Skip to main content
Version: v2.x

GraphQL Engine Server Configuration Reference

Introduction

This page details which flags and environment variables are available to customize a Hasura GraphQL Engine instance. For details on how to implement flags or environment variables, check out this page.

GraphQL Engine command flags and environment variables

For the graphql-engine command, these are the available flags and environment variables:

Database URL

This connection string can be used to connect Hasura to a PostgreSQL data source which Hasura will automatically add to the list of connected data sources.

Flag--database-url <DB_URL>
Env varHASURA_GRAPHQL_DATABASE_URL
Accepted valuesString (PostgreSQL DB connection string)
Examplepostgres://<user>:<password>@<host>:<port>/<db-name>
Defaultnull
Supported inCE, Enterprise Edition
Note

This config option is supported to maintain backwards compatibility with v1.x Hasura instances. In versions v2.0 and above, databases can be connected using any custom environment variables of your choice. Our docker-compose.yaml files in the install manifests reference PG_DATABASE_URL as the environment variable to use for connecting to a database, but this can be any plaintext value which does not start with HASURA_.

Metadata Database URL

This Postgres database URL is used to store Hasura's Metadata. This can also be a URI of the form dynamic-from-file:///path/to/file, where the referenced file contains a postgres connection string, which will be read dynamically every time a new connection is established. This allows the server to be used in an environment where secrets are rotated frequently.

Flag--metadata-database-url <METADATA_DATABASE_URL>
Env varHASURA_GRAPHQL_METADATA_DATABASE_URL
Accepted valuesString (PostgreSQL DB connection string, or dynamic-from-file:// URI)
Examplepostgres://<user>:<password>@<host>:<port>/<db-name>
DefaultCE, Enterprise Edition: null
Cloud: managed by Hasura Cloud
Supported inCE, Enterprise Edition
Note

THe metadata database URL needs to be set for Hasura to start.

Serve sub-command flags and environment variables

For the serve sub-command, these are the available flags and environment variables:

Note

When the equivalent flags for environment variables are used, the flags will take precedence.

Admin Internal Errors

Internal information is included in an error response for requests made by an admin.

Flag--admin-internal-errors <true-or-false>
Env varHASURA_GRAPHQL_ADMIN_INTERNAL_ERRORS
Accepted valuesBoolean
Optionstrue or false
Defaulttrue
Supported inCE, Enterprise Edition, Cloud

Admin Secret Key

A secret key required to access the Hasura instance.

Flag--admin-secret <ADMIN_SECRET_KEY>
Env varHASURA_GRAPHQL_ADMIN_SECRET
Accepted valuesString
DefaultCE, Enterprise Edition: null
Cloud: generated by default
Supported inCE, Enterprise Edition, Cloud
Note

When you use webhook or JWT mode for authentication, setting this value is mandatory.

Admin Secrets

A list of valid admin secret keys any one of which can be used to access the Hasura instance.

Flag--admin-secrets <SECRETS>
Env varHASURA_GRAPHQL_ADMIN_SECRETS
Accepted valuesArray (of strings)
Defaultnull
Example'["secret1", "secret2"]'
Supported inEnterprise Edition only
Note

If both Admin Secret and Admin Secrets are set, then only Admin Secrets will be used.

Async Actions Fetch Batch Size

The maximum number of async actions to be processed in a single batch.

Flag--async-actions-fetch-batch-size <BATCH_SIZE>
Env varHASURA_GRAPHQL_ASYNC_ACTIONS_FETCH_BATCH_SIZE
Accepted valuesInteger
Default10
Supported inCE, Enterprise Edition, Cloud

Async Actions Fetch Interval

The interval, in milliseconds, to sleep before trying to fetch async actions again after a fetch returned no async actions from metadata storage. A value of 0 implies completely disabling fetching async actions from the storage.

Flag--async-actions-fetch-interval <INTERVAL_IN_MS>
Env varHASURA_GRAPHQL_ASYNC_ACTIONS_FETCH_INTERVAL
Accepted valuesInteger (Representing an interval in milliseconds)
Defaultnull
Supported inCE, Enterprise Edition, Cloud

Auth Hook

The URL required to authorize requests when utilizing authentication webhooks.

Flag--auth-hook <WEBHOOK_URL>
Env varHASURA_GRAPHQL_AUTH_HOOK
Accepted valuesString (URL)
Defaultnull
Supported inCE, Enterprise Edition, Cloud
Note

Having an admin secret set is mandatory for setting this value.

Auth Hook Mode

If you're using a webhook for authentication, The HTTP method used by Hasura to make requests.

Flag--auth-hook-mode <GET-or-POST>
Env varHASURA_GRAPHQL_AUTH_HOOK_MODE
Accepted valuesString (HTTP method)
OptionsGET or POST
DefaultGET
Supported inCE, Enterprise Edition, Cloud

Send Request Body to Auth Hook

Whether or not to send the request body (graphql request/variables) to the auth hook in POST mode.

Flag--auth-hook-send-request-body <true-or-false>
Env varHASURA_GRAPHQL_AUTH_HOOK_SEND_REQUEST_BODY
Accepted valuesBoolean
Optionstrue or false
Defaulttrue
Supported inCE, Enterprise Edition, Cloud

BigQuery String Numeric Input

Stringify certain BigQuery numeric types, specifically bignumeric, float64, int64, numeric and aliases thereof, as they don't fit into the IEEE 754 spec for JSON encoding-decoding.

Flag--bigquery_string_numeric_input
Env varHASURA_GRAPHQL_BIGQUERY_STRING_NUMERIC_INPUT
Accepted valuesBoolean
Optionstrue or false
Defaultfalse
Supported inCE, Enterprise Edition

Cache Max Entry TTL

The maximum Query Cache TTL value in seconds, defaulting to 3600 seconds (1 hour).

Flag--query-cache-max-ttl
Env varHASURA_GRAPHQL_CACHE_MAX_ENTRY_TTL
Accepted valuesInteger
Default3600
Supported inEnterprise Edition only

Close WebSocket connections on metadata change

When metadata changes, close all WebSocket connections (with error code 1012). This is useful when you want to ensure that all clients reconnect to the latest metadata.

Flag--disable-close-websockets-on-metadata-change
Env varHASURA_GRAPHQL_CLOSE_WEBSOCKETS_ON_METADATA_CHANGE
Accepted valuesBoolean
Optionstrue or false
Defaulttrue
Supported inCE, Enterprise Edition, Cloud

Configured Header Precedence

Whether the metadata configured headers are given higher precedence than client headers for Actions and postgres input validations.

Flag--configured-header-precedence
Env varHASURA_GRAPHQL_CONFIGURED_HEADER_PRECEDENCE
Accepted valuesBoolean
Optionstrue or false
Defaultfalse
Supported inCE, Enterprise Edition, Cloud

Connections per Read-Replica

The maximum number of Postgres connections per read-replica that can be opened per stripe. When the maximum is reached we will block until a new connection becomes available, even if there is capacity in other stripes.

Flag--connections-per-read-replica <NO_OF_CONNS_PER_READ_REPLICA>
Env varHASURA_GRAPHQL_CONNECTIONS_PER_READ_REPLICA
Accepted valuesInteger
Default50
Supported inEnterprise Edition only

Console Assets Directory

By default, Console assets are loaded from a CDN. For the Console to load assets from the server itself instead of the CDN, set the value to /srv/console-assets.

Flag--console-assets-dir <PATH_TO_ASSETS>
Env varHASURA_GRAPHQL_CONSOLE_ASSETS_DIR
Accepted valuesString
Options"/srv/console-assets"
Defaultnull
Supported inCE, Enterprise Edition

CORS Domain

List of domains, including scheme (http/https) and port, to allow for CORS. Wildcard domains are allowed. Setting an empty value will block requests from all other domains.

Flag--cors-domain <DOMAINS>
Env varHASURA_GRAPHQL_CORS_DOMAIN
Accepted valuesString (comma separated list of domains)
DefaultCE, Enterprise Edition: null
Cloud: *
Example"https://*.foo.bar.com:8080, http://*.localhost, http://localhost:3000, http://example.com"
Supported inCE, Enterprise Edition, Cloud
Note

Because the Console on Hasura Cloud runs on the 'cloud.hasura.io' domain, Hasura Cloud automatically adds it as an allowed CORS domain. Setting an empty value will block requests from all other domains.

Dev Mode

Sets dev mode for GraphQL requests, i.e. in case of errors, includes an internal key in the errors extensions of the response.

Flag--dev-mode
Env varHASURA_GRAPHQL_DEV_MODE
Accepted valuesBoolean
Optionstrue or false
Defaultfalse
Supported inCE, Enterprise Edition, Cloud

Default Naming Convention

Used to set the default naming convention for all sources.

FlagN/A
Env varHASURA_GRAPHQL_DEFAULT_NAMING_CONVENTION
Accepted valuesString
Optionshasura-default or graphql-default
Defaulthasura-default
Supported inCE, Enterprise Edition, Cloud

Disable CORS

Disables CORS. Hasura will not send any CORS headers on any request.

Flag--disable-cors
Env varHASURA_GRAPHQL_DISABLE_CORS
Accepted valuesBoolean
Optionstrue or false
Defaultfalse
Supported inCE, Enterprise Edition

Dynamic Secrets Allowed Path Prefix

Enables the ability to source Postgres connection strings from files on disk using DynamicFromFile, and the ability for Template Variables to use the contents of files in Data Connector configuration transforms. File paths used with these features must start with the prefix set in this environment variable.

FlagN/A
Env varHASURA_GRAPHQL_DYNAMIC_SECRETS_ALLOWED_PATH_PREFIX
Accepted valuesString (representing a filesystem path prefix, such as /var/secrets/)
Defaultnull
Supported inCE, Enterprise Edition

Enable Allow List

Restrict requests allowed to be executed by the GraphQL Engine to those that are part of the configured Allow List.

Flag--enable-allowlist <true-or-false>
Env varHASURA_GRAPHQL_ENABLE_ALLOWLIST
Accepted valuesBoolean
Optionstrue or false
Defaultfalse
Supported inCE, Enterprise Edition, Cloud

Enable Apollo Federation

Enables the Apollo Federation feature. This allows Hasura to be connected as a subgraph in an Apollo supergraph.

Flag--enable-apollo-federation
Env varHASURA_GRAPHQL_ENABLE_APOLLO_FEDERATION
Accepted valuesBoolean
Optionstrue or false
Defaultfalse
Supported inCE, Enterprise Edition, Cloud

Enable Automated Persisted Queries

Enables the Automated Persisted Queries feature.

Flag--enable-persisted-queries
Env varHASURA_GRAPHQL_ENABLE_PERSISTED_QUERIES
Accepted valuesBoolean
Defaultfalse
Supported inEnterprise Edition

Set Automated Persisted Queries TTL

Sets the query TTL in the cache store for Automated Persisted Queries.

Flag--persisted-queries-ttl
Env varHASURA_GRAPHQL_PERSISTED_QUERIES_TTL
Accepted valuesInteger
Default5 (seconds)
Supported inEnterprise Edition

Enable Error Log Level for Trigger Errors

Sets the log-level as error for Trigger type error logs (Event Triggers, Scheduled Triggers, Cron Triggers).

Flag--enable-triggers-error-log-level
Env varHASURA_GRAPHQL_ENABLE_TRIGGERS_ERROR_LOG_LEVEL
Accepted valuesBoolean
Defaultfalse
Supported inCE, Enterprise Edition

Enable Console

Enable the Hasura Console (served by the server on / and /console).

Flag--enable-console <true-or-false>
Env varHASURA_GRAPHQL_ENABLE_CONSOLE
Accepted valuesBoolean
Optionstrue or false
DefaultCE, Enterprise Edition: false
Cloud: Console is always enabled
Supported inCE, Enterprise Edition

Header Size Limit

Sets the maximum cumulative length of all headers in bytes.

Flag--max-total-header-length
Env varHASURA_GRAPHQL_MAX_TOTAL_HEADER_LENGTH
Accepted valuesInteger
Default1024*1024 (1MB)
Supported inCE, Enterprise Edition

Enable High-cardinality Labels for Metrics

Enable high-cardinality labels for Prometheus Metrics. Enabling this setting will add more labels to some of the metrics (e.g. operation_name label for Graphql subscription metrics).

FlagN/A
Env varHASURA_GRAPHQL_METRICS_ENABLE_HIGH_CARDINALITY_LABELS
Accepted valuesBoolean
Optionstrue or false
Defaulttrue
Supported inEnterprise Edition

Enable Log Compression

Enable sending compressed logs to metrics server.

Flag--enable-log-compression <true-or-false>
Env varHASURA_GRAPHQL_ENABLE_LOG_COMPRESSION
Accepted valuesBoolean
Optionstrue or false
Defaultfalse
Supported inEnterprise Edition

Enable Maintenance Mode

Enabling maintenance mode disables updating of Metadata on the server.

Flag--enable-maintenance-mode <true-or-false>
Env varHASURA_GRAPHQL_ENABLE_MAINTENANCE_MODE
Accepted valuesBoolean
Optionstrue or false
Defaultfalse
Supported inCE, Enterprise Edition, Cloud

Enable Metadata Query Logging

Enabling this setting includes the query field in http-logs for Metadata queries.

Flag--enable-metadata-query-logging <true-or-false>
Env varHASURA_GRAPHQL_ENABLE_METADATA_QUERY_LOGGING
Accepted valuesBoolean
Optionstrue or false
Defaultfalse
Supported inCE, Enterprise Edition

Enable Remote Schema Permissions

Enable RBAC for Remote Schemas

Flag--enable-remote-schema-permissions <true-or-false>
Env varHASURA_GRAPHQL_ENABLE_REMOTE_SCHEMA_PERMISSIONS
Accepted valuesBoolean
Optionstrue or false
Defaultfalse
Supported inCE, Enterprise Edition, Cloud

Enable Telemetry

Setting this enables or disables anonymous telemetry.

Flag--enable-telemetry <true-or-false>
Env varHASURA_GRAPHQL_ENABLE_TELEMETRY
Accepted valuesBoolean
Optionstrue or false
Defaulttrue
Supported inCE, Enterprise Edition

Enabled APIs

List of APIs to be enabled on a Hasura GraphQL Engine instance.

Flag--enabled-apis <APIS>
Env varHASURA_GRAPHQL_ENABLED_APIS
Accepted valuesString (Comma-separated)
Optionsmetadata, graphql, pgdump, config, metrics
Defaultmetadata, graphql, pgdump, config
Supported inCE, Enterprise Edition, Cloud

Enabled Log Types

The options below represent log types on the Community Edition. Enterprise-specific log types - and descriptions of all log types — can be found here.

Flag--enabled-log-types <LOG_TYPES>
Env varHASURA_GRAPHQL_ENABLED_LOG_TYPES
Accepted valuesString (Comma-separated)
Optionsstartup, http-log, webhook-log, websocket-log, query-log, execution-log, livequery-poller-log, action-handler-log, data-connector-log, jwk-refresh-log, validate-input-log
Defaultstartup, http-log, webhook-log, websocket-log, jwk-refresh-log
Supported inCE, Enterprise Edition

Events HTTP Pool Size

Maximum number of concurrent HTTP workers for event delivery.

Flag--events-http-pool-size <SIZE>
Env varHASURA_GRAPHQL_EVENTS_HTTP_POOL_SIZE
Accepted valuesInteger
Default100
Supported inCE, Enterprise Edition, Cloud

Events Fetch Batch Size

The maximum number of events to be fetched from the DB in a single batch.

Flag--events-fetch-batch-size <BATCH_SIZE>
Env varHASURA_GRAPHQL_EVENTS_FETCH_BATCH_SIZE
Accepted valuesInteger
Default100
Supported inCE, Enterprise Edition, Cloud

Events Fetch Interval

The interval, in milliseconds, to sleep before trying to fetch events again after a fetch returned no events from Postgres.

Flag--events-fetch-interval <INTERVAL_IN_MS>
Env varHASURA_GRAPHQL_EVENTS_FETCH_INTERVAL
Accepted valuesInteger
Defaultnull
Supported inCE, Enterprise Edition

Experimental Features

List of experimental features to be enabled.

Flag--experimental-features <FEATURES>
Env varHASURA_GRAPHQL_EXPERIMENTAL_FEATURES
Accepted valuesString (Comma-separated list)
Optionsinherited_roles, optimize_permission_filters, naming_convention, streaming_subscriptions, apollo_federation, hide_update_many_fields, bigquery_string_numeric_input, hide_aggregation_predicates, hide_stream_fields, disable_postgres_arrays
Defaultnull
Supported inCE, Enterprise Edition, Cloud

Graceful Shutdown Timeout

The timeout, expressed in seconds, to wait for in-flight events (such as Event Triggers and Scheduled Triggers) and async actions to complete before the server shuts down completely. If the in-flight events are not completed within the timeout, those events are marked as pending.

Flag--graceful-shutdown-timeout <TIMEOUT_IN_SECONDS>
Env varHASURA_GRAPHQL_GRACEFUL_SHUTDOWN_TIMEOUT
Accepted valuesInteger (Representing an interval measured in seconds)
Default60
Supported inCE, Enterprise Edition

Infer Function Permissions

When this is set to false, a function f, stable, immutable or volatile is only exposed for a role r if there is a permission defined on the function f for the role r, creating a function permission will only be allowed if there is a select permission on the table type.

When this is set to true or is omitted, the permission of the function is inferred from the select permissions from the target table of the function, only for stable or immutable functions. Volatile functions are not exposed to any of the roles in this case. See the permissions for custom functions docs for more details.

Flag--infer-function-permissions <true-or-false>
Env varHASURA_GRAPHQL_INFER_FUNCTION_PERMISSIONS
Accepted valuesBoolean
Optionstrue or false
Defaulttrue
Supported inCE, Enterprise Edition, Cloud

JWT Secret

The JWT Secret variable is set equal to a JSON string containing a type property set equal to the method of encryption and the JWK (key) used for verifying a JWT. See the JWT docs for more details.

Flag--jwt-secret <JSON_CONFIG>
Env varHASURA_GRAPHQL_JWT_SECRET
Accepted valuesJSON
Example{"type": "HS256", "key": "3bd561c37d214b4496d09049fadc542c"}
Defaultnull
Supported inCE, Enterprise Edition, Cloud
Note

Having an admin secret set is mandatory for setting this value.

JWT Secrets

List of JWT secrets to authenticate with different JWT issuers.

Flag--jwt-secrets <SECRETS>
Env varHASURA_GRAPHQL_JWT_SECRETS
Accepted valuesJSON array of objects (containing type and the JWK used for verification)
Defaultnull
Example[{\"type\": \"HS256\", \"key\": \"<your-hmac-shared-secret>\", \"claims_namespace\": \"<optional-custom-claims-key-name>\"}, {\"type\": \"RS256\", \"issuer\": \"my-issuer\", \"key\": \"<your-PEM-RSA-public-key>\", \"claims_namespace\": \"<optional-custom-claims-key-name>\"}]
Supported inEnterprise Edition, Cloud
Note

If both JWT Secret and JWT Secrets are set, then JWT Secrets will be used.

Live Queries Multiplexed Refetch Interval

When utilizing live queries, updated results - if any - will be sent, at most, once during this interval - measured in milliseconds - for any live queries which can be multiplexed.

Flag--live-queries-multiplexed-refetch-interval <INTERVAL_IN_MS>
Env varHASURA_GRAPHQL_LIVE_QUERIES_MULTIPLEXED_REFETCH_INTERVAL
Accepted valuesInteger (Representing an interval measured in milliseconds)
Default1000
Supported inCE, Enterprise Edition, Cloud

Log Level

This variable sets the level for Hasura's logs.

Flag--log-level <LEVEL>
Env varHASURA_GRAPHQL_LOG_LEVEL
Accepted valuesString
Optionsdebug, info, warn, error
Defaultinfo
Supported inCE, Enterprise Edition
Cloud: can only be set to info

Max Cache Size

The maximum cache size, measured in MB, for queries.

Flag--max-cache-size <SIZE_IN_MB>
Env varHASURA_GRAPHQL_MAX_CACHE_SIZE
Accepted valuesInteger (Representing cache size measured in MB)
Default1
Supported inEnterprise Edition, Cloud: Professional tier is set to 100 MB as the default

Metadata Database Extension Schema

The schema in which Hasura can install extensions in the Metadata database.

Flag--metadata-database-extensions-schema <SCHEMA_NAME>
Env varHASURA_GRAPHQL_METADATA_DATABASE_EXTENSIONS_SCHEMA
Accepted valuesString
Defaultpublic
Supported inCE, Enterprise Edition

Multiplexed Batch Size

Multiplexed live queries are split into batches of the specified size.

Flag--live-queries-multiplexed-batch-size <BATCH_SIZE>
Env varHASURA_GRAPHQL_LIVE_QUERIES_MULTIPLEXED_BATCH_SIZE
Accepted valuesInteger
Default100
Supported inCE, Enterprise Edition, Cloud

Null in Non-nullable Variables

GraphQL query validation is fixed in v2.36.0-beta.1, where queries that assigned a null value to variables with non-nullable type were allowed.

Example:

query ($user_id: Int!) {
users(where: { id: { _eq: $user_id } }) {
id
name
}
}

variables

{
"user_id": null
}

To rollback to the old behavior, i.e., allow null value for non-nullable variables, use this option.

Flag--null-in-nonnullable-variables <true-or-false>
Env varHASURA_GRAPHQL_BACKWARDS_COMPAT_NULL_IN_NONNULLABLE_VARIABLES
Accepted valuesBoolean
Optionstrue or false
Defaultfalse
Supported inCE, Enterprise Edition, Cloud - from v2.36.0-beta.1

Number of Retries

Notice

Deprecated in versions > v2.0.0: see details.

The number of retries if a Postgres connection error occurs.

Flag--retries <NO_OF_RETRIES>
Env varHASURA_GRAPHQL_NO_OF_RETRIES
Accepted valuesInteger
Default1
Supported inDeprecated in versions > v2.0.0

Number of Stripes

Notice

Deprecated in versions > v2.0.0: see details.

The number of stripes (distinct sub-pools) to maintain with Postgres. New connections will be taken from a particular stripe pseudo-randomly.

Flag-s, --stripes <NO_OF_STRIPES>
Env varHASURA_GRAPHQL_PG_STRIPES
Accepted valuesInteger
Default1
Supported inCE, Enterprise Edition

PG Connections

Notice

Deprecated in versions > v2.0.0: see details.

The maximum number of Postgres connections that can be opened per stripe. When the maximum is reached we will block connections until a new connection becomes available, even if there is capacity in other stripes.

Flag-c, --connections <NO_OF_CONNS>
Env varHASURA_GRAPHQL_PG_CONNECTIONS
Accepted valuesInteger
Default50
Supported inDeprecated in versions > v2.0.0

PG Connection Lifetime

Notice

Deprecated in versions > v2.0.0: see details.

Time from connection creation, in seconds, after which the connection should be destroyed and a new one created. A value of 0 indicates Hasura should never destroy an active connection. If 0 is passed, memory from large query results may not be reclaimed.

Flag--conn-lifetime <TIME_IN_SECONDS>
Env varHASURA_GRAPHQL_PG_CONN_LIFETIME
Accepted valuesInteger (Representing an interval measured in seconds)
Default600
Supported inDeprecated in versions > v2.0.0

Pool Timeout

Notice

Deprecated in versions > v2.0.0: see details.

Pool Timeout determines, in seconds, how long to wait when acquiring a Postgres connection.

Flag--pool-timeout <TIME_IN_SECONDS>
Env varHASURA_GRAPHQL_POOL_TIMEOUT
Accepted valuesInteger (Representing an interval measured in seconds)
DefaultForever
Supported inDeprecated in versions > v2.0.0

Postgres SSL Certificate Path

The path for storage of Postgres SSL certificates when set via environment variable reference.

Flag--pg-ssl-certificate-path <DIRECTORY>
Env varHASURA_GRAPHQL_PG_SSL_CERTIFICATE_PATH
Accepted valuesString (Representing a file path)
Defaultnull
Supported inEnterprise Edition only

Postgres Timeout

Notice

Deprecated in versions > v2.0.0: see details.

Each connection's idle time, measured in seconds, before it's closed.

Flag--timeout <TIME_IN_SECONDS>
Env varHASURA_GRAPHQL_PG_TIMEOUT
Accepted valuesInteger (Representing an interval measured in seconds)
Default180
Supported inDeprecated in versions > v2.0.0

Query Plan Cache Size

Notice

Deprecated in versions > v2.0.0: see details.

The maximum number of query plans that can be cached, where 0 disables the cache.

Flag--query-plan-cache-size <SIZE>
Env varHASURA_GRAPHQL_QUERY_PLAN_CACHE_SIZE
Accepted valuesInteger
Default4000
Options0-65535
Supported inDeprecated in versions > v2.0.0

Rate-Limit Redis TLS Hostname

The hostname to use for SNI when connecting to a rate-limiting Redis instance over TLS.

Flag--rate-limit-redis-tls-hostname <HOSTNAME>
Env varHASURA_GRAPHQL_RATE_LIMIT_REDIS_TLS_HOSTNAME
Accepted valuesString
Defaultnull
Supported inEnterprise Edition only

Rate-Limit Redis URL

The Redis URL to use for rate limiting.

Flag--rate-limit-redis-url <URL>
Env varHASURA_GRAPHQL_RATE_LIMIT_REDIS_URL
Accepted valuesString
Exampleredis://username:password@host:port/db
Defaultnull
Supported inEnterprise Edition only

Rate-Limit Redis Use TLS

Whether to use TLS to connect to a caching Redis instance.

Flag--rate-limit-redis-use-tls <true-or-false>
Env varHASURA_GRAPHQL_RATE_LIMIT_REDIS_USE_TLS
Accepted valuesBoolean
Optionstrue or false
Defaultfalse
Supported inEnterprise Edition only

Read Replica URL

The URL for a read replica of the database.

Notice

Deprecated in versions > v2.0.0: see details.

Flag--read-replica-url <READ_REPLICA_URL>
Env varHASURA_GRAPHQL_READ_REPLICA_URL
Accepted valuesString
Defaultnull
Supported inDeprecated in versions > v2.0.0

Redis TLS Hostname

The hostname to use for SNI when connecting to a caching Redis instance over TLS.

Flag--redis-tls-hostname <HOSTNAME>
Env varHASURA_GRAPHQL_REDIS_TLS_HOSTNAME
Accepted valuesString
Defaultnull
Supported inEnterprise Edition only

Redis TLS Shared CA Store Path

The path to a shared CA store to use to connect to both (caching and rate-limiting) Redis URLs over TLS.

Flag--redis-tls-shared-ca-store-path <PATH_TO_SHARED_CA_STORE>
Env varHASURA_GRAPHQL_REDIS_TLS_SHARED_CA_STORE_PATH
Accepted valuesString
Defaultnull
Supported inEnterprise Edition only

Redis URL

The Redis URL to use for query caching and Webhook Auth Caching.

Flag--redis-url <URL>
Env varHASURA_GRAPHQL_REDIS_URL
Accepted valuesString
Defaultnull
Exampleredis://username:password@host:port/db
Supported inEnterprise Edition only

Remote Schema prioritize data

Setting this will prioritize data or errors if both fields are present in the Remote Schema response.

Flag--remote-schema-prioritize-data
Env varHASURA_GRAPHQL_REMOTE_SCHEMA_PRIORITIZE_DATA
Accepted valuesBoolean
Optionstrue or false
Defaultfalse
Supported inCE, Enterprise Edition, Cloud

Schema Sync Poll Interval

The interval, in milliseconds, to poll Metadata storage for updates. To disable, set this value to 0.

Flag--schema-sync-poll-interval <INTERVAL_IN_MS>
Env varHASURA_GRAPHQL_SCHEMA_SYNC_POLL_INTERVAL
Accepted valuesInteger (Representing an interval in milliseconds)
Default1000
Supported inCE, Enterprise Edition

Server Host

The host on which graphql-engine will listen. The default is *.

Flag--server-host <HOST>
Env varHASURA_GRAPHQL_SERVER_HOST
Accepted valuesString
DefaultCE, Enterprise Edition: *
Cloud: managed by Hasura Cloud
Supported inCE, Enterprise Edition

Server Port

The port on which graphql-engine should be served.

Flag--server-port <PORT>
Env varHASURA_GRAPHQL_SERVER_PORT
Accepted valuesInteger
DefaultCE, Enterprise Edition: 8080
Cloud: managed by Hasura Cloud
Supported inCE, Enterprise Edition

Single Sign-on Providers

List of third-party identity providers to enable Single Sign-on authentication for the console.

Flag--sso-providers <JSON_CONFIG>
Env varHASURA_GRAPHQL_SSO_PROVIDERS
Accepted valuesJSON array of objects (containing identity provider configs and the JWK used for verification)
Defaultnull
Example[{\"client_id\": \"<client-id-from-idp>\", \"name\": \"<display-name>\", \"scope\": \"openid\", \"authorization_url\": \"<login-url>\", \"request_token_url\": \"<request-token-url>\", \"admin_roles\": [\"admin\"], \"jwt_secret\": {\"type\": \"RS256\", \"jwk_url\": \"https://...\", \"issuer\": \"myapp\"}}]
Supported inEE

Skip Arguments with null Values for Remote Schema

Skip arguments with null values while resolving fields from Remote Schemas. For instance:

query RemoteQuery {
users(type:null) {
id
...
}
}

is forwarded as:

query RemoteQuery {
users {
id
...
}
}
Flag--remote-schema-skip-nulls
Env varHASURA_GRAPHQL_REMOTE_SCHEMA_SKIP_NULLS
Accepted valuesBoolean
Optionstrue or false
Defaultfalse
Supported inCE, Enterprise Edition, Cloud

Streaming Queries Multiplexed Batch Size

Multiplexed streaming queries are split into batches of the specified size.

Flag--streaming-queries-multiplexed-batch-size <SIZE>
Env varHASURA_GRAPHQL_STREAMING_QUERIES_MULTIPLEXED_BATCH_SIZE
Accepted valuesInteger
Default100
Supported inCE, Enterprise Edition

Streaming Queries Multiplexed Refetch Interval

For streaming queries which can be multiplexed, updated results - if any - will be sent, at most, once during this interval.

Flag--streaming-queries-multiplexed-refetch-interval <INTERVAL_IN_MS>
Env varHASURA_GRAPHQL_STREAMING_QUERIES_MULTIPLEXED_REFETCH_INTERVAL
Accepted valuesInteger (Representing an interval in milliseconds)
Default1000
Supported inCE, Enterprise Edition

Stringify Numeric Types

Stringify certain Postgres numeric types, specifically bigint ,numeric ,decimal and double precision as they don't fit into the IEEE-754 spec for JSON encoding-decoding.

Flag--stringify-numeric-types
Env varHASURA_GRAPHQL_STRINGIFY_NUMERIC_TYPES
Accepted valuesBoolean
Optionstrue or false
Defaultfalse
Supported inCE, Enterprise Edition, Cloud

Stripes per Read Replica

Notice

Deprecated in versions > v2.0.0: see details.

The number of stripes (connection pools) to maintain per read replica.

Flag--stripes-per-read-replica <NUMBER>
Env varHASURA_GRAPHQL_STRIPES_PER_READ_REPLICA
Accepted valuesInteger
Defaultnull
Supported inDeprecated in versions > v2.0.0

Transaction Isolation

Notice

Deprecated in versions > v2.0.0: see details.

This sets transaction isolation.

Flag-i, --tx-iso <TXISO>
Env varHASURA_GRAPHQL_TX_ISOLATION
Accepted valuesString
Optionsread-committed, repeatable-read, serializable
Defaultread-committed
Supported inDeprecated in versions > v2.0.0

Unauthorized Role

This identifies an unauthorized role, used when the x-hasura-admin-key is not sent or the Authorization header is absent in JWT mode.

Flag--unauthorized-role <ROLE>
Env varHASURA_GRAPHQL_UNAUTHORIZED_ROLE
Accepted valuesString
ExampleSetting this value to anonymous, whenever the Authorization header is absent, the request's role will default to anonymous.
Defaultnull
Supported inCE, Enterprise Edition, Cloud

Use Prepared Statements

Notice

Deprecated in versions > v2.0.0: see details.

Whether to use prepared statements for queries.

Flag--use-prepared-statements <true-or-false>
Env varHASURA_GRAPHQL_USE_PREPARED_STATEMENTS
Accepted valuesBoolean
Optionstrue or false
Defaulttrue
Supported inDeprecated in versions > v2.0.0

v1 Boolean Null Collapse

Evaluate null values in where input object to True instead of error. Learn more in our upgrade guide.

Flag--v1-boolean-null-collapse <true-or-false>
Env varHASURA_GRAPHQL_V1_BOOLEAN_NULL_COLLAPSE
Accepted valuesBoolean
Optionstrue or false
Defaultfalse
Supported inCE, Enterprise Edition, Cloud

Websocket Compression

Enable WebSocket permessage-deflate compression.

Flag--websocket-compression <true-or-false>
Env varHASURA_GRAPHQL_CONNECTION_COMPRESSION
Accepted valuesBoolean
Optionstrue or false
Defaultfalse
Supported inCE, Enterprise Edition

Websocket Connection Init Timeout

Used to set the connection initialization timeout for graphql-ws clients. This is ignored for subscription-transport-ws (Apollo) clients.

Flag--websocket-connection-init-timeout <TIMEOUT_IN_SECONDS>
Env varHASURA_GRAPHQL_WEBSOCKET_CONNECTION_INIT_TIMEOUT
Accepted valuesInteger (Representing a timeout in milliseconds)
Default3
Supported inCE, Enterprise Edition

Websocket Keepalive

Used to set the Keep Alive delay for clients that use the subscription-transport-ws (Apollo) protocol. For graphql-ws clients, the graphql-engine sends PING messages instead.

Flag--websocket-keepalive <TIME_IN_SECONDS>
Env varHASURA_GRAPHQL_WEBSOCKET_KEEPALIVE
Accepted valuesInteger (Representing a delay in seconds)
Default5
Supported inCE, Enterprise Edition

Read cookie on WebSocket initial handshake even when CORS is disabled. This can be a potential security flaw! This configuration is only applicable when CORS is disabled.

Flag--ws-read-cookie <true-or-false>
Env varHASURA_GRAPHQL_WS_READ_COOKIE
Accepted valuesBoolean
Defaultfalse
Optionstrue or false
Supported inCE, Enterprise Edition