Settings reference This page is the canonical list of Ampora settings, grouped by section. The Env var column shows the __-separated form for use in container environment files.
Database Key Env var Default Purpose Database:ProviderDatabase__ProviderPostgresPostgres or Sqlite. SQLite is dev-only. ConnectionStrings:AmporaConnectionStrings__Ampora— Provider-specific connection string. AMPORA_AUTO_MIGRATE(env-only) 0Apply EF migrations on startup. Set 1 for k8s deployments.
See Database & migrations .
ASP.NET Core / hosting Key Env var Default Purpose ASPNETCORE_ENVIRONMENTenv-only ProductionProduction / Staging / Development ASPNETCORE_HTTP_PORTSenv-only 8080HTTP listen port ASPNETCORE_FORWARDEDHEADERS_ENABLEDenv-only trueHonour X-Forwarded-* from the reverse proxy Logging:LogLevel:DefaultLogging__LogLevel__DefaultInformation Logging:LogLevel:Microsoft.AspNetCoreLogging__LogLevel__Microsoft.AspNetCoreWarning
OIDC authentication Key Env var Default Purpose Authentication:Oidc:AuthorityAuthentication__Oidc__Authority— Issuer URL of your IdP Authentication:Oidc:ClientIdAuthentication__Oidc__ClientId— Application's client ID Authentication:Oidc:ClientSecretAuthentication__Oidc__ClientSecret— Application's client secret Authentication:Oidc:RoleClaimAuthentication__Oidc__RoleClaimampora:roleClaim that carries the Ampora role Authentication:Oidc:TenantClaimAuthentication__Oidc__TenantClaimtenantClaim that carries the tenant discriminator
See OIDC authentication .
OpAMP Key Env var Default Purpose OpAmp:MaxMessageBytesOpAmp__MaxMessageBytes10485760Hard cap per OpAMP frame; agents above are disconnected OpAmp:HeartbeatWindowSecondsOpAmp__HeartbeatWindowSeconds90Time without a frame before "last seen" goes stale OpAmp:AllowedCapabilityFlagsOpAmp__AllowedCapabilityFlags15Bitmask of capabilities Ampora honours (AcceptsRemoteConfig + ReportsEffectiveConfig + ReportsHealth + ReportsRemoteConfig = 15) OpAmp:RequireMtlsOpAmp__RequireMtlstrueReject non-mTLS connections after bootstrap OpAmp:BootstrapPlaintextAllowedOpAmp__BootstrapPlaintextAllowedfalseAllow bootstrap connections over plain WS (dev only)
See Reference → OpAMP capability matrix .
Encryption / key protection Key Env var Default Purpose KeyProtection:MasterKeyKeyProtection__MasterKey— Base64 of a 32-byte CSPRNG key. Wraps every encryption-at-rest field. KeyProtection:PreviousMasterKeyKeyProtection__PreviousMasterKey— Old master key during rotation. Drop after one cycle. CryptoProvider:KindCryptoProvider__KindSoftwareSoftware / AwsKms / AzureKeyVault / GcpKms / Pkcs11 / VaultTransit CryptoProvider:KeyIdCryptoProvider__KeyId— Provider-specific identifier for the signing key
See Security → HSM/KMS integration .
Certificate authority Key Env var Default Purpose CertificateAuthority:CommonNameCertificateAuthority__CommonNameAmpora CASubject CN of the auto-bootstrapped CA CertificateAuthority:CrlDistributionPointCertificateAuthority__CrlDistributionPoint— CRL DP URL embedded in every issued cert CertificateAuthority:OcspResponderUrlCertificateAuthority__OcspResponderUrl— OCSP responder URL embedded in every issued cert CertificateAuthority:DefaultLeafLifetimeDaysCertificateAuthority__DefaultLeafLifetimeDays365Default validity for issued client certs CertificateAuthority:DefaultTrustedWindowDaysCertificateAuthority__DefaultTrustedWindowDays30How long a previous active key stays trusted after rotation
See mTLS & PKI .
Multi-tenancy Key Env var Default Purpose MultiTenant:ModeMultiTenant__ModeSoftScopingSoftScoping (single-tenant or co-located) or HardIsolation (Postgres RLS) MultiTenant:DefaultTenantMultiTenant__DefaultTenantdefaultTenant assigned when the discriminator claim is missing
See Tutorials → Multi-tenant onboarding .
Dispatch backplane Key Env var Default Purpose Dispatch:BackplaneDispatch__BackplaneInProcessInProcess / Postgres / Redis Dispatch:RedisConnectionStringDispatch__RedisConnectionString— Required when Backplane=Redis Dispatch:OwnershipTtlSecondsDispatch__OwnershipTtlSeconds60How long a session-ownership lease lives without renewal Dispatch:LeaderLeaseSecondsDispatch__LeaderLeaseSeconds30Background-job leader lease TTL
See Dispatch backplane .
Self-observability Key Env var Default Purpose OpenTelemetry:ServiceNameOpenTelemetry__ServiceNameampora-serverOTLP service name OpenTelemetry:OtlpEndpointOpenTelemetry__OtlpEndpoint— OTLP gRPC endpoint; empty disables export OpenTelemetry:HeadersOpenTelemetry__Headers— OTLP headers (e.g. for vendor auth) OpenTelemetry:SamplingRatioOpenTelemetry__SamplingRatio0.05Trace sampling ratio (0.0 – 1.0)
See Self-observability .
GitOps Key Env var Default Purpose GitOps:EnabledGitOps__EnabledfalseMaster switch GitOps:CacheRootGitOps__CacheRoot/var/lib/ampora/git-cacheWhere shallow clones land GitOps:DefaultPollIntervalSecondsGitOps__DefaultPollIntervalSeconds60Default poll cadence; per-source override
See Tutorials → GitOps .
Federation Key Env var Default Purpose Federation:EnabledFederation__EnabledfalseMaster switch (both inbound and outbound) Federation:InboundCorsOriginsFederation__InboundCorsOrigins[]CORS origins for inbound federation traffic Federation:HttpClientTimeoutSecondsFederation__HttpClientTimeoutSeconds15Timeout on outbound peer requests
See Tutorials → Federation .
Audit retention Key Env var Default Purpose AuditRetention:HotDaysAuditRetention__HotDays90Days events stay in the hot table AuditRetention:ArchiveDaysAuditRetention__ArchiveDays2555Days events stay in the archive table (7 years) AuditRetention:SweepIntervalMinutesAuditRetention__SweepIntervalMinutes60How often the retention service runs
See Audit retention .
Debug knobs These are gated behind explicit settings — never enable them in production unless you know exactly why.
Key Env var Default Purpose Debug:AllowRolloutEndpointsDebug__AllowRolloutEndpointsfalseExposes GET /debug/rollouts/{id}/start|pause|abort for end-to-end test scripts Debug:AllowAnonymousMetricsDebug__AllowAnonymousMetricsfalseDisables auth on /metrics (some Prom setups require this)