Self Hosting
Configuration Options

Configuration Options

The Hatchet server and engine can be configured via SERVER and DATABASE environment variables. This document contains a list of all available options.

Runtime Configuration

VariableDescriptionDefault Value
SERVER_PORTPort for the core server8080
SERVER_URLFull server URL, including protocolhttp://localhost:8080
SERVER_GRPC_PORTPort for the GRPC service7070
SERVER_GRPC_BIND_ADDRESSGRPC server bind address127.0.0.1
SERVER_GRPC_BROADCAST_ADDRESSGRPC server broadcast address127.0.0.1:7070
SERVER_GRPC_INSECUREControls if the GRPC server is insecurefalse
SERVER_SHUTDOWN_WAITShutdown wait duration20s
SERVER_ENFORCE_LIMITSEnforce tenant limitsfalse
SERVER_ALLOW_SIGNUPAllow new tenant signupstrue
SERVER_ALLOW_INVITESAllow new invitestrue
SERVER_ALLOW_CREATE_TENANTAllow tenant creationtrue
SERVER_ALLOW_CHANGE_PASSWORDAllow password changestrue

Database Configuration

VariableDescriptionDefault Value
DATABASE_POSTGRES_HOSTPostgreSQL host127.0.0.1
DATABASE_POSTGRES_PORTPostgreSQL port5431
DATABASE_POSTGRES_USERNAMEPostgreSQL usernamehatchet
DATABASE_POSTGRES_PASSWORDPostgreSQL passwordhatchet
DATABASE_POSTGRES_DB_NAMEPostgreSQL database namehatchet
DATABASE_POSTGRES_SSL_MODEPostgreSQL SSL modedisable
DATABASE_MAX_CONNSMax database connections5
DATABASE_LOG_QUERIESLog database queriesfalse
CACHE_DURATIONCache duration60s

Security Check Configuration

VariableDescriptionDefault Value
SERVER_SECURITY_CHECK_ENABLEDEnable security checktrue
SERVER_SECURITY_CHECK_ENDPOINTSecurity check endpointhttps://security.hatchet.run

Limit Configuration

VariableDescriptionDefault Value
SERVER_LIMITS_DEFAULT_TENANT_RETENTION_PERIODDefault tenant retention period720h
SERVER_LIMITS_DEFAULT_WORKFLOW_RUN_LIMITDefault workflow run limit1000
SERVER_LIMITS_DEFAULT_WORKFLOW_RUN_ALARM_LIMITDefault workflow run alarm limit750
SERVER_LIMITS_DEFAULT_WORKFLOW_RUN_WINDOWDefault workflow run window24h
SERVER_LIMITS_DEFAULT_WORKER_LIMITDefault worker limit4
SERVER_LIMITS_DEFAULT_WORKER_ALARM_LIMITDefault worker alarm limit2
SERVER_LIMITS_DEFAULT_EVENT_LIMITDefault event limit1000
SERVER_LIMITS_DEFAULT_EVENT_ALARM_LIMITDefault event alarm limit750
SERVER_LIMITS_DEFAULT_EVENT_WINDOWDefault event window24h
SERVER_LIMITS_DEFAULT_CRON_LIMITDefault cron limit5
SERVER_LIMITS_DEFAULT_CRON_ALARM_LIMITDefault cron alarm limit2
SERVER_LIMITS_DEFAULT_SCHEDULE_LIMITDefault schedule limit1000
SERVER_LIMITS_DEFAULT_SCHEDULE_ALARM_LIMITDefault schedule alarm limit750

Alerting Configuration

VariableDescriptionDefault Value
SERVER_ALERTING_SENTRY_ENABLEDEnable Sentry for alerting
SERVER_ALERTING_SENTRY_DSNSentry DSN
SERVER_ALERTING_SENTRY_ENVIRONMENTSentry environmentdevelopment

Encryption Configuration

VariableDescriptionDefault Value
SERVER_ENCRYPTION_MASTER_KEYSETRaw master keyset, base64-encoded JSON string
SERVER_ENCRYPTION_MASTER_KEYSET_FILEPath to the master keyset file
SERVER_ENCRYPTION_JWT_PUBLIC_KEYSETPublic JWT keyset, base64-encoded JSON string
SERVER_ENCRYPTION_JWT_PUBLIC_KEYSET_FILEPath to the public JWT keyset file
SERVER_ENCRYPTION_JWT_PRIVATE_KEYSETPrivate JWT keyset, base64-encoded JSON string
SERVER_ENCRYPTION_JWT_PRIVATE_KEYSET_FILEPath to the private JWT keyset file
SERVER_ENCRYPTION_CLOUDKMS_ENABLEDWhether Google Cloud KMS is enabledfalse
SERVER_ENCRYPTION_CLOUDKMS_KEY_URIURI of the key in Google Cloud KMS
SERVER_ENCRYPTION_CLOUDKMS_CREDENTIALS_JSONJSON credentials for Google Cloud KMS

Authentication Configuration

VariableDescriptionDefault Value
SERVER_AUTH_RESTRICTED_EMAIL_DOMAINSRestricted email domains
SERVER_AUTH_BASIC_AUTH_ENABLEDWhether basic auth is enabledtrue
SERVER_AUTH_SET_EMAIL_VERIFIEDWhether the user's email is set to verified automaticallyfalse
SERVER_AUTH_COOKIE_NAMEName of the cookiehatchet
SERVER_AUTH_COOKIE_DOMAINDomain for the cookie
SERVER_AUTH_COOKIE_SECRETSCookie secrets
SERVER_AUTH_COOKIE_INSECUREWhether the cookie is insecurefalse
SERVER_AUTH_GOOGLE_ENABLEDWhether Google auth is enabledfalse
SERVER_AUTH_GOOGLE_CLIENT_IDGoogle auth client ID
SERVER_AUTH_GOOGLE_CLIENT_SECRETGoogle auth client secret
SERVER_AUTH_GOOGLE_SCOPESGoogle auth scopes["openid", "profile", "email"]
SERVER_AUTH_GITHUB_ENABLEDWhether GitHub auth is enabledfalse
SERVER_AUTH_GITHUB_CLIENT_IDGitHub auth client ID
SERVER_AUTH_GITHUB_CLIENT_SECRETGitHub auth client secret
SERVER_AUTH_GITHUB_SCOPESGitHub auth scopes["read:user", "user:email"]

Task Queue Configuration

VariableDescriptionDefault Value
SERVER_MSGQUEUE_KINDMessage queue kind
SERVER_MSGQUEUE_RABBITMQ_URLRabbitMQ URLamqp://user:password@localhost:5672/

TLS Configuration

VariableDescriptionDefault Value
SERVER_TLS_STRATEGYTLS strategy
SERVER_TLS_CERTTLS certificate
SERVER_TLS_CERT_FILEPath to the TLS certificate file
SERVER_TLS_KEYTLS key
SERVER_TLS_KEY_FILEPath to the TLS key file
SERVER_TLS_ROOT_CATLS root CA
SERVER_TLS_ROOT_CA_FILEPath to the TLS root CA file
SERVER_TLS_SERVER_NAMETLS server name

Logging Configuration

VariableDescriptionDefault Value
SERVER_LOGGER_LEVELLogger level
SERVER_LOGGER_FORMATLogger format
DATABASE_LOGGER_LEVELLogger level
DATABASE_LOGGER_FORMATLogger format

OpenTelemetry Configuration

VariableDescriptionDefault Value
SERVER_OTEL_SERVICE_NAMEService name for OpenTelemetry
SERVER_OTEL_COLLECTOR_URLCollector URL for OpenTelemetry

Tenant Alerting Configuration

VariableDescriptionDefault Value
SERVER_TENANT_ALERTING_SLACK_ENABLEDEnable Slack for tenant alerting
SERVER_TENANT_ALERTING_SLACK_CLIENT_IDSlack client ID
SERVER_TENANT_ALERTING_SLACK_CLIENT_SECRETSlack client secret
SERVER_TENANT_ALERTING_SLACK_SCOPESSlack scopes["incoming-webhook"]