Configuration
All Orvanta components are configured via environment variables. The reference below lists the variables for each component.
API server
Section titled “API server”| Variable | Required | Default | Description |
|---|---|---|---|
DATABASE_URL | ✅ | — | PostgreSQL connection string. postgres://user:pass@host:5432/orvanta |
REDIS_URL | ✅ | — | Redis connection string. redis://host:6379 |
SECRET_KEY | ✅ | — | Random 64-char hex string. Used for signing tokens. Generate with openssl rand -hex 32. |
APP_URL | ✅ | — | Public URL of your Orvanta instance. e.g. https://orvanta.example.com |
S3_BUCKET | ✅ | — | S3 bucket name for artefact storage. |
S3_REGION | ✅ | — | AWS region or equivalent. |
S3_ENDPOINT | ❌ | AWS default | Override for non-AWS S3-compatible storage (MinIO, R2, etc.). |
S3_ACCESS_KEY_ID | ✅ | — | S3 access key. |
S3_SECRET_ACCESS_KEY | ✅ | — | S3 secret key. |
LOG_LEVEL | ❌ | info | debug, info, warn, error. |
PORT | ❌ | 3000 | Port the API server listens on. |
Worker
Section titled “Worker”| Variable | Required | Default | Description |
|---|---|---|---|
DATABASE_URL | ✅ | — | Same as API server. |
REDIS_URL | ✅ | — | Same as API server. |
S3_* | ✅ | — | Same as API server. |
WORKER_CONCURRENCY | ❌ | 4 | Number of concurrent run slots per worker process. |
WORKER_QUEUE | ❌ | default | Queue name this worker listens on. |
Docker Compose example
Section titled “Docker Compose example”version: '3.9'
services: api: image: ghcr.io/blue-code-garden/orvanta-api:latest env_file: .env ports: - "3000:3000" depends_on: - postgres - redis
worker: image: ghcr.io/blue-code-garden/orvanta-worker:latest env_file: .env depends_on: - postgres - redis
postgres: image: postgres:16-alpine environment: POSTGRES_DB: orvanta POSTGRES_USER: orvanta POSTGRES_PASSWORD: changeme volumes: - postgres_data:/var/lib/postgresql/data
redis: image: redis:7-alpine volumes: - redis_data:/data
volumes: postgres_data: redis_data:Orvanta does not handle TLS termination directly. Use a reverse proxy such as Caddy, nginx, or Traefik in front of the API server. All traffic to APP_URL should be HTTPS.