The following are the standard environmental variables used by Fin and it's core services. Developers, all config properties can be seen here: config.js
Default: http://localhost:3000
This should be the root url (domain name) of your Fin service.
Default: local-dev
Used for accessing Google Cloud Storage data environments. Example in the GCS config definitions you can
say dams-client-{{GCS_BUCKET_ENV}}, which will resolve to dams-client-local-dev or dams-client-prod depending on the value of GCS_BUCKET_ENV and which environment you are running in.
Default: local-dev
Used for accessing Google Cloud Workflow environments. Example in the GCS config definitions you can
say dams-client-{{GCS_BUCKET_ENV}}, which will resolve to dams-client-local-dev or dams-client-prod depending on the value of GCS_BUCKET_ENV and which environment you are running in.
Default: dev
Should be used be your client application. Normally prod serves your production
build of the client app. Everything else serves the dev build. But this is not
implemented by fin, you must implement it in your client app.
Default: info
Used to set the log level for all services. Either env var will work.
Default: /fin/services/models
Path to the directory where your fin data models are stored.
Default: changeme
Used to encrypt your cookies
Default: 7 days
Comma separated list of origins you would like to grant access to FIN. Requests from these origins will set proper CORS headers in the response as well as handle the browser preflight OPTIONS CORS request.
Secret used for talking to OIDC provider (keycloak)
Issuer used for talking to OIDC provider (keycloak)
Default: fin-jwt
Name of cookie to store JWT token
URL to the JWKS endpoint of the OIDC provider (keycloak)
Client ID of the OIDC provider client (keycloak)
Client secret of the OIDC provider client (keycloak)
Base URL of the OIDC provider realm (keycloak)
Default: roles openid profile email
Scopes to request in token
Default: keycloak-oidc
Name of the OIDC auth services (so container name in docker compose speak) that is used to authenticate against keycloak.
Service account name used to authenticate to the OIDC provider (keycloak). For keycloak, this is the username of the service account.
Service account password used to authenticate to the OIDC provider (keycloak). For keycloak, this is the password of the service account. This should be a 512 character string.
openssl rand -base64 512If you have the above FIN_SERVICE_ACCOUNT_* parameters set in your .env. You can test your service account with:
docker run --rm -i -t --env-file .env --name init us-west1-docker.pkg.dev/digital-ucdavis-edu/pub/fin-init:${version} node /service/getToken.jsDefault: /etc/fin/service-account.json
Path to the service account json file. This is used by any service to authenticate to GCS.
Service account to use for GCS. If not set, the service account specified in the GOOGLE_APPLICATION_CREDENTIALS file will be used.
Google Cloud Project ID. If not set, the project ID specified in the GOOGLE_APPLICATION_CREDENTIALS file will be used.
Default: us-central1
Location of GCS services.
Name to use for pubsub subscriptions. If not set, the default subscription name will be set to GCS_BUCKET_ENV, which defaults to
local-dev if not set.
Default: 3
Set the maximum number of concurrent workflows to run. This is used by the workflow service to limit the number of workflows that can be running at once. This only applies to workflows of type gc-workflow.
Default: postgres
Default: 5432
Default: postgres
Default: fcrepo
Default: elasticsearch
Default: 9200
Default: elastic
Default: elastic
Default: error
Default: redis
Default: 6379
Default: fcrepo
Host name of the fcrepo service