Configuration keys
Every setting Ampora reads, in JSON-key form. The __-separated env var form is on Environment variables.
For the narrative explanation of each section see Operator → Configuration → Settings reference; this page is a flat lookup.
Index
Database
| Key | Type | Default | Notes |
Database:Provider | string | Postgres | Postgres or Sqlite |
ConnectionStrings:Ampora | string | — | Full Npgsql / SQLite connection string |
ConnectionStrings:AmporaRead | string | — | Optional read-replica connection |
ASP.NET Core / hosting
| Key | Type | Default | Notes |
Logging:LogLevel:Default | string | Information | |
Logging:LogLevel:Microsoft.AspNetCore | string | Warning | |
AllowedHosts | string | * | Standard ASP.NET Core knob |
(ASPNETCORE_* variables are env-only — see Environment variables.)
Authentication
| Key | Type | Default | Notes |
Authentication:Oidc:Authority | string | — | OIDC issuer URL |
Authentication:Oidc:ClientId | string | — | |
Authentication:Oidc:ClientSecret | string | — | |
Authentication:Oidc:RoleClaim | string | ampora:role | Where the role is read from |
Authentication:Oidc:TenantClaim | string | tenant | Where the tenant discriminator is read from |
Authentication:Oidc:CallbackPath | string | /signin-oidc | |
Authentication:Oidc:UsePkce | bool | true | Disable only if your IdP rejects PKCE |
Authentication:Oidc:ClientAuthentication | string | ClientSecretPost | Or ClientSecretBasic |
OpAMP
| Key | Type | Default | Notes |
OpAmp:MaxMessageBytes | int | 10485760 | Per-frame cap |
OpAmp:HeartbeatWindowSeconds | int | 90 | "Last seen" staleness threshold |
OpAmp:AllowedCapabilityFlags | int | 15 | Bitmask of capabilities Ampora honours |
OpAmp:RequireMtls | bool | true | Reject non-mTLS post-bootstrap |
OpAmp:BootstrapPlaintextAllowed | bool | false | Allow plain WS for bootstrap (dev only) |
Encryption / KeyProtection
| Key | Type | Default | Notes |
KeyProtection:MasterKey | string (base64) | — | 32-byte CSPRNG; required in prod |
KeyProtection:PreviousMasterKey | string (base64) | — | One-cycle rotation overlap |
CryptoProvider
| Key | Type | Default | Notes |
CryptoProvider:Kind | string | Software | Software / AwsKms / AzureKeyVault / GcpKms / Pkcs11 / VaultTransit |
CryptoProvider:KeyId | string | — | Provider-specific |
CryptoProvider:Region | string | — | AWS only |
CryptoProvider:Endpoint | string | — | Optional override (VPC endpoint, dev KMS) |
CryptoProvider:ModulePath | string | — | PKCS#11 only |
CryptoProvider:TokenLabel | string | — | PKCS#11 only |
CryptoProvider:ObjectLabel | string | — | PKCS#11 only |
CryptoProvider:PinEnvVar | string | — | PKCS#11 only — env var name |
CryptoProvider:Address | string | — | Vault Transit |
CryptoProvider:Mount | string | transit | Vault Transit |
CryptoProvider:KeyName | string | — | Vault Transit |
CryptoProvider:Auth:Method | string | — | AppRole, Token, Kubernetes |
CryptoProvider:Auth:Role | string | — | Vault role name |
CertificateAuthority
| Key | Type | Default | Notes |
CertificateAuthority:CommonName | string | Ampora CA | Subject CN of auto-bootstrap CA |
CertificateAuthority:CrlDistributionPoint | string | — | URL embedded in every issued cert |
CertificateAuthority:OcspResponderUrl | string | — | URL embedded in every issued cert |
CertificateAuthority:DefaultLeafLifetimeDays | int | 365 | |
CertificateAuthority:DefaultTrustedWindowDays | int | 30 | Trust-window after rotation |
CertificateAuthority:RenewalThresholdDays | int | 30 | Auto-renewal trigger |
MultiTenant
| Key | Type | Default | Notes |
MultiTenant:Mode | string | SoftScoping | Or HardIsolation |
MultiTenant:DefaultTenant | string | default | When discriminator claim missing |
Dispatch
| Key | Type | Default | Notes |
Dispatch:Backplane | string | InProcess | InProcess / Postgres / Redis |
Dispatch:RedisConnectionString | string | — | Required if Backplane = Redis |
Dispatch:OwnershipTtlSeconds | int | 60 | |
Dispatch:LeaderLeaseSeconds | int | 30 | |
OpenTelemetry
| Key | Type | Default | Notes |
OpenTelemetry:ServiceName | string | ampora-server | |
OpenTelemetry:OtlpEndpoint | string | — | Empty disables export |
OpenTelemetry:Headers | object | — | {"Authorization":"Bearer …"} etc. |
OpenTelemetry:SamplingRatio | double | 0.05 | Trace sampling 0.0 – 1.0 |
GitOps
| Key | Type | Default | Notes |
GitOps:Enabled | bool | false | Master switch |
GitOps:CacheRoot | string | /var/lib/ampora/git-cache | Local clone cache |
GitOps:DefaultPollIntervalSeconds | int | 60 | Per-source override available |
Federation
| Key | Type | Default | Notes |
Federation:Enabled | bool | false | Master switch |
Federation:InboundCorsOrigins | string[] | [] | CORS allow-list |
Federation:HttpClientTimeoutSeconds | int | 15 | Outbound peer call timeout |
AuditRetention
| Key | Type | Default | Notes |
AuditRetention:HotDays | int | 90 | |
AuditRetention:ArchiveDays | int | 2555 | 7 years |
AuditRetention:SweepIntervalMinutes | int | 60 | |
Approvals
| Key | Type | Default | Notes |
Approvals:RequireFourEyes | bool | true | Disable only in dev |
Debug
| Key | Type | Default | Notes |
Debug:AllowRolloutEndpoints | bool | false | Enables /debug/rollouts/... |
Debug:AllowAnonymousMetrics | bool | false | Disables auth on /metrics |