Configuration Reference

Each service is configured via environment variables. Please see a GitHub readme section for each service for the full list of configuration options:

Ingest

Name	Default value	Description
`PORT`	Required	HTTP port where Ingest will be available.
`INGEST_PUBLIC_URL`	Required	Public url where ingest service is deployed and available from internet, usually it's load balancer or reverse proxy. E.g. https://data.jitsu.mycompany.com. Should contain protocol and port (if it's not default).
`INGEST_REPOSITORY_URL` `INGEST_REPOSITORY_AUTH_TOKEN`	Required	`INGEST_REPOSITORY_URL` is an URL of console's export endpoint that returns configuration of `streams-with-destinations` entities: `https://$console-endpoint/api/admin/export/streams-with-destinations`. `INGEST_REPOSITORY_AUTH_TOKEN` is used to authorize request to console. It must start with `service-admin-account:` prefix. E.g.: `service-admin-account:console-token` See also `CONSOLE_AUTH_TOKENS` of console configuration
`INGEST_REPOSITORY_REFRESH_PERIOD_SEC`	Optional Default: `2`	Period in seconds for refreshing configuration from console's `INGEST_REPOSITORY_URL`.
`INGEST_KAFKA_BOOTSTRAP_SERVERS`	Required	List of Kafka brokers separated by comma. Each broker should be in format `host:port`.
`INGEST_KAFKA_SSL`		If SSL should be enabled for Kafka
`INGEST_KAFKA_SSL_SKIP_VERIFY`		Skip SSL verification of kafka server certificate.
`INGEST_KAFKA_SASL`		Kafka authorization as JSON object. E.g.: `{"mechanism": "SCRAM-SHA-256", "username": "user", "password": "password"}`
`INGEST_ROTOR_URL` `INGEST_ROTOR_AUTH_KEY`	Required	`INGEST_ROTOR_URL` is an URL of the main endpoint of Rotor service. Example: `http://rotor:3401`. Required for running functions on device destinations `INGEST_ROTOR_AUTH_KEY` is used to authorized HTTP-request to Rotor. See `ROTOR_AUTH_TOKENS`, `ROTOR_TOKEN_SECRET` and `ROTOR_RAW_AUTH_TOKENS` in the Rotor section
`INGEST_CLICKHOUSE_HOST`		ClickHouse host and port to store incoming events log. E.g.: `clickhouse.example.com:9440`
`INGEST_CLICKHOUSE_DATABASE`		ClickHouse database to store incoming events log.
`INGEST_CLICKHOUSE_USERNAME` `INGEST_CLICKHOUSE_PASSWORD`		ClickHouse username and password.
`INGEST_CLICKHOUSE_SSL`		Enable SSL for Clickhouse connection
`INGEST_LOG_FORMAT`	Optional Default: `text`	Format of application logs (that are written to stdout). Possible values: `text` or `json`
`INGEST_FAILOVER_LOGGER_ENABLED` `INGEST_FAILOVER_LOGGER_ROTATION_PERIOD_MINUTES` `INGEST_FAILOVER_LOGGER_MAX_SIZE_MB` `INGEST_FAILOVER_LOGGER_COMPRESS`		Failover logger is used to store events that failed to be sent to Kafka. Default values: `INGEST_FAILOVER_LOGGER_ENABLED` - `false` `INGEST_FAILOVER_LOGGER_ROTATION_PERIOD_MINUTES` - `60` `INGEST_FAILOVER_LOGGER_MAX_SIZE_MB` - `100` `INGEST_FAILOVER_LOGGER_COMPRESS` - `true`
`INGEST_FAILOVER_LOGGER_BASE_PATH` `INGEST_FAILOVER_LOGGER_LOCAL_MAX_OLD_FILES`		Controls how failover logger files stored on local disk. Default values: `INGEST_FAILOVER_LOGGER_BASE_PATH` - `/tmp/kafka_failover` `INGEST_FAILOVER_LOGGER_LOCAL_MAX_OLD_FILES` - `10`
`INGEST_FAILOVER_LOGGER_S3_ENABLED` `INGEST_FAILOVER_LOGGER_S3_BUCKET` `INGEST_FAILOVER_LOGGER_S3_PREFIX` `INGEST_FAILOVER_LOGGER_S3_REGION`		Allows to set S3 destination for failover logger files.

Bulker

See list of all options on Bulker github

Rotor

Name	Default value	Description
`PORT`	Optional Default: `3401`	HTTP port where Rotor will be available.
`ROTOR_AUTH_TOKENS` `ROTOR_TOKEN_SECRET` `ROTOR_RAW_AUTH_TOKENS`	Required	`ROTOR_AUTH_TOKENS` is a list of hashed auth tokens that authorizes user in HTTP interface separated by comma. Each must have format: `$salt.$hash` where `$salt` should be random string. Hash is `hex(sha512($token + $salt + ROTOR_TOKEN_SECRET)`. To hash token, use following command in the root of this repository: `pnpm install && ROTOR_TOKEN_SECRET=xxxx pnpm tool:hash $token` `ROTOR_RAW_AUTH_TOKENS` can be used instead of `ROTOR_AUTH_TOKENS` to provide a comma-separared list of raw takens instead of hases. It offers simplicity at cost of lower security.
`REPOSITORY_BASE_URL` `REPOSITORY_AUTH_TOKEN`	Required	`REPOSITORY_BASE_URL` is an URL of console's export endpoint that returns configuration of `streams-with-destinations` entities: `https://$console-endpoint/api/admin/export`. `REPOSITORY_AUTH_TOKEN` is used to authorize request to console. It must start with `service-admin-account:` prefix. E.g.: `service-admin-account:console-token` See also `CONSOLE_AUTH_TOKENS` of console configuration
`REPOSITORY_REFRESH_PERIOD_SEC`	Optional Default: `2`	Period in seconds for refreshing configuration from console's export endpoint.
`CLICKHOUSE_HOST`		ClickHouse host and port to store Events Log. E.g.: `clickhouse.example.com:9440` Only HTTP(s) protocol is supported.
`CLICKHOUSE_DATABASE`		ClickHouse database to store Events Log.
`CLICKHOUSE_USERNAME` `CLICKHOUSE_PASSWORD`		ClickHouse username and password.
`CLICKHOUSE_SSL`		Enable SSL for Clickhouse connection
`BULKER_URL` `BULKER_AUTH_KEY`	Required	`BULKER_URL` is an URL of Bulker service. Rotor will use it to send event intended to warehouse destinations `BULKER_AUTH_KEY` is user to authentificated HTTP-request to Bulker. Should be one of `BULKER_AUTH_KEYS` you configured in Bulker Used for Events Logs feature.
`KAFKA_BOOTSTRAP_SERVERS`	Required	List of Kafka brokers separated by comma. Each broker should be in format `host:port`.
`KAFKA_SSL`		If SSL should be enabled for Kafka
`KAFKA_SSL_CA` `KAFKA_SSL_CA_FILE`		Custom CA certificate for verifying the Kafka server certificate. `KAFKA_SSL_CA` is a certificate in PEM format, `KAFKA_SSL_CA_FILE` is a path to the file with the certificate.
`KAFKA_SSL_SKIP_VERIFY`		Skip SSL verification of kafka server certificate.
`KAFKA_SASL`		Kafka authorization as JSON object. E.g.: `{"mechanism": "SCRAM-SHA-256", "username": "user", "password": "password"}`
`MONGODB_URL`	Required	MongoDB is used for Functions Persistent Storage and Identity Stitching. The value starts with `mongodb://` and has the following format: `mongodb://$user:$password@$host:$port/$database` To smoothly migrate from `REDIS_URL` you need to set `REDIS_URL` and `MONGODB_URL` at the same time. Rotor will look for records both in MongoDB and Redis, but new records will be added only to MongoDB. When you are sure that MongoDB is populated with enough data, you can remove `REDIS_URL` from the configuration.
`REDIS_URL` `REDIS_SENTINEL_ADDRESS`		Redis connection string. Always start with `redis://`: `redis://$user:$password:localhost:6379`. Redis Sentinel Address: `sentinel1:26379,sentinel2:26379,sentinel3:26379` Can be used for Functions Persistent Storage as alternative to MongoDB.
`METRICS_DESTINATION_ID`		Id of Bulker destination where Rotor will send event metrics. Only `clickhouse` destination is supported. If you don't want to send metrics, you can skip this option.
`METRICS_DESTINATION_ID`
`CONCURRENCY`	Optional Default: `10`
`MESSAGES_RETRY_COUNT`	Optional Default: `3`	Maximum number of retries for failed messages.
`MESSAGES_RETRY_BACKOFF_BASE`	Optional Default: `10`	Base value for exponential backoff for failed messages. For example, if `MESSAGES_RETRY_COUNT` is 3 and base is 10, then retry delays will be 10, 100, 1000 minutes
`MESSAGES_RETRY_BACKOFF_MAX_DELAY`	Optional Default: `1440`	Defines maximum possible retry delay in minutes. Default: 24 hours
`MAXMIND_LICENSE_KEY` `MAXMIND_URL` `MAXMIND_S3_BUCKET` `MAXMIND_S3_REGION` `MAXMIND_S3_ACCESS_KEY_ID` `MAXMIND_S3_SECRET_ACCESS_KEY` `MAXMIND_S3_ENDPOINT` `MAXMIND_S3_FORCE_PATH_STYLE`	Optional	MaxMind database used for GeoIP enrichment. MaxMind database can be obtained from MaxMind servers using `MAXMIND_LICENSE_KEY`, from custom `MAXMIND_URL` or from S3 or compatible storage.
`MAXMIND_LOCALE`	Optional Default: `en`	Use localized geographic names. Supported locales
`LOG_FORMAT`	Optional Default: `text`	Format of rotor application logs. Possible values: `text` or `json`

Console

Name	Default value	Description
`PORT`	Optional Default: `3000`	HTTP port where Console will be available.
`JITSU_PUBLIC_URL`	Required	This is a URL where Jitsu console will be publicly available, usually a load-balancer / reverse proxy address. E.g.: `https://your-domain/`
`CONSOLE_AUTH_TOKENS` `CONSOLE_TOKEN_SECRET` `CONSOLE_RAW_AUTH_TOKENS`	Required	`CONSOLE_AUTH_TOKENS` is a list of hashed auth tokens that authorizes user in HTTP interface separated by comma. Each must have format: `$salt.$hash` where `$salt` should be random string. Hash is `hex(sha512($token + $salt + CONSOLE_TOKEN_SECRET)`. To hash token, use following command in the root of this repository: `pnpm install && CONSOLE_TOKEN_SECRET=xxxx pnpm tool:hash $token` `CONSOLE_RAW_AUTH_TOKENS` can be used instead of `CONSOLE_AUTH_TOKENS` to provide a comma-separared list of raw takens instead of hases. It offers simplicity at cost of lower security.
`DATABASE_URL`	Required	PostgreSQL connection string. `postgres://$user:$password@localhost:$port/database?sslmode=no-verify&schema=newjitsu` `schema` must be `newjitsu`, and `sslmode` must be `no-verify`
`BULKER_URL` `BULKER_AUTH_KEY`	Required	`BULKER_URL` is an url of Bulker service. Used for pulling event logs. E.g.: `https://bulker.your-domain.com` `BULKER_AUTH_KEY` is used to authorized HTTP-request to Bulker. See `BULKER_AUTH_TOKENS`, `BULKER_TOKEN_SECRET` and `BULKER_RAW_AUTH_TOKENS` in Bulker configuration
`ROTOR_URL` `ROTOR_AUTH_KEY`	Required	`ROTOR_URL` is an url of the Rotor service. E.g.: `http://rotor:3401` `ROTOR_AUTH_KEY` is used to authorized HTTP-request to Rotor. See `ROTOR_AUTH_TOKENS`, `ROTOR_TOKEN_SECRET` and `ROTOR_RAW_AUTH_TOKENS` in the Rotor section
`GITHUB_CLIENT_ID` `GITHUB_CLIENT_SECRET`		To enable GitHub OAuth for Jitsu. You'll need to create a GitHub OAuth application to get those values: Go to GitHub Developer settings » OAuth Apps » New OAuth App. Put any value to `Application name`. Set `Homepage URL` and `Authorization callback URL` with value of `JITSU_PUBLIC_URL`. Press `Register application` button. Press `Generate a new client secret` button. Copy `Client ID` and `Client Secret` values to `.env` file to `GITHUB_CLIENT_ID` and `GITHUB_CLIENT_SECRET` variables respectively.
`AUTH_OIDC_PROVIDER`		To enable OpenID Connect based authentication for Jitsu. Expected json object with the following properties: `issuer` (the issuer domain in valid URL format), `clientId`, and `clientSecret` The well-known configuration endpoint for the provider is automatically set based on the issuer, and the default authorization request includes scopes for OpenID, email, and profile information. Auth0 Example: `{"issuer":"https://{yourDomain}.us.auth0.com/","clientId":"*","clientSecret":"*"}`
`JITSU_INGEST_PUBLIC_URL`	Required	Url where Ingest service is publicly available. See `INGEST_PUBLIC_URL` param of `ingest` service for details.
`SYNCS_ENABLED`		Whet set to `true` enables Connectors Syncs feature in Jitsu Console UI. Requires `syncctl` service
`SYNCCTL_URL` `SYNCCTL_AUTH_KEY`	Required	Required if `SYNCS_ENABLED=true`. `SYNCCTL_URL` is an URL of the main endpoint of Syncctl service. `SYNCCTL_AUTH_KEY` is Syncctl service authentication key: one of `SYNCCTL_AUTH_KEYS` or `SYNCCTL_RAW_AUTH_TOKENS` configured in Syncctl
`GOOGLE_SCHEDULER_KEY`		For scheduling connectors syncs Google Cloud Scheduler is required. This is a Google Service Account Key in JSON format. If not set, you'll still be able to schedule syncs manually through Jitsu Console UI or via API.
`CLICKHOUSE_HOST`		ClickHouse host and port where Events Log is stored. E.g.: `clickhouse.example.com:9440` Only HTTP(s) protocol is supported.
`CLICKHOUSE_DATABASE`		ClickHouse database to where Events Log is stored.
`CLICKHOUSE_CLUSTER`		ClickHouse cluster id to properly create replicate tables for Events Log. E.g.: `jitsu_cluster`
`CLICKHOUSE_USERNAME` `CLICKHOUSE_PASSWORD`		ClickHouse username and password.
`CLICKHOUSE_SSL`		Enable SSL for Clickhouse connection
`SMTP_CONNECTION_STRING` `EMAIL_TRANSACTIONAL_SENDER` `EMAIL_TRANSACTIONAL_REPLY_TO` `BCC_EMAIL`		Email sending configuration: `SMTP_CONNECTION_STRING` is a connection string to SMTP server in format: `smtp://user:password@localhost:587` `EMAIL_TRANSACTIONAL_SENDER` is an email address that will be used as sender. `EMAIL_TRANSACTIONAL_REPLY_TO` (optional) is an email address that will be used as Reply-To. `BCC_EMAIL` (optional) is an email address where all emails will be sent as BCC.
`LOG_FORMAT`	Optional Default: `text`	Format of console application logs. Possible values: `text` or `json`

Syncctl

Name	Default value	Description
`PORT`	Optional Default: `3043`	HTTP port where Syncctl will be available.
`SYNCCTL_AUTH_TOKENS` `SYNCCTL_TOKEN_SECRET` `SYNCCTL_RAW_AUTH_TOKENS`	Required	A list of hashed auth tokens that authorizes user in HTTP interface separated by comma. Each must have format: `$salt.$hash` where `$salt` should be random string. Hash is `hex(sha512($token + $salt + SYNCCTL_TOKEN_SECRET)`. `$token` must consist only of letters, digits, underscore and dash `SYNCCTL_RAW_AUTH_TOKENS` can be used if you want to provide a comma-separared list of raw takens instead of hases. It offers simplicity at cost of lower security.
`SYNCCTL_DATABASE_URL`	Required	PostgreSQL connection string. `postgres://$user:$password@localhost:$port/database?sslmode=no-verify&search_path=newjitsu`. Should be the same as `DATABASE_URL` for console `search_path` must be `newjitsu`, and `sslmode` must be `no-verify`
`SYNCCTL_SIDECAR_DATABASE_URL`	Required	URL of the same PostgreSQL instance as it is reachable from kubernetes cluster. Required only if it is different from `SYNCCTL_DATABASE_URL`. E.g. if you use `localhost` in `SYNCCTL_DATABASE_URL`
`SYNCCTL_KUBERNETES_CLIENT_CONFIG`	Optional Default: `local`	Path to kubernetes config file or kubernetes config in yaml format. If `syncctl` service itself runs in kubernetes cluster, you can skip this option or use `local` value.
`SYNCCTL_KUBERNETES_CONTEXT` `SYNCCTL_KUBERNETES_NAMESPACE`	Optional Default: `default`	Name of kubernetes context if not the default one is used and name of kubernetes namespace where sync jobs will be created.
`SYNCCTL_TASK_TIMEOUT_HOURS`	Optional Default: `48`	Maximum time in hours that sync job can run. After that time sync job will be terminated.
`SYNCCTL_LOG_FORMAT`	Optional Default: `text`	Format of syncctl application logs. Possible values: `text` or `json`

Admin

Admin service is used to perform maintenance tasks like reprocessing failover logger files.

Name	Default value	Description
`PORT`	Required	HTTP port where Ingest will be available.
`ADMIN_PUBLIC_URL`	Required	Public url where admin service is deployed and available from internet, usually it's load balancer or reverse proxy. E.g. https://data.jitsu.mycompany.com. Should contain protocol and port (if it's not default).
`ADMIN_REPOSITORY_URL` `ADMIN_REPOSITORY_AUTH_TOKEN`	Required	`ADMIN_REPOSITORY_URL` is an URL of console's export endpoint that returns configuration of `streams-with-destinations` entities: `https://$console-endpoint/api/admin/export/streams-with-destinations`. `ADMIN_REPOSITORY_AUTH_TOKEN` is used to authorize request to console. It must start with `service-admin-account:` prefix. E.g.: `service-admin-account:console-token` See also `CONSOLE_AUTH_TOKENS` of console configuration
`ADMIN_REPOSITORY_REFRESH_PERIOD_SEC`	Optional Default: `2`	Period in seconds for refreshing configuration from console's `ADMIN_REPOSITORY_URL`.
`ADMIN_KAFKA_BOOTSTRAP_SERVERS`	Required	List of Kafka brokers separated by comma. Each broker should be in format `host:port`.
`ADMIN_KAFKA_SSL`		If SSL should be enabled for Kafka
`ADMIN_KAFKA_SSL_SKIP_VERIFY`		Skip SSL verification of kafka server certificate.
`ADMIN_KAFKA_SASL`		Kafka authorization as JSON object. E.g.: `{"mechanism": "SCRAM-SHA-256", "username": "user", "password": "password"}`
`ADMIN_LOG_FORMAT`	Optional Default: `text`	Format of application logs (that are written to stdout). Possible values: `text` or `json`

Ingest​

Bulker​

Rotor​

Console​

Syncctl​

Admin​