Documentation Index
Fetch the complete documentation index at: https://mintlify.com/OpsMill/infrahub/llms.txt
Use this file to discover all available pages before exploring further.
Infrahub is configured using environment variables. This page documents all available configuration options organized by category.
Configuration methods
Core settings
Main settings
| Variable | Default | Description |
|---|
INFRAHUB_ADDRESS | - | External address for the Infrahub API (used by workers) |
INFRAHUB_INTERNAL_ADDRESS | - | Internal address for inter-service communication |
INFRAHUB_PUBLIC_URL | - | Public URL for OAuth2/OIDC redirects |
INFRAHUB_PRODUCTION | false | Enable production mode |
INFRAHUB_LOG_LEVEL | - | Log level (DEBUG, INFO, WARNING, ERROR, CRITICAL) |
INFRAHUB_ALLOW_ANONYMOUS_ACCESS | true | Allow anonymous read access |
INFRAHUB_ANONYMOUS_ACCESS_ROLE | Anonymous User | Role name for anonymous users |
INFRAHUB_SCHEMA_STRICT_MODE | true | Enable strict schema validation |
INFRAHUB_PERMISSION_BACKENDS | ["infrahub.permissions.LocalPermissionBackend"] | Permission backend modules |
Initial setup
| Variable | Default | Description |
|---|
INFRAHUB_INITIAL_DEFAULT_BRANCH | main | Default branch name (set only once) |
INFRAHUB_INITIAL_ADMIN_TOKEN | - | Initial admin API token |
INFRAHUB_INITIAL_ADMIN_PASSWORD | infrahub | Initial admin password |
INFRAHUB_INITIAL_AGENT_TOKEN | - | Initial git-agent API token |
INFRAHUB_INITIAL_AGENT_PASSWORD | - | Initial git-agent password |
Database configuration
Neo4j settings
| Variable | Default | Description |
|---|
INFRAHUB_DB_TYPE | neo4j | Database type (neo4j) |
INFRAHUB_DB_ADDRESS | localhost | Database hostname or IP |
INFRAHUB_DB_PORT | 7687 | Database port |
INFRAHUB_DB_PROTOCOL | bolt | Connection protocol |
INFRAHUB_DB_USERNAME | neo4j | Database username |
INFRAHUB_DB_PASSWORD | admin | Database password |
INFRAHUB_DB_DATABASE | - | Database name (default: neo4j) |
INFRAHUB_DB_POLICY | - | Routing policy for cluster |
INFRAHUB_DB_TLS_ENABLED | false | Enable TLS for database |
INFRAHUB_DB_TLS_INSECURE | false | Skip TLS certificate verification |
INFRAHUB_DB_TLS_CA_FILE | - | CA certificate file path |
INFRAHUB_DB_QUERY_SIZE_LIMIT | 5000 | Max records per query |
INFRAHUB_DB_MAX_DEPTH_SEARCH_HIERARCHY | 5 | Max hierarchy depth |
INFRAHUB_DB_RETRY_LIMIT | 3 | Transaction retry limit |
INFRAHUB_DB_MAX_CONCURRENT_QUERIES | 0 | Max concurrent queries (0 = unlimited) |
INFRAHUB_DB_MAX_CONCURRENT_QUERIES_DELAY | 0.01 | Delay when limit reached (seconds) |
Message broker configuration
RabbitMQ / NATS settings
| Variable | Default | Description |
|---|
INFRAHUB_BROKER_DRIVER | rabbitmq | Message broker driver (rabbitmq, nats) |
INFRAHUB_BROKER_ADDRESS | localhost | Broker hostname or IP |
INFRAHUB_BROKER_PORT | - | Broker port (5672 for RabbitMQ, 4222 for NATS) |
INFRAHUB_BROKER_USERNAME | infrahub | Broker username |
INFRAHUB_BROKER_PASSWORD | infrahub | Broker password |
INFRAHUB_BROKER_NAMESPACE | infrahub | Broker namespace/prefix |
INFRAHUB_BROKER_VIRTUALHOST | / | RabbitMQ virtual host |
INFRAHUB_BROKER_RABBITMQ_HTTP_PORT | - | RabbitMQ management port |
INFRAHUB_BROKER_TLS_ENABLED | false | Enable TLS |
INFRAHUB_BROKER_TLS_INSECURE | false | Skip TLS verification |
INFRAHUB_BROKER_TLS_CA_FILE | - | CA certificate path |
INFRAHUB_BROKER_MAXIMUM_MESSAGE_RETRIES | 10 | Max retry attempts |
INFRAHUB_BROKER_MAXIMUM_CONCURRENT_MESSAGES | 2 | Max concurrent messages per worker |
Cache configuration
Redis / NATS settings
| Variable | Default | Description |
|---|
INFRAHUB_CACHE_DRIVER | redis | Cache driver (redis, nats) |
INFRAHUB_CACHE_ADDRESS | localhost | Cache hostname or IP |
INFRAHUB_CACHE_PORT | - | Cache port (6379 for Redis, 4222 for NATS) |
INFRAHUB_CACHE_DATABASE | 0 | Redis database number (0-15) |
INFRAHUB_CACHE_USERNAME | - | Cache username |
INFRAHUB_CACHE_PASSWORD | - | Cache password |
INFRAHUB_CACHE_TLS_ENABLED | false | Enable TLS |
INFRAHUB_CACHE_TLS_INSECURE | false | Skip TLS verification |
INFRAHUB_CACHE_TLS_CA_FILE | - | CA certificate path |
INFRAHUB_CACHE_CLEAN_UP_DEADLOCKS_INTERVAL_MINS | 15 | Deadlock cleanup interval (minutes) |
Workflow configuration
Prefect settings
| Variable | Default | Description |
|---|
INFRAHUB_WORKFLOW_DRIVER | worker | Workflow driver (worker, local) |
INFRAHUB_WORKFLOW_ADDRESS | localhost | Prefect server address |
INFRAHUB_WORKFLOW_PORT | - | Prefect server port |
INFRAHUB_WORKFLOW_TLS_ENABLED | false | Enable TLS |
INFRAHUB_WORKFLOW_DEFAULT_WORKER_TYPE | infrahubasync | Default worker type |
INFRAHUB_WORKFLOW_WORKER_POLLING_INTERVAL | 2 | Worker polling interval (seconds) |
INFRAHUB_WORKFLOW_FLOW_RUN_COUNT_CACHE_THRESHOLD | 100000 | Flow run count cache threshold |
INFRAHUB_WORKFLOW_EXTRA_LOGGERS | - | Additional loggers to capture |
INFRAHUB_WORKFLOW_EXTRA_LOG_LEVEL | INFO | Log level for extra loggers |
Task manager database
| Variable | Default | Description |
|---|
INFRAHUB_TASKMANAGER_DB_USER | postgres | PostgreSQL username |
INFRAHUB_TASKMANAGER_DB_PASSWORD | postgres | PostgreSQL password |
INFRAHUB_TASKMANAGER_DB_DATABASE | prefect | PostgreSQL database name |
Storage configuration
Storage driver settings
| Variable | Default | Description |
|---|
INFRAHUB_STORAGE_DRIVER | local | Storage driver (local, s3) |
INFRAHUB_STORAGE_LOCAL_PATH | /opt/infrahub/storage | Local storage directory |
S3 storage settings
| Variable | Default | Description |
|---|
AWS_ACCESS_KEY_ID | - | S3 access key |
AWS_SECRET_ACCESS_KEY | - | S3 secret key |
AWS_S3_BUCKET_NAME | - | S3 bucket name |
AWS_S3_ENDPOINT_URL | - | S3 endpoint URL (for MinIO, etc.) |
AWS_S3_USE_SSL | true | Use SSL for S3 |
AWS_DEFAULT_ACL | private | Default ACL for objects |
AWS_QUERYSTRING_AUTH | false | Use query string authentication |
AWS_S3_CUSTOM_DOMAIN | - | Custom domain for S3 URLs |
Security configuration
Authentication settings
| Variable | Default | Description |
|---|
INFRAHUB_SECURITY_SECRET_KEY | (auto-generated) | Secret key for token signing |
INFRAHUB_SECURITY_ACCESS_TOKEN_LIFETIME | 3600 | Access token lifetime (seconds) |
INFRAHUB_SECURITY_REFRESH_TOKEN_LIFETIME | 2592000 | Refresh token lifetime (seconds) |
INFRAHUB_SECURITY_RESTRICT_UNTRUSTED_JINJA2_FILTERS | true | Restrict Jinja2 filters |
SSO configuration
| Variable | Default | Description |
|---|
INFRAHUB_SECURITY_SSO_USER_DEFAULT_GROUP | - | Default group for SSO users |
INFRAHUB_SECURITY_OAUTH2_PROVIDERS | - | OAuth2 providers (JSON list) |
INFRAHUB_SECURITY_OIDC_PROVIDERS | - | OIDC providers (JSON list) |
OAuth2 provider configuration
| Variable | Description |
|---|
INFRAHUB_OAUTH2_PROVIDER1_CLIENT_ID | OAuth2 client ID |
INFRAHUB_OAUTH2_PROVIDER1_CLIENT_SECRET | OAuth2 client secret |
INFRAHUB_OAUTH2_PROVIDER1_AUTHORIZATION_URL | Authorization endpoint |
INFRAHUB_OAUTH2_PROVIDER1_TOKEN_URL | Token endpoint |
INFRAHUB_OAUTH2_PROVIDER1_USERINFO_URL | User info endpoint |
INFRAHUB_OAUTH2_PROVIDER1_DISPLAY_LABEL | Display label for UI |
INFRAHUB_OAUTH2_PROVIDER1_ICON | Icon name |
OIDC provider configuration
| Variable | Description |
|---|
INFRAHUB_OIDC_PROVIDER1_CLIENT_ID | OIDC client ID |
INFRAHUB_OIDC_PROVIDER1_CLIENT_SECRET | OIDC client secret |
INFRAHUB_OIDC_PROVIDER1_DISCOVERY_URL | OIDC discovery URL |
INFRAHUB_OIDC_PROVIDER1_DISPLAY_LABEL | Display label for UI |
INFRAHUB_OIDC_PROVIDER1_ICON | Icon name |
Git configuration
| Variable | Default | Description |
|---|
INFRAHUB_GIT_REPOSITORIES_DIRECTORY | repositories | Git repositories directory |
INFRAHUB_GIT_SYNC_INTERVAL | 10 | Sync interval (seconds, deprecated) |
INFRAHUB_GIT_APPEND_GIT_SUFFIX | github.com, gitlab.com | Auto-append .git for these domains |
INFRAHUB_GIT_IMPORT_SYNC_BRANCH_NAMES | - | Branch name patterns to import |
INFRAHUB_GIT_USER_NAME | Infrahub | Git commit author name |
INFRAHUB_GIT_USER_EMAIL | infrahub@opsmill.com | Git commit author email |
INFRAHUB_GIT_GLOBAL_CONFIG_FILE | /opt/infrahub/.gitconfig | Git config file path |
INFRAHUB_GIT_USE_EXPLICIT_MERGE_COMMIT | false | Use explicit merge commits |
API configuration
CORS settings
| Variable | Default | Description |
|---|
INFRAHUB_API_CORS_ALLOW_ORIGINS | - | Allowed CORS origins (JSON list) |
INFRAHUB_API_CORS_ALLOW_METHODS | ["DELETE", "GET", "OPTIONS", "PATCH", "POST", "PUT"] | Allowed HTTP methods |
INFRAHUB_API_CORS_ALLOW_HEADERS | ["accept", "authorization", "content-type", "user-agent", "x-csrftoken", "x-requested-with"] | Allowed headers |
INFRAHUB_API_CORS_ALLOW_CREDENTIALS | true | Allow credentials |
HTTP client configuration
| Variable | Default | Description |
|---|
INFRAHUB_HTTP_TIMEOUT | 10 | HTTP client timeout (seconds) |
INFRAHUB_HTTP_TLS_INSECURE | false | Skip TLS verification |
INFRAHUB_HTTP_TLS_CA_BUNDLE | - | CA bundle path or PEM string |
Observability configuration
Telemetry settings
| Variable | Default | Description |
|---|
INFRAHUB_TELEMETRY_OPTOUT | false | Disable anonymous telemetry |
INFRAHUB_TELEMETRY_ENDPOINT | https://telemetry.opsmill.cloud/infrahub | Telemetry endpoint |
INFRAHUB_TELEMETRY_INTERVAL | - | Telemetry interval |
Tracing settings
| Variable | Default | Description |
|---|
INFRAHUB_TRACE_ENABLE | false | Enable distributed tracing |
INFRAHUB_TRACE_EXPORTER_TYPE | console | Exporter type (console, otlp) |
INFRAHUB_TRACE_EXPORTER_PROTOCOL | grpc | Exporter protocol (grpc, http/protobuf) |
INFRAHUB_TRACE_EXPORTER_ENDPOINT | - | OTLP exporter endpoint |
INFRAHUB_TRACE_INSECURE | true | Use insecure connection |
OTEL_RESOURCE_ATTRIBUTES | - | OpenTelemetry resource attributes |
Logging settings
| Variable | Default | Description |
|---|
INFRAHUB_LOGGING_REMOTE_ENABLE | false | Enable remote logging |
INFRAHUB_LOGGING_REMOTE_FRONTEND_DSN | - | Frontend logging DSN |
INFRAHUB_LOGGING_REMOTE_API_SERVER_DSN | - | API server logging DSN |
INFRAHUB_LOGGING_REMOTE_GIT_AGENT_DSN | - | Git agent logging DSN |
Analytics settings
| Variable | Default | Description |
|---|
INFRAHUB_ANALYTICS_ENABLE | true | Enable analytics |
INFRAHUB_ANALYTICS_ADDRESS | - | Analytics service address |
INFRAHUB_ANALYTICS_API_KEY | - | Analytics API key |
Miscellaneous settings
| Variable | Default | Description |
|---|
INFRAHUB_MISC_PRINT_QUERY_DETAILS | false | Print detailed query information |
INFRAHUB_MISC_START_BACKGROUND_RUNNER | true | Start background task runner |
INFRAHUB_MISC_MAXIMUM_VALIDATOR_EXECUTION_TIME | 1800 | Max validator execution time (seconds) |
INFRAHUB_MISC_RESPONSE_DELAY | 0 | Artificial API response delay (seconds) |
INFRAHUB_DOCS_INDEX_PATH | /opt/infrahub/docs/build/search-index.json | Documentation index path |
INFRAHUB_TIMEOUT | - | General timeout setting |
Policy settings
| Variable | Default | Description |
|---|
INFRAHUB_POLICY_REQUIRED_PROPOSED_CHANGE_APPROVALS | 0 | Required approvals for proposed changes (Enterprise) |
INFRAHUB_POLICY_REVOKE_PROPOSED_CHANGE_APPROVALS | false | Revoke approvals on change (Enterprise) |
Experimental features
| Variable | Default | Description |
|---|
INFRAHUB_EXPERIMENTAL_GRAPHQL_ENUMS | false | Enable GraphQL enums |