENV: TYK\_DB\_REDISMAXACTIVE
Type: `int`
Set the number of maximum connections in the Redis connection pool, which defaults to 500. Set to a higher value if you are expecting more traffic.
### notify\_on\_change
ENV: TYK\_DB\_NOTIFYONCHANGE
Type: `bool`
Licensed users can use this setting to enable/disable whether the Tyk Dashboard will notify all Tyk Gateway nodes to hot-reload when an API definition is changed.
### license\_key
ENV: TYK\_DB\_LICENSEKEY
Type: `string`
Your Tyk Dashboard license key
### hash\_keys
ENV: TYK\_DB\_HASHKEYS
Type: `bool`
If your Tyk Gateway is using hashed keys, set this value to true so it matches. The Dashboard will now operate in a mode that is compatible with key hashing.
### disable\_key\_actions\_by\_username
ENV: TYK\_DB\_DISABLEKEYACTIONSBYUSERNAME
Type: `bool`
DisableKeyActionsByUsername disables basic auth key operation by username.
When this is set to `true` you are able to search for keys only by keyID or key hash (if `hash_keys` is also set to `true`)
Note that if `hash_keys` is also set to `true` then the keyID will not be provided for APIs secured using basic auth. In this scenario the only search option would be to use key hash
You must configure this setting with the same value in both Gateway and Dashboard
### enable\_delete\_key\_by\_hash
ENV: TYK\_DB\_ENABLEDELETEKEYBYHASH
Type: `bool`
To delete a key by its hash, set this option to true
### enable\_update\_key\_by\_hash
ENV: TYK\_DB\_ENABLEUPDATEKEYBYHASH
Type: `bool`
To update a key by its hash, set this option to true.
### enable\_hashed\_keys\_listing
ENV: TYK\_DB\_ENABLEHASHEDKEYSLISTING
Type: `bool`
To retrieve a list of all key hash listings, set this option to true.
### email\_backend
Tyk supports an interface-based email back-end system. We support `mandrill`, `sendgrid`, `amazonses` and `mailgun`. See [Outbound Email Configuration](https://tyk.io/docs/configure/outbound-email-configuration/) for more details on configuring these different providers.
### email\_backend.enable\_email\_notifications
ENV: TYK\_DB\_EMAILBACKEND\_ENABLEEMAILNOTIFICATIONS
Type: `bool`
Set to `true` to have Tyk send emails for things such as key approvals and portal sign ups.
### email\_backend.code
ENV: TYK\_DB\_EMAILBACKEND\_CODE
Type: `string`
The code of the back-end to use, `mandrill`, `sendgrid`, `amazonses` and `mailgun` are supported.
### email\_backend.settings
ENV: TYK\_DB\_EMAILBACKEND\_SETTINGS
Type: `map[string]string`
The custom settings sections for the back end system.
### email\_backend.default\_from\_email
ENV: TYK\_DB\_EMAILBACKEND\_DEFAULTFROMEMAIL
Type: `string`
The address to send email from.
### email\_backend.default\_from\_name
ENV: TYK\_DB\_EMAILBACKEND\_DEFAULTFROMNAME
Type: `string`
The name to use when sending emails.
### email\_backend.dashboard\_hostname
ENV: TYK\_DB\_EMAILBACKEND\_DASHBOARDHOSTNAME
Type: `string`
Your public dashboard hostname.
### hide\_listen\_path
ENV: TYK\_DB\_HIDELISTENPATH
Type: `bool`
If you set this option to `true`, then the listen path will not be editable or visible in the Dashboard.
### use\_sentry
ENV: TYK\_DB\_USESENTRY
Type: `bool`
The Tyk Dashboard has Sentry integration to externalise logging. Set this to true to enable the logger.
### sentry\_code
ENV: TYK\_DB\_SENTRYCODE
Type: `string`
If you have a Sentry setup, or are using Getsentry, you can add the Sentry DSN here and Tyk will begin sending events.
### sentry\_js\_code
ENV: TYK\_DB\_SENTRYJSCODE
Type: `string`
To have the Dashboard report Javascript errors to you, add a separate DSN here.
### enable\_master\_keys
ENV: TYK\_DB\_ENABLEMASTERKEYS
Type: `bool`
If this is set to true, session objects (key definitions) that do not have explicit access rights set will be allowed by Tyk. This means that keys that are created have access to ALL APIs, which in many cases is unwanted behavior unless you are sure about what you are doing. To use this setting also requires the corresponding Gateway configuration setting `allow_master_keys` to be set to `true`.
### enable\_duplicate\_slugs
ENV: TYK\_DB\_ENABLEDUPLICATESLUGS
Type: `bool`
Setting this option to `true` will cause the dashboard to not validate against other listen paths.
### show\_org\_id
ENV: TYK\_DB\_SHOWORGID
Type: `bool`
Determines whether the Org ID will be shown in the Users -> Username detail page. This can be useful for quickly identifying your Org ID.
### host\_config
Section to manage dashboard host names and domains
### host\_config.enable\_host\_names
ENV: TYK\_DB\_HOSTCONFIG\_ENABLEHOSTNAMES
Type: `bool`
The Tyk Dashboard can bind the Dashboard application to a specific domain name. Enable this option to have the Dashboard only allow access on a specific domain and 404 on any other host access (not recommended).
### host\_config.disable\_org\_slug\_prefix
ENV: TYK\_DB\_HOSTCONFIG\_DISABLEORGSLUGPREFIX
Type: `bool`
By default, for developer portal, Tyk will add orgID prefix. Set to `true` if you have single tenant application or each portal on separate domain.
### host\_config.hostname
ENV: TYK\_DB\_HOSTCONFIG\_HOSTNAME
Type: `string`
The hostname to bind the Dashboard to. This must be a proper hostname and not localhost.
### host\_config.override\_hostname
ENV: TYK\_DB\_HOSTCONFIG\_GATEWAYHOSTNAME
Type: `string`
Set this value to whatever hostname your **Tyk Gateway** is running on.
### host\_config.portal\_domains
ENV: TYK\_DB\_HOSTCONFIG\_PORTALDOMAINS
Type: `map[string]string`
It is possible to hard-code portal domains (these override settings set by the Dashboard for routing purposes).
Example:
```
"portal_domains": {
. "portal.com": ""
}
```
### host\_config.portal\_root\_path
ENV: TYK\_DB\_HOSTCONFIG\_PORTALROOTPATH
Type: `string`
The root path for the portal.
### host\_config.generate\_secure\_paths
ENV: TYK\_DB\_HOSTCONFIG\_GENERATEHTTPS
Type: `bool`
If you prefer to have your URLs start with https, set this option to true.
### host\_config.secure\_cookies
ENV: TYK\_DB\_HOSTCONFIG\_SECURECOOKIES
Type: `bool`
This enables HTTPS “secure” cookies.
### http\_server\_options
This section is reserved for settings relating to the HTTP server that powers the Dashboard.
### http\_server\_options.use\_ssl
ENV: TYK\_DB\_HTTPSERVEROPTIONS\_USESSL
Type: `bool`
Enable to use SSL.
### http\_server\_options.certificates
ENV: TYK\_DB\_HTTPSERVEROPTIONS\_CERTIFICATES
Type: `CertsData`
Add a certificate block for each domain being covered by the application.
For example:
```
{
"domain_name": "*.banana.com",
"cert_file": "new.cert.cert",
"key_file": "new.cert.key"
}
```
### http\_server\_options.ssl\_certificates
ENV: TYK\_DB\_HTTPSERVEROPTIONS\_SSLCERTIFICATES
Type: `[]string`
SSL certificates used by your Gateway server. A list of certificate path to files.
### http\_server\_options.min\_version
ENV: TYK\_DB\_HTTPSERVEROPTIONS\_MINVERSION
Type: `uint16`
Minimum TLS version is inherited from Go library, but can be overridden here.
For details see: [https://tyk.io/docs/api-management/implement-tls#controlling-tls-version-&-cipher-suites](https://tyk.io/docs/api-management/implement-tls#controlling-tls-version-&-cipher-suites)
### http\_server\_options.ssl\_ciphers
ENV: TYK\_DB\_HTTPSERVEROPTIONS\_CIPHERSUITES
Type: `[]string`
Array of allowed cipher suites as defined at [https://golang.org/pkg/crypto/tls/#pkg-constants](https://golang.org/pkg/crypto/tls/#pkg-constants)
### http\_server\_options.ssl\_insecure\_skip\_verify
ENV: TYK\_DB\_HTTPSERVEROPTIONS\_SSLINSECURESKIPVERIFY
Type: `bool`
Disable TLS verifiation
### http\_server\_options.prefer\_server\_ciphers
ENV: TYK\_DB\_HTTPSERVEROPTIONS\_PREFERSERVERCIPHERSUITES
Type: `bool`
PreferServerCipherSuites is a legacy field and has no effect.
More info: [https://github.com/golang/go/issues/45430](https://github.com/golang/go/issues/45430).
Deprecated: PreferServerCipherSuites is ignored.
### security
This section controls login limits for both the Dashboard and the Developer Portal. The path for you audit log is also set here.
### security.allow\_admin\_reset\_password
ENV: TYK\_DB\_SECURITY\_ALLOWADMINRESETPASSWORD
Type: `bool`
This allows an admin user to reset the password of other users. The default is false.
### security.login\_failure\_username\_limit
ENV: TYK\_DB\_SECURITY\_LOGINFAILUREUSERNAMELIMIT
Type: `int`
Controls how many time a user can attempt to log in before being denied access. The default is 0.
### security.login\_failure\_ip\_limit
ENV: TYK\_DB\_SECURITY\_LOGINFAILUREIPLIMIT
Type: `int`
Controls how many times an IP Address can be used to attempt to log in before being denied access. The default is 0.
### security.login\_failure\_expiration
ENV: TYK\_DB\_SECURITY\_LOGINFAILUREEXPIRATION
Type: `int`
Controls how long before the failure limits are reset in seconds. The default is 900 seconds.
### security.hide\_login\_failure\_limit\_error
ENV: TYK\_DB\_SECURITY\_HIDELOGINFAILURELIMITERROR
Type: `bool`
By default it will show message like "Retry in N seconds.". In some secure environments it can be treated as leaking of secure context. This option makes failed login attempt to be shown as standard login failure.
### security.login\_disallow\_forward\_proxy
ENV: TYK\_DB\_SECURITY\_LOGINDISALLOWFORWARDPROXY
Type: `bool`
Set to `true` to allow the Tyk Dashboard login to ignore the host from the `X-Forwarded-For` header when accessing the Dashboard via a proxy. This can be useful for limiting retry attempts.
### security.audit\_log\_path
ENV: TYK\_DB\_SECURITY\_AUDITLOGPATH
Type: `string`
This sets the path to your audit log and enables audit with default settings. It will log all user actions and response statuses to it. Security information such as passwords are not logged.
### security.user\_password\_max\_days
ENV: TYK\_DB\_SECURITY\_USERPASSWORDMAXDAYS
Type: `int`
Set the maximum lifetime of a password for a user. They will be prompted to reset if password lifetime exceeds the configured expiry value. e.g. if value set to 30 any user password set over 30 days in past will be considered invalid and must be reset.
### security.enforce\_password\_history
ENV: TYK\_DB\_SECURITY\_ENFORCEPASSWORDHISTORY
Type: `int`
Set a maximum number of previous passwords used by a user that cannot be reused. For example, If set to 5 the user upon setting their password cannot reuse any of their 5 most recently used password for that Tyk user account.
### security.force\_first\_login\_pw\_reset
ENV: TYK\_DB\_SECURITY\_FORCEFIRSTLOGINPWRESET
Type: `bool`
A newly created user will be forced to reset their password upon first login. Defaults to false.
### security.enable\_content\_security\_policy
ENV: TYK\_DB\_SECURITY\_ENABLECONTENTSECURITYPOLICY
Type: `bool`
Enable browser Content-Security-Policy, e.g. CSP. The default is false.
### security.allowed\_content\_sources
ENV: TYK\_DB\_SECURITY\_ALLOWEDCONTENTSOURCES
Type: `string`
If CSP enabled, specify space separated string, with list of allowed resources.
### security.open\_policy
OpenPolicy configuration
### security.open\_policy.enabled
ENV: TYK\_DB\_SECURITY\_OPENPOLICY\_ENABLED
Type: `bool`
Enable OpenPolicy
### security.open\_policy.debug
ENV: TYK\_DB\_SECURITY\_OPENPOLICY\_DEBUG
Type: `bool`
Enable OpenPolicy debug mode
### security.open\_policy.enable\_api
ENV: TYK\_DB\_SECURITY\_OPENPOLICY\_ENABLEAPI
Type: `bool`
Enable modify OpenPolicy rules via UI and API
### security.additional\_permissions
ENV: TYK\_DB\_SECURITY\_ADDITIONALPERMISSIONS
Type: `map[ObjectGroup]string`
Through this options, you can provide a list of additional permissions, that can be applied for existing or newly created users or user groups. Example:
```
{
"api_developer": "API Developer",
"custom_permission": "Custom Permission"
}
```
### security.private\_certificate\_encoding\_secret
ENV: TYK\_DB\_SECURITY\_PRIVATECERTIFICATEENCODINGSECRET
Type: `string`
When using SAML with embedded identity broker, is required to upload a certificate that is encoded by the gateway to store it safely, TIB needs the private key as well, hence it needs the same encoding secret so the information is decoded successfully. This value should match with the encoding secret set in the gateway config file, if not set then it will use by default tyk\_api\_config.secret to attempt to decode the certificate.
### security.forbid\_admin\_view\_access\_token
ENV: TYK\_DB\_SECURITY\_FORBIDADMINVIEWACCESSTOKEN
Type: `bool`
ForbidAdminViewAccessToken is a security feature that allows you to prevent user admins from viewing the Dashboard API access tokens of other users. The default is `false`, however we recommend setting this to `true` for enhanced security.
### security.forbid\_admin\_reset\_access\_token
ENV: TYK\_DB\_SECURITY\_FORBIDADMINRESETACCESSTOKEN
Type: `bool`
ForbidAdminResetAccessToken is a security feature that allows you to prevent user admins from resetting the Dashboard API access tokens of other users. The default is `false`, however we recommend setting this to `true` for enhanced security.
### ui
This section controls various settings for the look and feel of the Dashboard UI.
### ui.languages
ENV: TYK\_DB\_UI\_LANGUAGES
Type: `map[string]string`
This section lists the current languages the Dashboard UI supports
### ui.trial
Trial section defines the information about the cloud trial period.
### ui.trial.end\_date
ENV: TYK\_DB\_UI\_TRIAL\_ENDDATE
Type: `int64`
EndDate contains the timestamp of end date of the trial in unix UTC timestamp.
### ui.trial.hubspot\_form
HubspotForm contains the hubspot form details.
### ui.trial.hubspot\_form.region
ENV: TYK\_DB\_UI\_TRIAL\_HUBSPOTFORM\_REGION
Type: `string`
The region of the account where the form was created.
### ui.trial.hubspot\_form.portal\_id
ENV: TYK\_DB\_UI\_TRIAL\_HUBSPOTFORM\_PORTALID
Type: `string`
The ID of the HubSpot account that the form was created in.
### ui.trial.hubspot\_form.form\_id
ENV: TYK\_DB\_UI\_TRIAL\_HUBSPOTFORM\_FORMID
Type: `string`
The form's ID, which is used to retrieve the form definition.
### ui.hide\_help
ENV: TYK\_DB\_UI\_HIDEHELP
Type: `bool`
Set to true to hide the help tips.
### ui.default\_lang
ENV: TYK\_DB\_UI\_DEFAULTLANG
Type: `string`
This settings sets the default language for the UI. Default setting is `en`. Can be set to any of the other languages listed under `ui.languages`.
### ui.dont\_allow\_license\_management
ENV: TYK\_DB\_UI\_DONTALLOWLICENSEMANAGEMENT
Type: `bool`
Do not allow license management screen
### ui.onboarding
Onboarding section controls the onboarding quick start wizard.
### ui.onboarding.enabled
ENV: TYK\_DB\_UI\_ONBOARDING\_ENABLED
Type: `bool`
Enabled is a boolean flag that enables the onboarding quick start wizard.
### ui.notifications
Notifications configures the behavior of toast notifications displayed in the UI.
### ui.notifications.duration
Duration controls how long each class of toast notification is displayed.
### ui.notifications.duration.success
ENV: TYK\_DB\_UI\_NOTIFICATIONS\_DURATION\_SUCCESS
Type: `int`
Duration in milliseconds for success notifications.
### ui.notifications.duration.warning
ENV: TYK\_DB\_UI\_NOTIFICATIONS\_DURATION\_WARNING
Type: `int`
Duration in milliseconds for warning notifications.
### ui.notifications.duration.error
ENV: TYK\_DB\_UI\_NOTIFICATIONS\_DURATION\_ERROR
Type: `int`
Duration in milliseconds for error notifications.
### home\_dir
ENV: TYK\_DB\_HOMEDIR
Type: `string`
The path to the home directory of Tyk Dashboard, this must be set in order for Portal templates and other files to be loadable. By default this is `/opt/tyk-dashboard/`.
### identity\_broker
Tyk Dashboard has some preset Tyk Identity Broker configurations set up, for this integration to work, the Dashboard must be able to see an Identity Broker instance. The settings in this section are to enable this integration.
### identity\_broker.enabled
ENV: TYK\_DB\_TIB\_ENABLED
Type: `bool`
A boolean setting to enable the TIB integration (otherwise it will not appear in the UI).
### identity\_broker.host
When using external TIB, this is the URL where it's reachable
### identity\_broker.host.connection\_string
ENV: TYK\_DB\_TIB\_HOST\_CONNECTIONSTRING
Type: `string`
The URL to the host. It must be in the form: `http://domain:port`.
Set this value only if you need to use external Tyk Identity Broker
### identity\_broker.host.secret
ENV: TYK\_DB\_TIB\_HOST\_SECRET
Type: `string`
The shared secret between TIB and the Dashboard. This ensures all API requests between Dashboard and TIB are valid.
### identity\_broker.ssl\_insecure\_skip\_verify
ENV: TYK\_DB\_TIB\_SSLINSECURESKIPVERIFY
Type: `bool`
Skip the TLS verification in the transport layer of the HTTP client. Is intended to have it enable for POC and testing purposes, do not use in production. Defaults to false.
### use\_sharded\_analytics
ENV: TYK\_DB\_USESHARDEDANLAYTICS
Type: `bool`
If using the `mongo-pump-selective` pump, where data is written to org-id-specific collections in MongoDB, then enabling this option will switch querying for analytics over to the independent collection entries.
### enable\_aggregate\_lookups
ENV: TYK\_DB\_ENABLEAGGREGATELOOKUPS
Type: `bool`
If using the new Aggregate Pump, Tyk Analytics can make use of the newer, faster Analytics lookup, to ensure that this can be made backwards compatible. This option must be set to `true`, in conjunction with the `aggregate_lookup_cutoff` value.
### aggregate\_lookup\_cutoff
ENV: TYK\_DB\_AGGREGATELOOKUPCUTOFF
Type: `string`
Set this to a date value of the form `DD/MM/YYYY`. Any analytics queries before this date will fall back to the raw base log data collection (slower). This is to ensure continuity of service and a smooth upgrade process with no loss of data.
### maintenance\_mode
ENV: TYK\_DB\_MAINTENANCEMODE
Type: `bool`
Set to true to enable special maintenance screen for portal and dashboard
### allow\_explicit\_policy\_id
ENV: TYK\_DB\_ALLOWEXPLICITPOLICYID
Type: `bool`
Set this value to `true` if you're planning to use Tyk Sync or Tyk Operator
**DEPRECATED**
### disable\_parallel\_sessions
ENV: TYK\_DB\_DISABLEPARALLELSESSIONS
Type: `bool`
If set to true, it restricts an account to a single session. When an account logs in, any other open sessions for that account are logged out.
### dashboard\_session\_lifetime
ENV: TYK\_DB\_DASHBOARDSESSIONLIFETIME
Type: `int64`
Dashboard session lifetime
### portal\_session\_lifetime
ENV: TYK\_DB\_PORTALSESSIONLIFETIME
Type: `int`
Portal session lifetime
### alternative\_dashboard\_url
ENV: TYK\_DB\_ALTERNATIVEDASHBOARDURL
Type: `string`
Redirect all dashboard users to another URL
### sso\_permission\_defaults
ENV: TYK\_DB\_SSOPERMISSIONDEFAULTS
Type: `map[ObjectGroup]string`
Specify permissions of the user who logged in using Admin SSO API (for example Tyk Identity Broker). See [Dashboard Admin SSO API](https://tyk.io/docs/api-management/dashboard-configuration#single-sign-on-api-1) for more details.
### sso\_default\_group\_id
ENV: TYK\_DB\_SSODEFAULTUSERGROUP
Type: `string`
Default User Group which will be assigned to SSO users.
### sso\_custom\_login\_url
ENV: TYK\_DB\_SSOCUSTOMLOGINURL
Type: `string`
Specify a custom dashboard login URL if you are using 3rd party authentication like TIB.
### sso\_custom\_portal\_login\_url
ENV: TYK\_DB\_SSOCUSTOMPORTALLOGINURL
Type: `string`
Specify custom portal login URL if you are using 3rd party authentication like TIB.
### sso\_enable\_user\_lookup
ENV: TYK\_DB\_SSOENABLEUSERLOOKUP
Type: `bool`
When enabled, if dashboard already have user with given email found, it will be used for the login process
### sso\_custom\_login\_error\_url
ENV: TYK\_DB\_SSOCUSTOMLOGINERRORURL
Type: `string`
SSOCustomLoginErrorURL is an URL to redirect the user in case that SSO fails. If empty the user will be redirected to the error page of dashboard
### audit
Enable dashboard audit. Example:
```
"audit": {
"enabled": true,
"format": "json",
"path": "/tmp/audit.log",
"detailed_recording": false
},
```
Audit records the following fields for json format:
* req\_id - unique request ID
* org\_id - organization ID
* date - date in RFC1123 format
* timestamp - unix timestamp
* ip - IP address the request originated from
* user - Dashboard user who performed the request
* action - description of the action performed (i.e. Update User\`)
* method - HTTP-method of the request
* url - URL of the request
* status - HTTP response status of the request
* diff - provides a diff of changed fields (available only for PUT requests)
* request\_dump - HTTP request copy (available if detailed\_recording is set to true)
* response\_dump - HTTP response copy (available if detailed\_recording is set to true)
### audit.enabled
ENV: TYK\_DB\_AUDIT\_ENABLED
Type: `bool`
Enables audit logging, set to false by default.
### audit.format
ENV: TYK\_DB\_AUDIT\_FORMAT
Type: `string`
Format of audit log file. Possible values are `json` and `text` (text is default value)
### audit.path
ENV: TYK\_DB\_AUDIT\_PATH
Type: `string`
Path to the audit log
### audit.detailed\_recording
ENV: TYK\_DB\_AUDIT\_DETAILEDRECORDING
Type: `bool`
Enables detailed records in the audit log. Set to false by default. If set to `true` then audit log records will contain the http-request (without body) and full http-response including the body\`
### audit.store\_type
ENV: TYK\_DB\_AUDIT\_STORETYPE
Type: `string`
StoreType defines the method used to store audit logs.
Possible values are:
* "db": Store logs in a database.
* "file": Store logs in a file.
* "no\_op": Disable logging (no operation).
This field allows you to configure how audit logs are persisted.
The default value is "file".
### enable\_multi\_org\_users
ENV: TYK\_DB\_ENABLEMULTIORGUSERS
Type: `bool`
Enable support for users with the same email for multiple organizations
### health\_check\_endpoint\_name
ENV: TYK\_DB\_HEALTHCHECKENDPOINTNAME
Type: `string`
Health check endpoint name. Default: /health
### edge\_endpoints
ENV: TYK\_DB\_EDGEENDPOINTS
Type: `EdgeEndpoints`
List of Edge Gateways, that will be displayed in the Dashboard UI, so that you can select to which specific Gateway(s) you want to load an API into. Example:
```
"edge_endpoints": [
{
"name": "Private Gateway",
"endpoint": "https://payable-matter-gw.aws-euw2.cloud-ara.tyk.io",
"tags": ["edge", "private-gw"]
},
{
"name": "Public Gateway",
"endpoint": "video-taped-gokart-gw.aws-usw2.cloud-ara.tyk.io",
"tags": ["edge", "public-gw"]
}
]
```
For every `Edge Gateway` there needs to be defined, its name, the ingress URL and a list of tags that APIs will use for triggering Gateways to load its configuration.
Note: For the Hybrid setup, users must fill in the Gateway URLs manually in the Tyk OAS API Definition servers section.
### portal\_session\_secret
ENV: TYK\_DB\_PORTALSESSIONSECRET
Type: `string`
Portal session secret
### dcr\_ssl\_insecure\_skip\_verify
ENV: TYK\_DB\_DCRSSLINSECURESKIPVERIFY
Type: `bool`
Ignore TLS verification for DCR calls
### private\_key\_path
ENV: TYK\_DB\_PRIVATEKEYPATH
Type: `string`
Private key path used to sign notifications coming to the gateways
### oauth\_redirect\_uri\_separator
ENV: TYK\_DB\_OAUTHREDIRECTURISEPARATOR
Type: `string`
oAuth redirect URI separator
### statsd\_connection\_string
ENV: TYK\_DB\_STATSDCONNECTIONSTRING
Type: `string`
Enable StatsD monitoring when set to non empty. StatsD connection string.
### statsd\_prefix
ENV: TYK\_DB\_STATSDPREFIX
Type: `string`
StatsD prefix
### allow\_unsafe\_oas
ENV: TYK\_DB\_ALLOWUNSAFEOAS
Type: `bool`
Allow the modification of Tyk OAS APIs via the Tyk Classic API endpoints. Note that this is not recommended but is provided for early adopters and will be deprecated later
### oas\_config
OAS holds the configuration for various OpenAPI-specific functionalities
### oas\_config.validate\_examples
ENV: TYK\_DB\_OAS\_VALIDATEEXAMPLES
Type: `bool`
ValidateExamples enables validation of values provided in `example` and `examples` fields against the declared schemas in the OpenAPI Document. Defaults to false.
### oas\_config.validate\_schema\_defaults
ENV: TYK\_DB\_OAS\_VALIDATESCHEMADEFAULTS
Type: `bool`
ValidateSchemaDefaults enables validation of values provided in `default` fields against the declared schemas in the OpenAPI Document. Defaults to false.
### streaming
Streaming holds the configuration for Tyk Streaming functionalities
### streaming.enabled
ENV: TYK\_DB\_STREAMING\_ENABLED
Type: `bool`
This flag enables the Tyk Streaming feature.
### streaming.enable\_all\_experimental
ENV: TYK\_DB\_STREAMING\_ENABLEALLEXPERIMENTAL
Type: `bool`
EnableAllExperimental indicates whether all experimental features for streaming are enabled. This is useful for testing purposes.
Warning:
This flag should not be enabled in production environments.
### notifications.certificate\_expiry\_monitor
The configuration for the Gateway's Certificate Expiry Monitor which generates events when expired or soon to expire TLS certificates are used in client or upstream authentication.
### notifications.certificate\_expiry\_monitor.metadata\_refresh\_interval\_minutes
ENV: TYK\_DB\_NOTIFICATIONS\_CERTIFICATEEXPIRYMONITOR\_METADATAREFRESHINTERVALMINUTES
Type: `int`
Specifies the interval (in minutes) for refreshing certificate metadata.
### notifications.certificate\_expiry\_monitor.warning\_threshold\_days
ENV: TYK\_DB\_NOTIFICATIONS\_CERTIFICATEEXPIRYMONITOR\_WARNINGTHRESHOLDDAYS
Type: `int`
Specifies the number of days before certificate expiry that the Dashboard will start generating warnings when the certificate is used. This should match the equivalent Gateway configuration `TYK_GW_SECURITY_CERTIFICATEEXPIRYMONITOR_WARNINGTHRESHOLDDAYS`.
### disable\_telemetry
ENV: TYK\_DB\_DISABLETELEMETRY
Type: `bool`
Enable or disable sending telemetry data such as analytics, API configurations, etc.
### escape\_dots\_in\_oas\_paths
ENV: TYK\_DB\_ESCAPEDOTSINOASPATHS
Type: `bool`
When enabled, dots in OAS field names will be escaped (to \u002e ) and unescaped when required for compatibility with specific databases.
Defaults to `false`.
### log\_format
ENV: TYK\_DB\_LOGFORMAT
Type: `string`
You can now configure the log format to be either the standard or json format
If not set or left empty, it will default to `standard`.
### allow\_unsafe\_policy\_ids
ENV: TYK\_DB\_ALLOWUNSAFEPOLICYIDS
Type: `bool`
AllowUnsafePolicyIds allows the use of non-standard characters in policy identifiers (default: false). The standard characters are alphanumeric characters plus underscore (\_), hyphen (-), dot (.) and tilde (\~). The use of other characters in IDs can cause unpredictable behavior and is not recommended.