Skip to content

Environment variables

Every JSON config key maps to an environment variable by replacing : with __ (double underscore). For example Authentication:Oidc:Authority becomes Authentication__Oidc__Authority.

A handful of variables are env-only because ASP.NET Core reads them before configuration providers initialise.

Env-only variables

Variable Default Notes
ASPNETCORE_ENVIRONMENT Production Production / Staging / Development
ASPNETCORE_HTTP_PORTS 8080 Comma-separated list of HTTP ports
ASPNETCORE_FORWARDEDHEADERS_ENABLED true Honour X-Forwarded-* from reverse proxy
DOTNET_CLI_TELEMETRY_OPTOUT 1 Set to 1 in containers
DOTNET_NOLOGO 1 Suppress dotnet startup banner
AMPORA_AUTO_MIGRATE 0 Apply EF migrations on startup

Mapped from JSON keys

Same content as Configuration keys, in env-var form.

Database

Database__Provider=Postgres
ConnectionStrings__Ampora=Host=...;Port=5432;Database=ampora;Username=ampora;Password=...;SSL Mode=Require
ConnectionStrings__AmporaRead=...

Authentication

Authentication__Oidc__Authority=https://login.acme.io/realms/ampora
Authentication__Oidc__ClientId=ampora-web
Authentication__Oidc__ClientSecret=...
Authentication__Oidc__RoleClaim=ampora:role
Authentication__Oidc__TenantClaim=tenant
Authentication__Oidc__CallbackPath=/signin-oidc
Authentication__Oidc__UsePkce=true
Authentication__Oidc__ClientAuthentication=ClientSecretPost

OpAMP

OpAmp__MaxMessageBytes=10485760
OpAmp__HeartbeatWindowSeconds=90
OpAmp__AllowedCapabilityFlags=15
OpAmp__RequireMtls=true
OpAmp__BootstrapPlaintextAllowed=false

Encryption

KeyProtection__MasterKey=BASE64_32_BYTES
KeyProtection__PreviousMasterKey=BASE64_32_BYTES
CryptoProvider__Kind=Software
CryptoProvider__KeyId=arn:aws:kms:eu-central-1:...
CryptoProvider__Region=eu-central-1

Certificate authority

CertificateAuthority__CommonName=Ampora CA
CertificateAuthority__CrlDistributionPoint=https://AMPORA_HOST/pki/crl.der
CertificateAuthority__OcspResponderUrl=https://AMPORA_HOST/pki/ocsp
CertificateAuthority__DefaultLeafLifetimeDays=365
CertificateAuthority__DefaultTrustedWindowDays=30
CertificateAuthority__RenewalThresholdDays=30

Multi-tenancy

MultiTenant__Mode=SoftScoping
MultiTenant__DefaultTenant=default

Dispatch

Dispatch__Backplane=Postgres
Dispatch__RedisConnectionString=redis://...
Dispatch__OwnershipTtlSeconds=60
Dispatch__LeaderLeaseSeconds=30

Self-observability

OpenTelemetry__ServiceName=ampora-server
OpenTelemetry__OtlpEndpoint=http://otelcol:4317
OpenTelemetry__SamplingRatio=0.05

GitOps, Federation, Audit, Approvals, Debug

GitOps__Enabled=false
Federation__Enabled=false
AuditRetention__HotDays=90
AuditRetention__ArchiveDays=2555
Approvals__RequireFourEyes=true
Debug__AllowRolloutEndpoints=false

Notes on env-var quoting

For Compose / shell:

  • Wrap values containing spaces in double quotes.
  • Connection strings with ; separators do not need escaping in Docker Compose env blocks.
  • For arrays (Federation__InboundCorsOrigins__0=...), use the numeric-suffix form: each index becomes its own env var.