GraphQL Engine Server Configuration Reference
Introduction
This page details which flags and environment variables are available to customize a Hasura GraphQL Engine instance. For details on how to implement flags or environment variables, check out this page.
GraphQL Engine command flags and environment variables
For the graphql-engine command, these are the
available flags and environment variables:
Database URL
This connection string can be used to connect Hasura to a PostgreSQL data source which Hasura will automatically add to the list of connected data sources.
| Flag | --database-url <DB_URL> |
| Env var | HASURA_GRAPHQL_DATABASE_URL |
| Accepted values | String (PostgreSQL DB connection string) |
| Example | postgres://<user>:<password>@<host>:<port>/<db-name> |
| Default | null |
| Supported in | CE, Enterprise Edition |
This config option is supported to maintain backwards compatibility with v1.x Hasura instances. In versions v2.0 and
above, databases can be connected using any custom environment variables of your choice.
Metadata Database URL
This Postgres database URL is used to store Hasura's Metadata. By default, the database configured using
HASURA_GRAPHQL_DATABASE_URL / --database_url will be used to store the Metadata.
| Flag | --metadata-database-url <METADATA_DATABASE_URL> |
| Env var | HASURA_GRAPHQL_METADATA_DATABASE_URL |
| Accepted values | String (PostgreSQL DB connection string) |
| Example | postgres://<user>:<password>@<host>:<port>/<db-name> |
| Default | CE, Enterprise Edition: null Cloud: managed by Hasura Cloud |
| Supported in | CE, Enterprise Edition |
Either one of the Metadata Database URL or the Database URL needs to be provided for Hasura to start.
Serve sub-command flags and environment variables
For the serve sub-command, these are the available
flags and environment variables:
When the equivalent flags for environment variables are used, the flags will take precedence.
Admin Internal Errors
Internal information is included in an error response for requests made by an admin.
| Flag | --admin-internal-errors <true-or-false> |
| Env var | HASURA_GRAPHQL_ADMIN_INTERNAL_ERRORS |
| Accepted values | Boolean |
| Options | true or false |
| Default | true |
| Supported in | CE, Enterprise Edition, Cloud |
Admin Secret Key
A secret key required to access the Hasura instance.
| Flag | --admin-secret <ADMIN_SECRET_KEY> |
| Env var | HASURA_GRAPHQL_ADMIN_SECRET |
| Accepted values | String |
| Default | CE, Enterprise Edition: null Cloud: generated by default |
| Supported in | CE, Enterprise Edition, Cloud |
When you use webhook or JWT mode for authentication, setting this value is mandatory.
Admin Secrets
A list of valid admin secret keys any one of which can be used to access the Hasura instance.
| Flag | --admin-secrets <SECRETS> |
| Env var | HASURA_GRAPHQL_ADMIN_SECRETS |
| Accepted values | Array (of strings) |
| Default | null |
| Example | '["secret1", "secret2"]' |
| Supported in | Enterprise Edition only |
If both Admin Secret and Admin Secrets are set, then only Admin Secrets will be used.
Async Actions Fetch Interval
The interval, in milliseconds, to sleep before trying to fetch async actions again after a
fetch returned no async actions from metadata storage. A value of 0 implies completely disabling fetching async
actions from the storage.
| Flag | --async-actions-fetch-interval <INTERVAL_IN_MS> |
| Env var | HASURA_GRAPHQL_ASYNC_ACTIONS_FETCH_INTERVAL |
| Accepted values | Integer (Representing an interval in milliseconds) |
| Default | null |
| Supported in | CE, Enterprise Edition, Cloud |
Auth Hook
The URL required to authorize requests when utilizing authentication webhooks.
| Flag | --auth-hook <WEBHOOK_URL> |
| Env var | HASURA_GRAPHQL_AUTH_HOOK |
| Accepted values | String (URL) |
| Default | null |
| Supported in | CE, Enterprise Edition, Cloud |
Having an admin secret set is mandatory for setting this value.
Auth Hook Mode
If you're using a webhook for authentication, The HTTP method used by Hasura to make requests.
| Flag | --auth-hook-mode <GET-or-POST> |
| Env var | HASURA_GRAPHQL_AUTH_HOOK_MODE |
| Accepted values | String (HTTP method) |
| Options | GET or POST |
| Default | GET |
| Supported in | CE, Enterprise Edition, Cloud |
Send Request Body to Auth Hook
Whether or not to send the request body (graphql request/variables) to the auth hook in POST mode.
| Flag | --auth-hook-send-request-body <true-or-false> |
| Env var | HASURA_GRAPHQL_AUTH_HOOK_SEND_REQUEST_BODY |
| Accepted values | Boolean |
| Options | true or false |
| Default | true |
| Supported in | CE, Enterprise Edition, Cloud |
BigQuery String Numeric Input
Stringify certain
BigQuery numeric types,
specifically bignumeric, float64, int64, numeric and aliases thereof, as they don't fit into the IEnterprise EditionE 754 spec
for JSON encoding-decoding.
| Flag | --bigquery_string_numeric_input |
| Env var | HASURA_GRAPHQL_BIGQUERY_STRING_NUMERIC_INPUT |
| Accepted values | Boolean |
| Options | true or false |
| Default | false |
| Supported in | CE, Enterprise Edition |
Connections per Read-Replica
The maximum number of Postgres connections per read-replica that can be opened per stripe. When the maximum is reached we will block until a new connection becomes available, even if there is capacity in other stripes.
| Flag | --connections-per-read-replica <NO_OF_CONNS_PER_READ_REPLICA> |
| Env var | HASURA_GRAPHQL_CONNECTIONS_PER_READ_REPLICA |
| Accepted values | Integer |
| Default | 50 |
| Supported in | Enterprise Edition only |
Console Assets Directory
By default, Console assets are loaded from a CDN. For the Console to
load assets from the server itself
instead of the CDN, set the value to /srv/console-assets.
| Flag | --console-assets-dir <PATH_TO_ASSETS> |
| Env var | HASURA_GRAPHQL_CONSOLE_ASSETS_DIR |
| Accepted values | String |
| Options | "/srv/console-assets" |
| Default | null |
| Supported in | CE, Enterprise Edition |
CORS Domain
List of domains, including scheme (http/https) and port, to allow for CORS. Wildcard domains are allowed. Setting an empty value will block requests from all other domains.
| Flag | --cors-domain <DOMAINS> |
| Env var | HASURA_GRAPHQL_CORS_DOMAIN |
| Accepted values | String (comma separated list of domains) |
| Default | CE, Enterprise Edition: null Cloud: * |
| Example | "https://*.foo.bar.com:8080, http://*.localhost, http://localhost:3000, http://example.com" |
| Supported in | CE, Enterprise Edition, Cloud |
Because the Console on Hasura Cloud runs on the 'cloud.hasura.io' domain, Hasura Cloud automatically adds it as an allowed CORS domain. Setting an empty value will block requests from all other domains.
Dev Mode
Sets dev mode for GraphQL requests, i.e. in case of
errors, includes an internal key in the errors extensions of the response.
| Flag | --dev-mode |
| Env var | HASURA_GRAPHQL_DEV_MODE |
| Accepted values | Boolean |
| Options | true or false |
| Default | false |
| Supported in | CE, Enterprise Edition, Cloud |
Default Naming Convention
Used to set the default naming convention for all sources.
| Flag | N/A |
| Env var | HASURA_GRAPHQL_DEFAULT_NAMING_CONVENTION |
| Accepted values | String |
| Options | hasura-default or graphql-default |
| Default | hasura-default |
| Supported in | CE, Enterprise Edition, Cloud |
Disable CORS
Disables CORS. Hasura will not send any CORS headers on any request.
| Flag | --disable-cors |
| Env var | HASURA_GRAPHQL_DISABLE_CORS |
| Accepted values | Boolean |
| Options | true or false |
| Default | false |
| Supported in | CE, Enterprise Edition |
Enable Allow List
Restrict requests allowed to be executed by the GraphQL Engine to those that are part of the configured Allow List.
| Flag | --enable-allowlist <true-or-false> |
| Env var | HASURA_GRAPHQL_ENABLE_ALLOWLIST |
| Accepted values | Boolean |
| Options | true or false |
| Default | false |
| Supported in | CE, Enterprise Edition, Cloud |
Enable Apollo Federation
Enables the Apollo Federation feature. This allows Hasura to be connected as a subgraph in an Apollo supergraph.
| Flag | --enable-apollo-federation |
| Env var | HASURA_GRAPHQL_ENABLE_APOLLO_FEDERATION |
| Accepted values | Boolean |
| Options | true or false |
| Default | false |
| Supported in | CE, Enterprise Edition, Cloud |
Enable Console
Enable the Hasura Console (served by the server on / and /console).
| Flag | --enable-console <true-or-false> |
| Env var | HASURA_GRAPHQL_ENABLE_CONSOLE |
| Accepted values | Boolean |
| Options | true or false |
| Default | CE, Enterprise Edition: false Cloud: Console is always enabled |
| Supported in | CE, Enterprise Edition |
Enable High-cardinality Labels for Metrics
Enable high-cardinality labels for Prometheus Metrics. Enabling this setting will add more labels to
some of the metrics (e.g. operation_name label for Graphql subscription metrics).
| Flag | N/A |
| Env var | HASURA_GRAPHQL_METRICS_ENABLE_HIGH_CARDINALITY_LABELS |
| Accepted values | Boolean |
| Options | true or false |
| Default | true |
| Supported in | Enterprise Edition |
Enable Log Compression
Enable sending compressed logs to metrics server.
| Flag | --enable-log-compression <true-or-false> |
| Env var | HASURA_GRAPHQL_ENABLE_LOG_COMPRESSION |
| Accepted values | Boolean |
| Options | true or false |
| Default | false |
| Supported in | Enterprise Edition |
Enable Maintenance Mode
Enabling maintenance mode disables updating of Metadata on the server.
| Flag | --enable-maintenance-mode <true-or-false> |
| Env var | HASURA_GRAPHQL_ENABLE_MAINTENANCE_MODE |
| Accepted values | Boolean |
| Options | true or false |
| Default | false |
| Supported in | CE, Enterprise Edition, Cloud |
Enable Metadata Query Logging
Enabling this setting includes the query field in http-logs for Metadata
queries.
| Flag | --enable-metadata-query-logging <true-or-false> |
| Env var | HASURA_GRAPHQL_ENABLE_METADATA_QUERY_LOGGING |
| Accepted values | Boolean |
| Options | true or false |
| Default | false |
| Supported in | CE, Enterprise Edition |
Enable Remote Schema Permissions
Enable RBAC for Remote Schemas
| Flag | --enable-remote-schema-permissions <true-or-false> |
| Env var | HASURA_GRAPHQL_ENABLE_REMOTE_SCHEMA_PERMISSIONS |
| Accepted values | Boolean |
| Options | true or false |
| Default | false |
| Supported in | CE, Enterprise Edition, Cloud |
Enable Telemetry
Setting this enables or disables anonymous telemetry.
| Flag | --enable-telemetry <true-or-false> |
| Env var | HASURA_GRAPHQL_ENABLE_TELEMETRY |
| Accepted values | Boolean |
| Options | true or false |
| Default | true |
| Supported in | CE, Enterprise Edition |
Enabled APIs
List of APIs to be enabled on a Hasura GraphQL Engine instance.
| Flag | --enabled-apis <APIS> |
| Env var | HASURA_GRAPHQL_ENABLED_APIS |
| Accepted values | String (Comma-separated) |
| Options | metadata, graphql, pgdump, config, metrics |
| Default | metadata, graphql, pgdump, config |
| Supported in | CE, Enterprise Edition, Cloud |
Enabled Log Types
List of log types to enable.
| Flag | --enabled-log-types <LOG_TYPES> |
| Env var | HASURA_GRAPHQL_ENABLED_LOG_TYPES |
| Accepted values | String (Comma-separated) |
| Options | startup, http-log, webhook-log, websocket-log |
| Default | startup, http-log, webhook-log, websocket-log |
| Supported in | CE, Enterprise Edition |
Events HTTP Pool Size
Maximum number of concurrent HTTP workers for event delivery.
| Flag | --events-http-pool-size <SIZE> |
| Env var | HASURA_GRAPHQL_EVENTS_HTTP_POOL_SIZE |
| Accepted values | Integer |
| Default | 100 |
| Supported in | CE, Enterprise Edition, Cloud |
Events Fetch Batch Size
The maximum number of events to be fetched from the DB in a single batch.
| Flag | --events-fetch-batch-size <BATCH_SIZE> |
| Env var | HASURA_GRAPHQL_EVENTS_FETCH_BATCH_SIZE |
| Accepted values | Integer |
| Default | 100 |
| Supported in | CE, Enterprise Edition, Cloud |
Events Fetch Interval
The interval, in milliseconds, to sleep before trying to fetch events again after a fetch returned no events from Postgres.
| Flag | --events-fetch-interval <INTERVAL_IN_MS> |
| Env var | HASURA_GRAPHQL_EVENTS_FETCH_INTERVAL |
| Accepted values | Integer |
| Default | null |
| Supported in | CE, Enterprise Edition, Cloud |
Experimental Features
List of experimental features to be enabled.
| Flag | --experimental-features <FEATURES> |
| Env var | HASURA_GRAPHQL_EXPERIMENTAL_FEATURES |
| Accepted values | String (Comma-separated list) |
| Options | inherited_roles, optimise_permission_filters, naming_convention, streaming_subscriptions, apollo_federation, hide_update_many_fields, bigquery_string_numeric_input, hide_aggregation_predicates, hide_stream_fields |
| Default | null |
| Supported in | CE, Enterprise Edition, Cloud |
Graceful Shutdown Timeout
The timeout, expressed in seconds, to wait for in-flight events (such as Event Triggers and Scheduled Triggers) and async actions to complete before the server shuts down completely. If the in-flight events are not completed within the timeout, those events are marked as pending.
| Flag | --graceful-shutdown-timeout <TIMEOUT_IN_SECONDS> |
| Env var | HASURA_GRAPHQL_GRACEFUL_SHUTDOWN_TIMEOUT |
| Accepted values | Integer (Representing an interval measured in seconds) |
| Default | 60 |
| Supported in | CE, Enterprise Edition |
Infer Function Permissions
When this is set to false, a function f, stable, immutable or volatile is only exposed for a role r if there is a
permission defined on the function f for the role r, creating a function permission will only be allowed if there is
a select permission on the table type.
When this is set to true or is omitted, the permission of the function is inferred from the select permissions from
the target table of the function, only for stable or immutable functions. Volatile functions are not exposed to any of
the roles in this case. See the
permissions for custom functions docs for more
details.
| Flag | --infer-function-permissions <true-or-false> |
| Env var | HASURA_GRAPHQL_INFER_FUNCTION_PERMISSIONS |
| Accepted values | Boolean |
| Options | true or false |
| Default | true |
| Supported in | CE, Enterprise Edition, Cloud |
JWT Secret
The JWT Secret variable is set equal to a JSON string containing a type property set equal to the method of encryption
and the JWK (key) used for verifying a JWT. See the JWT docs for more details.
| Flag | --jwt-secret <JSON_CONFIG> |
| Env var | HASURA_GRAPHQL_JWT_SECRET |
| Accepted values | JSON |
| Example | {"type": "HS256", "key": "3bd561c37d214b4496d09049fadc542c"} |
| Default | null |
| Supported in | CE, Enterprise Edition, Cloud |
Having an admin secret set is mandatory for setting this value.
JWT Secrets
List of JWT secrets to authenticate with different JWT issuers.
| Flag | --jwt-secrets <SECRETS> |
| Env var | HASURA_GRAPHQL_JWT_SECRETS |
| Accepted values | JSON array of objects (containing type and the JWK used for verification) |
| Default | null |
| Example | [{\"type\": \"HS256\", \"key\": \"<your-hmac-shared-secret>\", \"claims_namespace\": \"<optional-custom-claims-key-name>\"}, {\"type\": \"RS256\", \"issuer\": \"my-issuer\", \"key\": \"<your-PEM-RSA-public-key>\", \"claims_namespace\": \"<optional-custom-claims-key-name>\"}] |
| Supported in | Enterprise Edition, Cloud |
If both JWT Secret and JWT Secrets are set, then JWT Secrets will be used.
Live Queries Multiplexed Refetch Interval
When utilizing live queries, updated results - if any - will be sent, at most, once during this interval - measured in milliseconds - for any live queries which can be multiplexed.
| Flag | --live-queries-multiplexed-refetch-interval <INTERVAL_IN_MS> |
| Env var | HASURA_GRAPHQL_LIVE_QUERIES_MULTIPLEXED_REFETCH_INTERVAL |
| Accepted values | Integer (Representing an interval measured in milliseconds) |
| Default | 1000 |
| Supported in | CE, Enterprise Edition, Cloud |
Log Level
This variable sets the level for Hasura's logs.
| Flag | --log-level <LEVEL> |
| Env var | HASURA_GRAPHQL_LOG_LEVEL |
| Accepted values | String |
| Options | debug, info, warn, error |
| Default | info |
| Supported in | CE, Enterprise Edition Cloud: can only be set to info |
Max Cache Size
The maximum cache size, measured in MB, for queries.
| Flag | --max-cache-size <SIZE_IN_MB> |
| Env var | HASURA_GRAPHQL_MAX_CACHE_SIZE |
| Accepted values | Integer (Representing cache size measured in MB) |
| Default | 1 |
| Supported in | Enterprise Edition, Cloud: Standard / Professional tier is set to 100 MB as the default |
Metadata Database Extension Schema
The schema in which Hasura can install extensions in the Metadata database.
| Flag | --metadata-database-extensions-schema <SCHEMA_NAME> |
| Env var | HASURA_GRAPHQL_METADATA_DATABASE_EXTENSIONS_SCHEMA |
| Accepted values | String |
| Default | public |
| Supported in | CE, Enterprise Edition |
Multiplexed Batch Size
Multiplexed live queries are split into batches of the specified size.
| Flag | --live-queries-multiplexed-batch-size <BATCH_SIZE> |
| Env var | HASURA_GRAPHQL_LIVE_QUERIES_MULTIPLEXED_BATCH_SIZE |
| Accepted values | Integer |
| Default | 100 |
| Supported in | CE, Enterprise Edition, Cloud |
Number of Retries
Deprecated in versions > v2.0.0: see details.
The number of retries if a Postgres connection error occurs.
| Flag | --retries <NO_OF_RETRIES> |
| Env var | HASURA_GRAPHQL_NO_OF_RETRIES |
| Accepted values | Integer |
| Default | 1 |
| Supported in | Deprecated in versions > v2.0.0 |
Number of Stripes
Deprecated in versions > v2.0.0: see details.
The number of stripes (distinct sub-pools) to maintain with Postgres. New connections will be taken from a particular stripe pseudo-randomly.
| Flag | -s, --stripes <NO_OF_STRIPES> |
| Env var | HASURA_GRAPHQL_PG_STRIPES |
| Accepted values | Integer |
| Default | 1 |
| Supported in | CE, Enterprise Edition |
PG Connections
Deprecated in versions > v2.0.0: see details.
The maximum number of Postgres connections that can be opened per stripe. When the maximum is reached we will block connections until a new connection becomes available, even if there is capacity in other stripes.
| Flag | -c, --connections <NO_OF_CONNS> |
| Env var | HASURA_GRAPHQL_PG_CONNECTIONS |
| Accepted values | Integer |
| Default | 50 |
| Supported in | Deprecated in versions > v2.0.0 |
PG Connection Lifetime
Deprecated in versions > v2.0.0: see details.
Time from connection creation, in seconds, after which the connection should be destroyed and a new one created. A
value of 0 indicates Hasura should never destroy an active connection. If 0 is passed, memory from large query
results may not be reclaimed.
| Flag | --conn-lifetime <TIME_IN_SECONDS> |
| Env var | HASURA_GRAPHQL_PG_CONN_LIFETIME |
| Accepted values | Integer (Representing an interval measured in seconds) |
| Default | 600 |
| Supported in | Deprecated in versions > v2.0.0 |
Pool Timeout
Deprecated in versions > v2.0.0: see details.
Pool Timeout determines, in seconds, how long to wait when acquiring a Postgres connection.
| Flag | --pool-timeout <TIME_IN_SECONDS> |
| Env var | HASURA_GRAPHQL_POOL_TIMEOUT |
| Accepted values | Integer (Representing an interval measured in seconds) |
| Default | Forever |
| Supported in | Deprecated in versions > v2.0.0 |
Postgres SSL Certificate Path
The path for storage of Postgres SSL certificates when set via environment variable reference.
| Flag | --pg-ssl-certificate-path <DIRECTORY> |
| Env var | HASURA_GRAPHQL_PG_SSL_CERTIFICATE_PATH |
| Accepted values | String (Representing a file path) |
| Default | null |
| Supported in | Enterprise Edition only |
Postgres Timeout
Deprecated in versions > v2.0.0: see details.
Each connection's idle time, measured in seconds, before it's closed.
| Flag | --timeout <TIME_IN_SECONDS> |
| Env var | HASURA_GRAPHQL_PG_TIMEOUT |
| Accepted values | Integer (Representing an interval measured in seconds) |
| Default | 180 |
| Supported in | Deprecated in versions > v2.0.0 |
Query Plan Cache Size
Deprecated in versions > v2.0.0: see details.
The maximum number of query plans that can be cached, where 0 disables the cache.
| Flag | --query-plan-cache-size <SIZE> |
| Env var | HASURA_GRAPHQL_QUERY_PLAN_CACHE_SIZE |
| Accepted values | Integer |
| Default | 4000 |
| Options | 0-65535 |
| Supported in | Deprecated in versions > v2.0.0 |
Rate-Limit Redis TLS Hostname
The hostname to use for SNI when connecting to a rate-limiting Redis instance over TLS.
| Flag | --rate-limit-redis-tls-hostname <HOSTNAME> |
| Env var | HASURA_GRAPHQL_RATE_LIMIT_REDIS_TLS_HOSTNAME |
| Accepted values | String |
| Default | null |
| Supported in | Enterprise Edition only |
Rate-Limit Redis URL
The Redis URL to use for rate limiting.
| Flag | --rate-limit-redis-url <URL> |
| Env var | HASURA_GRAPHQL_RATE_LIMIT_REDIS_URL |
| Accepted values | String |
| Example | redis://username:[email protected]:port/db |
| Default | null |
| Supported in | Enterprise Edition only |
Rate-Limit Redis Use TLS
Whether to use TLS to connect to a caching Redis instance.
| Flag | --rate-limit-redis-use-tls <true-or-false> |
| Env var | HASURA_GRAPHQL_RATE_LIMIT_REDIS_USE_TLS |
| Accepted values | Boolean |
| Options | true or false |
| Default | false |
| Supported in | Enterprise Edition only |
Read Replica URL
The URL for a read replica of the database.
Deprecated in versions > v2.0.0: see details.
| Flag | --read-replica-url <READ_REPLICA_URL> |
| Env var | HASURA_GRAPHQL_READ_REPLICA_URL |
| Accepted values | String |
| Default | null |
| Supported in | Deprecated in versions > v2.0.0 |
Redis TLS Hostname
The hostname to use for SNI when connecting to a caching Redis instance over TLS.
| Flag | --redis-tls-hostname <HOSTNAME> |
| Env var | HASURA_GRAPHQL_REDIS_TLS_HOSTNAME |
| Accepted values | String |
| Default | null |
| Supported in | Enterprise Edition only |
Redis TLS Shared CA Store Path
The path to a shared CA store to use to connect to both (caching and rate-limiting) Redis URLs over TLS.
| Flag | --redis-tls-shared-ca-store-path <PATH_TO_SHARED_CA_STORE> |
| Env var | HASURA_GRAPHQL_REDIS_TLS_SHARED_CA_STORE_PATH |
| Accepted values | String |
| Default | null |
| Supported in | Enterprise Edition only |
Redis URL
The Redis URL to use for query caching and Webhook Auth Caching.
| Flag | --redis-url <URL> |
| Env var | HASURA_GRAPHQL_REDIS_URL |
| Accepted values | String |
| Default | null |
| Example | redis://username:[email protected]:port/db |
| Supported in | Enterprise Edition only |
Schema Sync Poll Interval
The interval, in milliseconds, to poll Metadata storage for updates. To disable, set this value to 0.
| Flag | --schema-sync-poll-interval <INTERVAL_IN_MS> |
| Env var | HASURA_GRAPHQL_SCHEMA_SYNC_POLL_INTERVAL |
| Accepted values | Integer (Representing an interval in milliseconds) |
| Default | 1000 |
| Supported in | CE, Enterprise Edition |
Server Host
The host on which graphql-engine will listen. The default is *.
| Flag | --server-host <HOST> |
| Env var | HASURA_GRAPHQL_SERVER_HOST |
| Accepted values | String |
| Default | CE, Enterprise Edition: * Cloud: managed by Hasura Cloud |
| Supported in | CE, Enterprise Edition |
Server Port
The port on which graphql-engine should be served.
| Flag | --server-host <PORT> |
| Env var | HASURA_GRAPHQL_SERVER_PORT |
| Accepted values | Integer |
| Default | CE, Enterprise Edition: 8080 Cloud: managed by Hasura Cloud |
| Supported in | CE, Enterprise Edition |
Single Sign-on Providers
List of third-party identity providers to enable Single Sign-on authentication for the console.
| Flag | --sso-providers <JSON_CONFIG> |
| Env var | HASURA_GRAPHQL_SSO_PROVIDERS |
| Accepted values | JSON array of objects (containing identity provider configs and the JWK used for verification) |
| Default | null |
| Example | [{\"client_id\": \"<client-id-from-idp>\", \"name\": \"<display-name>\", \"scope\": \"openid\", \"authorization_url\": \"<login-url>\", \"request_token_url\": \"<request-token-url>\", \"admin_roles\": [\"admin\"], \"jwt_secret\": {\"type\": \"RS256\", \"jwk_url\": \"https://...\", \"issuer\": \"myapp\"}}] |
| Supported in | EE |
Streaming Queries Multiplexed Batch Size
Multiplexed streaming queries are split into batches of the specified size.
| Flag | --streaming-queries-multiplexed-batch-size <SIZE> |
| Env var | HASURA_GRAPHQL_STREAMING_QUERIES_MULTIPLEXED_BATCH_SIZE |
| Accepted values | Integer |
| Default | 100 |
| Supported in | CE, Enterprise Edition |
Streaming Queries Multiplexed Refetch Interval
For streaming queries which can be multiplexed, updated results - if any - will be sent, at most, once during this interval.
| Flag | --streaming-queries-multiplexed-refetch-interval <INTERVAL_IN_MS> |
| Env var | HASURA_GRAPHQL_STREAMING_QUERIES_MULTIPLEXED_REFETCH_INTERVAL |
| Accepted values | Integer (Representing an interval in milliseconds) |
| Default | 1000 |
| Supported in | CE, Enterprise Edition |
Stringify Numeric Types
Stringify certain Postgres numeric types, specifically bigint ,numeric
,decimal and double precision as they don't fit into the IEnterprise EditionE-754 spec for JSON encoding-decoding.
| Flag | --stringify-numeric-types |
| Env var | HASURA_GRAPHQL_STRINGIFY_NUMERIC_TYPES |
| Accepted values | Boolean |
| Options | true or false |
| Default | false |
| Supported in | CE, Enterprise Edition, Cloud |
Stripes per Read Replica
Deprecated in versions > v2.0.0: see details.
The number of stripes (connection pools) to maintain per read replica.
| Flag | --stripes-per-read-replica <NUMBER> |
| Env var | HASURA_GRAPHQL_STRIPES_PER_READ_REPLICA |
| Accepted values | Integer |
| Default | null |
| Supported in | Deprecated in versions > v2.0.0 |
Transaction Isolation
Deprecated in versions > v2.0.0: see details.
This sets transaction isolation.
| Flag | -i, --tx-iso <TXISO> |
| Env var | HASURA_GRAPHQL_TX_ISOLATION |
| Accepted values | String |
| Options | read-committed, repeatable-read, serializable |
| Default | read-committed |
| Supported in | Deprecated in versions > v2.0.0 |
Unauthorized Role
This identifies an unauthorized role, used when the
x-hasura-admin-key is not sent or the Authorization header is absent in JWT mode.
| Flag | --unauthorized-role <ROLE> |
| Env var | HASURA_GRAPHQL_UNAUTHORIZED_ROLE |
| Accepted values | String |
| Example | Setting this value to anonymous, whenever the Authorization header is absent, the request's role will default to anonymous. |
| Default | null |
| Supported in | CE, Enterprise Edition, Cloud |
Use Prepared Statements
Deprecated in versions > v2.0.0: see details.
Whether to use prepared statements for queries.
| Flag | --use-prepared-statements <true-or-false> |
| Env var | HASURA_GRAPHQL_USE_PREPARED_STATEMENTS |
| Accepted values | Boolean |
| Options | true or false |
| Default | true |
| Supported in | Deprecated in versions > v2.0.0 |
v1 Boolean Null Collapse
Evaluate null values in where input object to True instead of error. Learn more in our
upgrade guide.
| Flag | --v1-boolean-null-collapse <true-or-false> |
| Env var | HASURA_GRAPHQL_V1_BOOLEAN_NULL_COLLAPSE |
| Accepted values | Boolean |
| Options | true or false |
| Default | false |
| Supported in | CE, Enterprise Edition, Cloud |
Websocket Compression
Enable WebSocket permessage-deflate compression.
| Flag | --websocket-compression <true-or-false> |
| Env var | HASURA_GRAPHQL_CONNECTION_COMPRESSION |
| Accepted values | Boolean |
| Options | true or false |
| Default | false |
| Supported in | CE, Enterprise Edition |
Websocket Connection Init Timeout
Used to set the connection initialization timeout for graphql-ws clients. This is ignored for
subscription-transport-ws (Apollo) clients.
| Flag | --websocket-connection-init-timeout <TIMEOUT_IN_SECONDS> |
| Env var | HASURA_GRAPHQL_WEBSOCKET_CONNECTION_INIT_TIMEOUT |
| Accepted values | Integer (Representing a timeout in milliseconds) |
| Default | 3 |
| Supported in | CE, Enterprise Edition |
Websocket Keepalive
Used to set the Keep Alive delay for clients that use the subscription-transport-ws (Apollo) protocol. For
graphql-ws clients, the graphql-engine sends PING messages instead.
| Flag | --websocket-keepalive <TIME_IN_SECONDS> |
| Env var | HASURA_GRAPHQL_WEBSOCKET_KEnterprise EditionPALIVE |
| Accepted values | Integer (Representing a delay in seconds) |
| Default | 5 |
| Supported in | CE, Enterprise Edition |
WS Read Cookie
Read cookie on WebSocket initial handshake even when CORS is disabled. This can be a potential security flaw! This configuration is only applicable when CORS is disabled.
| Flag | --ws-read-cookie <true-or-false> |
| Env var | HASURA_GRAPHQL_WS_READ_COOKIE |
| Accepted values | Boolean |
| Default | false |
| Options | true or false |
| Supported in | CE, Enterprise Edition |
