GraphQL Engine Server Configuration Reference
Introduction
This page details which flags and environment variables are available to customize a Hasura GraphQL Engine instance. For details on how to implement flags or environment variables, check out this page.
GraphQL Engine command flags and environment variables
For the graphql-engine
command, these are the
available flags and environment variables:
Database URL
This connection string can be used to connect Hasura to a PostgreSQL data source which Hasura will automatically add to the list of connected data sources.
Flag | --database-url <DB_URL> |
Env var | HASURA_GRAPHQL_DATABASE_URL |
Accepted values | String (PostgreSQL DB connection string) |
Example | postgres://<user>:<password>@<host>:<port>/<db-name> |
Default | null |
Supported in | CE, Enterprise Edition |
This config option is supported to maintain backwards compatibility with v1.x
Hasura instances. In versions v2.0
and above, databases can be connected using any custom environment variables of your choice. Our docker-compose.yaml
files in the install manifests reference PG_DATABASE_URL
as the environment variable to use for connecting to a
database, but this can be any plaintext value which does not start with HASURA_
.
Metadata Database URL
This Postgres database URL is used to store Hasura's Metadata. This can also be a URI of the form
dynamic-from-file:///path/to/file
, where the referenced file contains a postgres connection string, which will be read
dynamically every time a new connection is established. This allows the server to be used in an environment where
secrets are rotated frequently.
Flag | --metadata-database-url <METADATA_DATABASE_URL> |
Env var | HASURA_GRAPHQL_METADATA_DATABASE_URL |
Accepted values | String (PostgreSQL DB connection string, or dynamic-from-file:// URI) |
Example | postgres://<user>:<password>@<host>:<port>/<db-name> |
Default | CE, Enterprise Edition: null Cloud: managed by Hasura Cloud |
Supported in | CE, Enterprise Edition |
THe metadata database URL needs to be set for Hasura to start.
Serve sub-command flags and environment variables
For the serve
sub-command, these are the available
flags and environment variables:
When the equivalent flags for environment variables are used, the flags will take precedence.
Admin Internal Errors
Internal information is included in an error response for requests made by an admin.
Flag | --admin-internal-errors <true-or-false> |
Env var | HASURA_GRAPHQL_ADMIN_INTERNAL_ERRORS |
Accepted values | Boolean |
Options | true or false |
Default | true |
Supported in | CE, Enterprise Edition, Cloud |
Admin Secret Key
A secret key required to access the Hasura instance.
Flag | --admin-secret <ADMIN_SECRET_KEY> |
Env var | HASURA_GRAPHQL_ADMIN_SECRET |
Accepted values | String |
Default | CE, Enterprise Edition: null Cloud: generated by default |
Supported in | CE, Enterprise Edition, Cloud |
When you use webhook or JWT mode for authentication, setting this value is mandatory.
Admin Secrets
A list of valid admin secret keys any one of which can be used to access the Hasura instance.
Flag | --admin-secrets <SECRETS> |
Env var | HASURA_GRAPHQL_ADMIN_SECRETS |
Accepted values | Array (of strings) |
Default | null |
Example | '["secret1", "secret2"]' |
Supported in | Enterprise Edition only |
If both Admin Secret and Admin Secrets are set, then only Admin Secrets will be used.
Async Actions Fetch Batch Size
The maximum number of async actions to be processed in a single batch.
Flag | --async-actions-fetch-batch-size <BATCH_SIZE> |
Env var | HASURA_GRAPHQL_ASYNC_ACTIONS_FETCH_BATCH_SIZE |
Accepted values | Integer |
Default | 10 |
Supported in | CE, Enterprise Edition, Cloud |
Async Actions Fetch Interval
The interval, in milliseconds, to sleep before trying to fetch async actions again after a
fetch returned no async actions from metadata storage. A value of 0
implies completely disabling fetching async
actions from the storage.
Flag | --async-actions-fetch-interval <INTERVAL_IN_MS> |
Env var | HASURA_GRAPHQL_ASYNC_ACTIONS_FETCH_INTERVAL |
Accepted values | Integer (Representing an interval in milliseconds) |
Default | null |
Supported in | CE, Enterprise Edition, Cloud |
Auth Hook
The URL required to authorize requests when utilizing authentication webhooks.
Flag | --auth-hook <WEBHOOK_URL> |
Env var | HASURA_GRAPHQL_AUTH_HOOK |
Accepted values | String (URL) |
Default | null |
Supported in | CE, Enterprise Edition, Cloud |
Having an admin secret set is mandatory for setting this value.
Auth Hook Mode
If you're using a webhook for authentication, The HTTP method used by Hasura to make requests.
Flag | --auth-hook-mode <GET-or-POST> |
Env var | HASURA_GRAPHQL_AUTH_HOOK_MODE |
Accepted values | String (HTTP method) |
Options | GET or POST |
Default | GET |
Supported in | CE, Enterprise Edition, Cloud |
Send Request Body to Auth Hook
Whether or not to send the request body (graphql request/variables) to the auth hook in POST
mode.
Flag | --auth-hook-send-request-body <true-or-false> |
Env var | HASURA_GRAPHQL_AUTH_HOOK_SEND_REQUEST_BODY |
Accepted values | Boolean |
Options | true or false |
Default | true |
Supported in | CE, Enterprise Edition, Cloud |
BigQuery String Numeric Input
Stringify certain
BigQuery numeric types,
specifically bignumeric
, float64
, int64
, numeric
and aliases thereof, as they don't fit into the IEEE 754
spec
for JSON encoding-decoding.
Flag | --bigquery_string_numeric_input |
Env var | HASURA_GRAPHQL_BIGQUERY_STRING_NUMERIC_INPUT |
Accepted values | Boolean |
Options | true or false |
Default | false |
Supported in | CE, Enterprise Edition |
Cache Max Entry TTL
The maximum Query Cache TTL value in seconds, defaulting to 3600 seconds (1 hour).
Flag | --query-cache-max-ttl |
Env var | HASURA_GRAPHQL_CACHE_MAX_ENTRY_TTL |
Accepted values | Integer |
Default | 3600 |
Supported in | Enterprise Edition only |
Close WebSocket connections on metadata change
When metadata changes, close all WebSocket connections (with error code 1012
). This is useful when you want to ensure
that all clients reconnect to the latest metadata.
Flag | --disable-close-websockets-on-metadata-change |
Env var | HASURA_GRAPHQL_CLOSE_WEBSOCKETS_ON_METADATA_CHANGE |
Accepted values | Boolean |
Options | true or false |
Default | true |
Supported in | CE, Enterprise Edition, Cloud |
Configured Header Precedence
Whether the metadata configured headers are given higher precedence than client headers for Actions and postgres input validations.
Flag | --configured-header-precedence |
Env var | HASURA_GRAPHQL_CONFIGURED_HEADER_PRECEDENCE |
Accepted values | Boolean |
Options | true or false |
Default | false |
Supported in | CE, Enterprise Edition, Cloud |
Connections per Read-Replica
The maximum number of Postgres connections per read-replica that can be opened per stripe. When the maximum is reached we will block until a new connection becomes available, even if there is capacity in other stripes.
Flag | --connections-per-read-replica <NO_OF_CONNS_PER_READ_REPLICA> |
Env var | HASURA_GRAPHQL_CONNECTIONS_PER_READ_REPLICA |
Accepted values | Integer |
Default | 50 |
Supported in | Enterprise Edition only |
Console Assets Directory
By default, Console assets are loaded from a CDN. For the Console to
load assets from the server itself
instead of the CDN, set the value to /srv/console-assets
.
Flag | --console-assets-dir <PATH_TO_ASSETS> |
Env var | HASURA_GRAPHQL_CONSOLE_ASSETS_DIR |
Accepted values | String |
Options | "/srv/console-assets" |
Default | null |
Supported in | CE, Enterprise Edition |
CORS Domain
List of domains, including scheme (http/https) and port, to allow for CORS. Wildcard domains are allowed. Setting an empty value will block requests from all other domains.
Flag | --cors-domain <DOMAINS> |
Env var | HASURA_GRAPHQL_CORS_DOMAIN |
Accepted values | String (comma separated list of domains) |
Default | CE, Enterprise Edition: null Cloud: * |
Example | "https://*.foo.bar.com:8080, http://*.localhost, http://localhost:3000, http://example.com" |
Supported in | CE, Enterprise Edition, Cloud |
Because the Console on Hasura Cloud runs on the 'cloud.hasura.io' domain, Hasura Cloud automatically adds it as an allowed CORS domain. Setting an empty value will block requests from all other domains.
Dev Mode
Sets dev mode for GraphQL requests, i.e. in case of
errors, includes an internal
key in the errors extensions of the response.
Flag | --dev-mode |
Env var | HASURA_GRAPHQL_DEV_MODE |
Accepted values | Boolean |
Options | true or false |
Default | false |
Supported in | CE, Enterprise Edition, Cloud |
Default Naming Convention
Used to set the default naming convention for all sources.
Flag | N/A |
Env var | HASURA_GRAPHQL_DEFAULT_NAMING_CONVENTION |
Accepted values | String |
Options | hasura-default or graphql-default |
Default | hasura-default |
Supported in | CE, Enterprise Edition, Cloud |
Disable CORS
Disables CORS. Hasura will not send any CORS headers on any request.
Flag | --disable-cors |
Env var | HASURA_GRAPHQL_DISABLE_CORS |
Accepted values | Boolean |
Options | true or false |
Default | false |
Supported in | CE, Enterprise Edition |
Disable Native Query validation
Disable validation of Native Queries against the database.
Flag | --disable-native-query-validation |
Env var | HASURA_GRAPHQL_DISABLE_NATIVE_QUERY_VALIDATION |
Accepted values | Boolean |
Options | true or false |
Default | false |
Supported in | CE, Enterprise Edition, Cloud |
Dynamic Secrets Allowed Path Prefix
Enables the ability to source Postgres connection strings from files on disk using DynamicFromFile, and the ability for Template Variables to use the contents of files in Data Connector configuration transforms. File paths used with these features must start with the prefix set in this environment variable.
Flag | N/A |
Env var | HASURA_GRAPHQL_DYNAMIC_SECRETS_ALLOWED_PATH_PREFIX |
Accepted values | String (representing a filesystem path prefix, such as /var/secrets/ ) |
Default | null |
Supported in | CE, Enterprise Edition |
Enable Allow List
Restrict requests allowed to be executed by the GraphQL Engine to those that are part of the configured Allow List.
Flag | --enable-allowlist <true-or-false> |
Env var | HASURA_GRAPHQL_ENABLE_ALLOWLIST |
Accepted values | Boolean |
Options | true or false |
Default | false |
Supported in | CE, Enterprise Edition, Cloud |
Enable Apollo Federation
Enables the Apollo Federation feature. This allows Hasura to be connected as a subgraph in an Apollo supergraph.
Flag | --enable-apollo-federation |
Env var | HASURA_GRAPHQL_ENABLE_APOLLO_FEDERATION |
Accepted values | Boolean |
Options | true or false |
Default | false |
Supported in | CE, Enterprise Edition, Cloud |
Enable Automated Persisted Queries
Enables the Automated Persisted Queries feature.
Flag | --enable-persisted-queries |
Env var | HASURA_GRAPHQL_ENABLE_PERSISTED_QUERIES |
Accepted values | Boolean |
Default | false |
Supported in | Enterprise Edition |
Set Automated Persisted Queries TTL
Sets the query TTL in the cache store for Automated Persisted Queries.
Flag | --persisted-queries-ttl |
Env var | HASURA_GRAPHQL_PERSISTED_QUERIES_TTL |
Accepted values | Integer |
Default | 5 (seconds) |
Supported in | Enterprise Edition |
Enable Error Log Level for Trigger Errors
Sets the log-level as error
for Trigger type error logs (Event Triggers, Scheduled Triggers, Cron Triggers).
Flag | --enable-triggers-error-log-level |
Env var | HASURA_GRAPHQL_ENABLE_TRIGGERS_ERROR_LOG_LEVEL |
Accepted values | Boolean |
Default | false |
Supported in | CE, Enterprise Edition |
Enable Console
Enable the Hasura Console (served by the server on /
and /console
).
Flag | --enable-console <true-or-false> |
Env var | HASURA_GRAPHQL_ENABLE_CONSOLE |
Accepted values | Boolean |
Options | true or false |
Default | CE, Enterprise Edition: false Cloud: Console is always enabled |
Supported in | CE, Enterprise Edition |
Enable High-cardinality Labels for Metrics
Enable high-cardinality labels for Prometheus Metrics.
Enabling this setting will add more labels to some of the metrics (e.g. operation_name
label for Graphql subscription
metrics).
Flag | N/A |
Env var | HASURA_GRAPHQL_METRICS_ENABLE_HIGH_CARDINALITY_LABELS |
Accepted values | Boolean |
Options | true or false |
Default | true |
Supported in | Enterprise Edition |
The list of affected metrics are:
Metric | High Cardinality enabled | High Cardinality disabled |
---|---|---|
hasura_event_queue_time_seconds | trigger_name, source_name | None |
hasura_event_processed_total | trigger_name, source_name | None |
hasura_event_webhook_processing_time_seconds | trigger_name, source_name | None |
hasura_event_processing_time_seconds | trigger_name, source_name | None |
hasura_event_invocations_total | trigger_name, source_name | None |
hasura_graphql_requests_total | operation_type, response_status, parameterized_query_hash, operation_name | operation_type, response_status |
hasura_websocket_messages_sent_bytes_total | parameterized_query_hash, operation_name | None |
hasura_subscription_total_time_seconds | subscription_kind, parameterized_query_hash, operation_name | subscription_kind |
hasura_subscription_db_execution_time_seconds | subscription_kind, parameterized_query_hash, operation_name | subscription_kind |
hasura_active_subscriptions | subscription_kind, parameterized_query_hash, operation_name | subscription_kind |
Enable Log Compression
Enable sending compressed logs to metrics server.
Flag | --enable-log-compression <true-or-false> |
Env var | HASURA_GRAPHQL_ENABLE_LOG_COMPRESSION |
Accepted values | Boolean |
Options | true or false |
Default | false |
Supported in | Enterprise Edition |
Enable Maintenance Mode
Enabling maintenance mode disables updating of Metadata on the server.
Flag | --enable-maintenance-mode <true-or-false> |
Env var | HASURA_GRAPHQL_ENABLE_MAINTENANCE_MODE |
Accepted values | Boolean |
Options | true or false |
Default | false |
Supported in | CE, Enterprise Edition, Cloud |
Enable Metadata Query Logging
Enabling this setting includes the query
field in http-logs for Metadata
queries.
Flag | --enable-metadata-query-logging <true-or-false> |
Env var | HASURA_GRAPHQL_ENABLE_METADATA_QUERY_LOGGING |
Accepted values | Boolean |
Options | true or false |
Default | false |
Supported in | CE, Enterprise Edition |
Enable Remote Schema Permissions
Enable RBAC for Remote Schemas
Flag | --enable-remote-schema-permissions <true-or-false> |
Env var | HASURA_GRAPHQL_ENABLE_REMOTE_SCHEMA_PERMISSIONS |
Accepted values | Boolean |
Options | true or false |
Default | false |
Supported in | CE, Enterprise Edition, Cloud |
Enable Telemetry
Setting this enables or disables anonymous telemetry.
Flag | --enable-telemetry <true-or-false> |
Env var | HASURA_GRAPHQL_ENABLE_TELEMETRY |
Accepted values | Boolean |
Options | true or false |
Default | true |
Supported in | CE, Enterprise Edition |
Enabled APIs
List of APIs to be enabled on a Hasura GraphQL Engine instance.
Flag | --enabled-apis <APIS> |
Env var | HASURA_GRAPHQL_ENABLED_APIS |
Accepted values | String (Comma-separated) |
Options | metadata , graphql , pgdump , config , metrics |
Default | metadata, graphql, pgdump, config |
Supported in | CE, Enterprise Edition, Cloud |
Enabled Log Types
The options below represent log types on the Community Edition. Enterprise-specific log types - and descriptions of all log types — can be found here.
Flag | --enabled-log-types <LOG_TYPES> |
Env var | HASURA_GRAPHQL_ENABLED_LOG_TYPES |
Accepted values | String (Comma-separated) |
Options | startup , http-log , webhook-log , websocket-log , query-log , execution-log , livequery-poller-log , action-handler-log , data-connector-log , jwk-refresh-log , validate-input-log |
Default | startup, http-log, webhook-log, websocket-log , jwk-refresh-log |
Supported in | CE, Enterprise Edition |
Events HTTP Pool Size
Maximum number of concurrent HTTP workers for event delivery.
Flag | --events-http-pool-size <SIZE> |
Env var | HASURA_GRAPHQL_EVENTS_HTTP_POOL_SIZE |
Accepted values | Integer |
Default | 100 |
Supported in | CE, Enterprise Edition, Cloud |
Events Fetch Batch Size
The maximum number of events to be fetched from the DB in a single batch.
Flag | --events-fetch-batch-size <BATCH_SIZE> |
Env var | HASURA_GRAPHQL_EVENTS_FETCH_BATCH_SIZE |
Accepted values | Integer |
Default | 100 |
Supported in | CE, Enterprise Edition, Cloud |
Events Fetch Interval
The interval, in milliseconds, to sleep before trying to fetch events again after a fetch returned no events from Postgres.
Flag | --events-fetch-interval <INTERVAL_IN_MS> |
Env var | HASURA_GRAPHQL_EVENTS_FETCH_INTERVAL |
Accepted values | Integer |
Default | null |
Supported in | CE, Enterprise Edition |
Experimental Features
List of experimental features to be enabled.
Flag | --experimental-features <FEATURES> |
Env var | HASURA_GRAPHQL_EXPERIMENTAL_FEATURES |
Accepted values | String (Comma-separated list) |
Options | inherited_roles , optimize_permission_filters , naming_convention , streaming_subscriptions , apollo_federation , hide_update_many_fields , bigquery_string_numeric_input , hide_aggregation_predicates , hide_stream_fields , disable_postgres_arrays , remove_empty_subscription_responses , no_null_unbound_variable_default |
Default | null |
Supported in | CE, Enterprise Edition, Cloud |
Header Size Limit
Sets the maximum cumulative length of all headers in bytes.
Flag | --max-total-header-length |
Env var | HASURA_GRAPHQL_MAX_TOTAL_HEADER_LENGTH |
Accepted values | Integer |
Default | 1024*1024 (1MB) |
Supported in | CE, Enterprise Edition |
Graceful Shutdown Timeout
The timeout, expressed in seconds, to wait for in-flight events (such as Event Triggers and Scheduled Triggers) and async actions to complete before the server shuts down completely. If the in-flight events are not completed within the timeout, those events are marked as pending.
Flag | --graceful-shutdown-timeout <TIMEOUT_IN_SECONDS> |
Env var | HASURA_GRAPHQL_GRACEFUL_SHUTDOWN_TIMEOUT |
Accepted values | Integer (Representing an interval measured in seconds) |
Default | 60 |
Supported in | CE, Enterprise Edition |
Infer Function Permissions
When this is set to false
, a function f
, stable, immutable or volatile is only exposed for a role r
if there is a
permission defined on the function f
for the role r
, creating a function permission will only be allowed if there is
a select permission on the table type.
When this is set to true
or is omitted, the permission of the function is inferred from the select permissions from
the target table of the function, only for stable or immutable functions. Volatile functions are not exposed to any of
the roles in this case. See the
permissions for custom functions docs for more
details.
Flag | --infer-function-permissions <true-or-false> |
Env var | HASURA_GRAPHQL_INFER_FUNCTION_PERMISSIONS |
Accepted values | Boolean |
Options | true or false |
Default | true |
Supported in | CE, Enterprise Edition, Cloud |
JWT Secret
The JWT Secret variable is set equal to a JSON string containing a type
property set equal to the method of encryption
and the JWK (key
) used for verifying a JWT. See the JWT docs for more details.
Flag | --jwt-secret <JSON_CONFIG> |
Env var | HASURA_GRAPHQL_JWT_SECRET |
Accepted values | JSON |
Example | {"type": "HS256", "key": "3bd561c37d214b4496d09049fadc542c"} |
Default | null |
Supported in | CE, Enterprise Edition, Cloud |
Having an admin secret set is mandatory for setting this value.
JWT Secrets
List of JWT secrets to authenticate with different JWT issuers.
Flag | --jwt-secrets <SECRETS> |
Env var | HASURA_GRAPHQL_JWT_SECRETS |
Accepted values | JSON array of objects (containing type and the JWK used for verification) |
Default | null |
Example | [{\"type\": \"HS256\", \"key\": \"<your-hmac-shared-secret>\", \"claims_namespace\": \"<optional-custom-claims-key-name>\"}, {\"type\": \"RS256\", \"issuer\": \"my-issuer\", \"key\": \"<your-PEM-RSA-public-key>\", \"claims_namespace\": \"<optional-custom-claims-key-name>\"}] |
Supported in | Enterprise Edition, Cloud |
If both JWT Secret and JWT Secrets are set, then JWT Secrets will be used.
Live Queries Multiplexed Refetch Interval
When utilizing live queries, updated results - if any - will be sent, at most, once during this interval - measured in milliseconds - for any live queries which can be multiplexed.
Flag | --live-queries-multiplexed-refetch-interval <INTERVAL_IN_MS> |
Env var | HASURA_GRAPHQL_LIVE_QUERIES_MULTIPLEXED_REFETCH_INTERVAL |
Accepted values | Integer (Representing an interval measured in milliseconds) |
Default | 1000 |
Supported in | CE, Enterprise Edition, Cloud |
Log Level
This variable sets the level for Hasura's logs.
Flag | --log-level <LEVEL> |
Env var | HASURA_GRAPHQL_LOG_LEVEL |
Accepted values | String |
Options | debug , info , warn , error |
Default | info |
Supported in | CE, Enterprise Edition Cloud: can only be set to info |
Max Cache Size
The maximum cache size, measured in MB, for queries.
Flag | --max-cache-size <SIZE_IN_MB> |
Env var | HASURA_GRAPHQL_MAX_CACHE_SIZE |
Accepted values | Integer (Representing cache size measured in MB) |
Default | 1 |
Supported in | Enterprise Edition, Cloud: Professional tier is set to 100 MB as the default |
Metadata Database Extension Schema
The schema in which Hasura can install extensions in the Metadata database.
Flag | --metadata-database-extensions-schema <SCHEMA_NAME> |
Env var | HASURA_GRAPHQL_METADATA_DATABASE_EXTENSIONS_SCHEMA |
Accepted values | String |
Default | public |
Supported in | CE, Enterprise Edition |
Multiplexed Batch Size
Multiplexed live queries are split into batches of the specified size.
Flag | --live-queries-multiplexed-batch-size <BATCH_SIZE> |
Env var | HASURA_GRAPHQL_LIVE_QUERIES_MULTIPLEXED_BATCH_SIZE |
Accepted values | Integer |
Default | 100 |
Supported in | CE, Enterprise Edition, Cloud |
Null in Non-nullable Variables
GraphQL query validation is fixed in v2.36.0-beta.1
,
where queries that assigned a null
value to variables with non-nullable type were allowed.
Example:
query ($user_id: Int!) {
users(where: { id: { _eq: $user_id } }) {
id
name
}
}
variables
{
"user_id": null
}
To rollback to the old behavior, i.e., allow null
value for non-nullable variables, use this option.
Flag | --null-in-nonnullable-variables <true-or-false> |
Env var | HASURA_GRAPHQL_BACKWARDS_COMPAT_NULL_IN_NONNULLABLE_VARIABLES |
Accepted values | Boolean |
Options | true or false |
Default | false |
Supported in | CE, Enterprise Edition, Cloud - from v2.36.0-beta.1 |
Number of Retries
Deprecated in versions > v2.0.0
: see details.
The number of retries if a Postgres connection error occurs.
Flag | --retries <NO_OF_RETRIES> |
Env var | HASURA_GRAPHQL_NO_OF_RETRIES |
Accepted values | Integer |
Default | 1 |
Supported in | Deprecated in versions > v2.0.0 |
Number of Stripes
Deprecated in versions > v2.0.0
: see details.
The number of stripes (distinct sub-pools) to maintain with Postgres. New connections will be taken from a particular stripe pseudo-randomly.
Flag | -s, --stripes <NO_OF_STRIPES> |
Env var | HASURA_GRAPHQL_PG_STRIPES |
Accepted values | Integer |
Default | 1 |
Supported in | CE, Enterprise Edition |
PG Connections
Deprecated in versions > v2.0.0
: see details.
The maximum number of Postgres connections that can be opened per stripe. When the maximum is reached we will block connections until a new connection becomes available, even if there is capacity in other stripes.
Flag | -c, --connections <NO_OF_CONNS> |
Env var | HASURA_GRAPHQL_PG_CONNECTIONS |
Accepted values | Integer |
Default | 50 |
Supported in | Deprecated in versions > v2.0.0 |
PG Connection Lifetime
Deprecated in versions > v2.0.0
: see details.
Time from connection creation, in seconds, after which the connection should be destroyed and a new one created. A
value of 0
indicates Hasura should never destroy an active connection. If 0
is passed, memory from large query
results may not be reclaimed.
Flag | --conn-lifetime <TIME_IN_SECONDS> |
Env var | HASURA_GRAPHQL_PG_CONN_LIFETIME |
Accepted values | Integer (Representing an interval measured in seconds) |
Default | 600 |
Supported in | Deprecated in versions > v2.0.0 |
Pool Timeout
Deprecated in versions > v2.0.0
: see details.
Pool Timeout determines, in seconds, how long to wait when acquiring a Postgres connection.
Flag | --pool-timeout <TIME_IN_SECONDS> |
Env var | HASURA_GRAPHQL_POOL_TIMEOUT |
Accepted values | Integer (Representing an interval measured in seconds) |
Default | Forever |
Supported in | Deprecated in versions > v2.0.0 |
Postgres SSL Certificate Path
The path for storage of Postgres SSL certificates when set via environment variable reference.
Flag | --pg-ssl-certificate-path <DIRECTORY> |
Env var | HASURA_GRAPHQL_PG_SSL_CERTIFICATE_PATH |
Accepted values | String (Representing a file path) |
Default | null |
Supported in | Enterprise Edition only |
Postgres Timeout
Deprecated in versions > v2.0.0
: see details.
Each connection's idle time, measured in seconds, before it's closed.
Flag | --timeout <TIME_IN_SECONDS> |
Env var | HASURA_GRAPHQL_PG_TIMEOUT |
Accepted values | Integer (Representing an interval measured in seconds) |
Default | 180 |
Supported in | Deprecated in versions > v2.0.0 |
Query Plan Cache Size
Deprecated in versions > v2.0.0
: see details.
The maximum number of query plans that can be cached, where 0
disables the cache.
Flag | --query-plan-cache-size <SIZE> |
Env var | HASURA_GRAPHQL_QUERY_PLAN_CACHE_SIZE |
Accepted values | Integer |
Default | 4000 |
Options | 0 -65535 |
Supported in | Deprecated in versions > v2.0.0 |
Rate-Limit Redis TLS Hostname
The hostname to use for SNI when connecting to a rate-limiting Redis instance over TLS.
Flag | --rate-limit-redis-tls-hostname <HOSTNAME> |
Env var | HASURA_GRAPHQL_RATE_LIMIT_REDIS_TLS_HOSTNAME |
Accepted values | String |
Default | null |
Supported in | Enterprise Edition only |
Rate-Limit Redis URL
The Redis URL to use for rate limiting.
Flag | --rate-limit-redis-url <URL> |
Env var | HASURA_GRAPHQL_RATE_LIMIT_REDIS_URL |
Accepted values | String |
Example | redis://username:password@host:port/db |
Default | null |
Supported in | Enterprise Edition only |
Rate-Limit Redis Use TLS
Whether to use TLS to connect to a caching Redis instance.
Flag | --rate-limit-redis-use-tls <true-or-false> |
Env var | HASURA_GRAPHQL_RATE_LIMIT_REDIS_USE_TLS |
Accepted values | Boolean |
Options | true or false |
Default | false |
Supported in | Enterprise Edition only |
Read Replica URL
The URL for a read replica of the database.
Deprecated in versions > v2.0.0
: see details.
Flag | --read-replica-url <READ_REPLICA_URL> |
Env var | HASURA_GRAPHQL_READ_REPLICA_URL |
Accepted values | String |
Default | null |
Supported in | Deprecated in versions > v2.0.0 |
Redis Timeout
The timeout for redis queries while serving requests. The timeout is in seconds.
Flag | N/A |
Env var | HASURA_GRAPHQL_REDIS_TIMEOUT |
Accepted values | Integer (Representing an interval in seconds) |
Default | null (No timeout) |
Supported in | Enterprise Edition only |
Redis TLS Hostname
The hostname to use for SNI when connecting to a caching Redis instance over TLS.
Flag | --redis-tls-hostname <HOSTNAME> |
Env var | HASURA_GRAPHQL_REDIS_TLS_HOSTNAME |
Accepted values | String |
Default | null |
Supported in | Enterprise Edition only |
Redis TLS Shared CA Store Path
The path to a shared CA store to use to connect to both (caching and rate-limiting) Redis URLs over TLS.
Flag | --redis-tls-shared-ca-store-path <PATH_TO_SHARED_CA_STORE> |
Env var | HASURA_GRAPHQL_REDIS_TLS_SHARED_CA_STORE_PATH |
Accepted values | String |
Default | null |
Supported in | Enterprise Edition only |
Redis URL
The Redis URL to use for query caching and Webhook Auth Caching.
Flag | --redis-url <URL> |
Env var | HASURA_GRAPHQL_REDIS_URL |
Accepted values | String |
Default | null |
Example | redis://username:password@host:port/db |
Supported in | Enterprise Edition only |
Remote Schema prioritize data
Setting this will prioritize data
or errors
if both fields are present in the Remote Schema response.
Flag | --remote-schema-prioritize-data |
Env var | HASURA_GRAPHQL_REMOTE_SCHEMA_PRIORITIZE_DATA |
Accepted values | Boolean |
Options | true or false |
Default | false |
Supported in | CE, Enterprise Edition, Cloud |
Schema Sync Poll Interval
The interval, in milliseconds, to poll Metadata storage for updates. To disable, set this value to 0
.
Flag | --schema-sync-poll-interval <INTERVAL_IN_MS> |
Env var | HASURA_GRAPHQL_SCHEMA_SYNC_POLL_INTERVAL |
Accepted values | Integer (Representing an interval in milliseconds) |
Default | 1000 |
Supported in | CE, Enterprise Edition |
Server Host
The host on which graphql-engine
will listen. The default is *
.
Flag | --server-host <HOST> |
Env var | HASURA_GRAPHQL_SERVER_HOST |
Accepted values | String |
Default | CE, Enterprise Edition: * Cloud: managed by Hasura Cloud |
Supported in | CE, Enterprise Edition |
Server Port
The port on which graphql-engine
should be served.
Flag | --server-port <PORT> |
Env var | HASURA_GRAPHQL_SERVER_PORT |
Accepted values | Integer |
Default | CE, Enterprise Edition: 8080 Cloud: managed by Hasura Cloud |
Supported in | CE, Enterprise Edition |
Single Sign-on Providers
List of third-party identity providers to enable Single Sign-on authentication for the console.
Flag | --sso-providers <JSON_CONFIG> |
Env var | HASURA_GRAPHQL_SSO_PROVIDERS |
Accepted values | JSON array of objects (containing identity provider configs and the JWK used for verification) |
Default | null |
Example | [{\"client_id\": \"<client-id-from-idp>\", \"name\": \"<display-name>\", \"scope\": \"openid\", \"authorization_url\": \"<login-url>\", \"request_token_url\": \"<request-token-url>\", \"admin_roles\": [\"admin\"], \"jwt_secret\": {\"type\": \"RS256\", \"jwk_url\": \"https://...\", \"issuer\": \"myapp\"}}] |
Supported in | Enterprise Edition |
Skip Arguments with null
Values for Remote Schema
Skip arguments with null
values while resolving fields from Remote Schemas. For instance:
query RemoteQuery {
users(type:null) {
id
...
}
}
is forwarded as:
query RemoteQuery {
users {
id
...
}
}
Flag | --remote-schema-skip-nulls |
Env var | HASURA_GRAPHQL_REMOTE_SCHEMA_SKIP_NULLS |
Accepted values | Boolean |
Options | true or false |
Default | false |
Supported in | CE, Enterprise Edition, Cloud |
Streaming Queries Multiplexed Batch Size
Multiplexed streaming queries are split into batches of the specified size.
Flag | --streaming-queries-multiplexed-batch-size <SIZE> |
Env var | HASURA_GRAPHQL_STREAMING_QUERIES_MULTIPLEXED_BATCH_SIZE |
Accepted values | Integer |
Default | 100 |
Supported in | CE, Enterprise Edition |
Streaming Queries Multiplexed Refetch Interval
For streaming queries which can be multiplexed, updated results - if any - will be sent, at most, once during this interval.
Flag | --streaming-queries-multiplexed-refetch-interval <INTERVAL_IN_MS> |
Env var | HASURA_GRAPHQL_STREAMING_QUERIES_MULTIPLEXED_REFETCH_INTERVAL |
Accepted values | Integer (Representing an interval in milliseconds) |
Default | 1000 |
Supported in | CE, Enterprise Edition |
Stringify Numeric Types
Stringify certain Postgres numeric types, specifically bigint
,numeric
,decimal
and double precision
as they don't fit into the IEEE-754
spec for JSON encoding-decoding.
Flag | --stringify-numeric-types |
Env var | HASURA_GRAPHQL_STRINGIFY_NUMERIC_TYPES |
Accepted values | Boolean |
Options | true or false |
Default | false |
Supported in | CE, Enterprise Edition, Cloud |
Stripes per Read Replica
Deprecated in versions > v2.0.0
: see details.
The number of stripes (connection pools) to maintain per read replica.
Flag | --stripes-per-read-replica <NUMBER> |
Env var | HASURA_GRAPHQL_STRIPES_PER_READ_REPLICA |
Accepted values | Integer |
Default | null |
Supported in | Deprecated in versions > v2.0.0 |
Transaction Isolation
Deprecated in versions > v2.0.0
: see details.
This sets transaction isolation.
Flag | -i, --tx-iso <TXISO> |
Env var | HASURA_GRAPHQL_TX_ISOLATION |
Accepted values | String |
Options | read-committed , repeatable-read , serializable |
Default | read-committed |
Supported in | Deprecated in versions > v2.0.0 |
Trace SQL and GraphQL Queries
Add SQL and GraphQL queries to the OTLP traces.
Flag | --trace-sql-query |
Env var | HASURA_GRAPHQL_ENABLE_QUERY_TRACING |
Accepted values | Boolean |
Options | true or false |
Default | false |
Supported in | Enterprise Edition, Cloud |
Unauthorized Role
This identifies an unauthorized role, used when the
x-hasura-admin-key
is not sent or the Authorization
header is absent in JWT mode.
Flag | --unauthorized-role <ROLE> |
Env var | HASURA_GRAPHQL_UNAUTHORIZED_ROLE |
Accepted values | String |
Example | Setting this value to anonymous , whenever the Authorization header is absent, the request's role will default to anonymous . |
Default | null |
Supported in | CE, Enterprise Edition, Cloud |
Use Prepared Statements
Deprecated in versions > v2.0.0
: see details.
Whether to use prepared statements for queries.
Flag | --use-prepared-statements <true-or-false> |
Env var | HASURA_GRAPHQL_USE_PREPARED_STATEMENTS |
Accepted values | Boolean |
Options | true or false |
Default | true |
Supported in | Deprecated in versions > v2.0.0 |
v1 Boolean Null Collapse
Evaluate null
values in where
input object to True
instead of error
. Learn more in our
upgrade guide.
Flag | --v1-boolean-null-collapse <true-or-false> |
Env var | HASURA_GRAPHQL_V1_BOOLEAN_NULL_COLLAPSE |
Accepted values | Boolean |
Options | true or false |
Default | false |
Supported in | CE, Enterprise Edition, Cloud |
Websocket Compression
Enable WebSocket permessage-deflate
compression.
Flag | --websocket-compression <true-or-false> |
Env var | HASURA_GRAPHQL_CONNECTION_COMPRESSION |
Accepted values | Boolean |
Options | true or false |
Default | false |
Supported in | CE, Enterprise Edition |
Websocket Connection Init Timeout
Used to set the connection initialization timeout for graphql-ws
clients. This is ignored for
subscription-transport-ws
(Apollo) clients.
Flag | --websocket-connection-init-timeout <TIMEOUT_IN_SECONDS> |
Env var | HASURA_GRAPHQL_WEBSOCKET_CONNECTION_INIT_TIMEOUT |
Accepted values | Integer (Representing a timeout in milliseconds) |
Default | 3 |
Supported in | CE, Enterprise Edition |
Websocket Keepalive
Used to set the Keep Alive
delay for clients that use the subscription-transport-ws
(Apollo) protocol. For
graphql-ws
clients, the graphql-engine
sends PING
messages instead.
Flag | --websocket-keepalive <TIME_IN_SECONDS> |
Env var | HASURA_GRAPHQL_WEBSOCKET_KEEPALIVE |
Accepted values | Integer (Representing a delay in seconds) |
Default | 5 |
Supported in | CE, Enterprise Edition |
WS Read Cookie
Read cookie on WebSocket initial handshake even when CORS is disabled. This can be a potential security flaw! This configuration is only applicable when CORS is disabled.
Flag | --ws-read-cookie <true-or-false> |
Env var | HASURA_GRAPHQL_WS_READ_COOKIE |
Accepted values | Boolean |
Default | false |
Options | true or false |
Supported in | CE, Enterprise Edition |