Environment variables

The fully qualified database connection string. If using Postgres on RDS with IAM authentication, the scheme must be postgresiam and the port must also be set.

Required: if separate host, name, username, password environment variables are not set

Example: postgresql://username:password@host:port/database

The database adapter to use. Use postgresiam when using Postgres on RDS with IAM authentication (rather than username/password authentication).

Required: false

Default: postgres

Allowed values: postgres, postgresiam

The database username

Required: if PACTFLOW_DATABASE_URL is not set

The database password

Required: if PACTFLOW_DATABASE_URL is not set, unless using Postgres on RDS with IAM authentication

The database host

Required: if PACTFLOW_DATABASE_URL is not set

The database port

Required: if PACTFLOW_DATABASE_URL is not set

The database name

Required: if PACTFLOW_DATABASE_URL is not set

The Postgresql ssl mode. Note, if using Postgres on AWS RDS with IAM authentication, this must be require.

Required: false

Default: require

Allowed values: disable, allow, prefer, require, verify-ca, verify-full

More information: https://ankane.org/postgres-sslmode-explained

The number of seconds after which to check the health of a connection from a connection pool before passing it to the application.

-1 means that connections will be validated every time, which avoids errors when databases are restarted and connections are killed. This has a performance penalty, so consider increasing this timeout if building a frequently accessed service.

Required: false

Default: 3600

Allowed values: -1 or any positive integer.

More information: https://sequel.jeremyevans.net/rdoc-plugins/files/lib/sequel/extensions/connection_validator_rb.html

The duration in seconds, as a float, after which to log an SQL statement

Required: false

Default: 5

The log level that will be specified when the SQL query statements are logged.

Required: false

Default: NONE

Allowed values: NONE, DEBUG, INFO, WARN, ERROR, FATAL

The maximum size of the connection pool per application instance. The total number of connections for the database must be calculated by multiplying this value by the number of instances (ie. running Docker containers).

Required: false

Default: 4

Allowed values: A positive integer value.

More information: https://sequel.jeremyevans.net/rdoc/files/doc/opening_databases_rdoc.html#label-General+connection+options

The number of seconds to wait if a connection cannot be acquired before raising an error.

Required: false

Default: 5

Allowed values: A positive integer.

More information: https://sequel.jeremyevans.net/rdoc/files/doc/opening_databases_rdoc.html#label-General+connection+options

Whether or not to automatically apply the schema and data migrations to the database on startup

Required: false

Default: true

Allowed values: true, false

Required for running Postgres on RDS with IAM authentication. This must be set to the AWS region where the RDS database instance is running.

Required: false

Whether or not to enable SAML authentication.

Required: false

Default: false

Allowed values: true, false

The name of this application as it is known to the SAML IDP.

Required: false

Default: https://pactflow.io

Example: http://pactflow.mycompany.com

The display name of the SAML IDP. This value will be used as the login button label.

Required: true

URL of a logo for IDP, to be displayed next to the login button.

Required: false

The URL to which the authentication request should be sent. This endpoint is on the identity provider.

Required: if PACTFLOW_SAML_IDP_METADATA_URL is not set

More information: https://github.com/omniauth/omniauth-saml#options

The SHA1 fingerprint of the certificate, e.g. "90:CC:16:F0:8D:...". This is provided from the identity provider when setting up the relationship.

Required: if PACTFLOW_SAML_IDP_METADATA_URL is not set

More information: https://github.com/omniauth/omniauth-saml#options

The name of the SAML response attribute that uniquely and permanently identifies a user for the IDP.

Required: true

The name of the SAML response attribute that contains the email address.

Required: true

The name of the SAML response attribute that contains the full name.

Required: true

The name of the SAML response attribute that contains the first name.

Required: false

The name of the SAML response attribute that contains the last name.

Required: false

The URL of the IDP's metadata endpoint. If this is set, then the PACTFLOW_SAML_IDP_SSO_TARGET_URL and PACTFLOW_SAML_IDP_CERT_FINGERPRINT can be skipped.

Required: false

More information: https://github.com/omniauth/omniauth-saml#idp-metadata

Used during SP-initiated SSO. Describes the format of the username required by this application.

Required: false

Default: urn:oasis:names:tc:SAML:2.0:nameid-format:persistent

Allowed values: urn:oasis:names:tc:SAML:2.0:nameid-format:persistent, urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress

To allow for a small amount of clock drift between PactFlow On-Premises and the Identity Provider, the allowed clock drift may be specified. Its value must be given in a number (and/or fraction) of seconds. The value is added to the current time at which the response is validated, before it is tested against the NotBefore assertion.

Required: false

Default: 0

Whether or not to enable authentication for demo users. For demonstration purposes only - not to be set to true for production use.

Required: false

Default: false

Allowed values: true, false

Deprecated in favour of PACTFLOW_MASTER_ENCRYPTION_KEY. If you have a previous installation of PactFlow On-Premises with PACTFLOW_MASTER_SECRETS_ENCRYPTION_KEY set, please rename it to PACTFLOW_MASTER_ENCRYPTION_KEY.

Required: false

Whether or not to allow the pact content for an existing consumer version to be modified. It is strongly recommended that this is set to false, as allowing modification makes the results of can-i-deploy unreliable. When this is set to false as recommended, each commit must publish pacts with a unique version number.

Supported versions: From v1.14.0

Required: false

Default: For new installations of v1.14.0 and later, this defaults to false.

Allowed values: true, false

More information: https://docs.pact.io/versioning

When the value is true, the first tag applied to a version (within 10 seconds) will be used to populate the branch property of the version.

This is to assist in the migration from using tags to track branches to using the branches feature.

Required: false

Default: true

Allowed values: true, false

When the value is true and a tag is created, if there is an environment with the name of the newly created tag, a deployed version is also created for the pacticipant version.

This is to assist in the migration from using tags to track deployments to using the deployed and released versions feature.

Supported versions: From v1.14.0

Required: false

Default: true

Allowed values: true, false

More information: https://docs.pact.io/pact_broker/recording_deployments_and_releases/

The URL of the free service that is used to generate the build badges. Note that the badge files are served via a redirect in the browser, so there is no request made from the PactFlow On-Premises application to the shields server.

Required: false

Default: https://img.shields.io

More information: https://shields.io

The base url, including HTTP scheme and any application context path, at which the PactFlow On-Premises application will be publicly accessible. It should not include a trailing slash. If there are multiple interfaces on which the application will be addressed, list all the base URLs separated by spaces.

Required: true

Example: https://pactflow.mycompany.com https://pactflow.internal.mycompany.com

The HTTP port on which the PactFlow On-Premises application will be exposed on the Docker container. Must be greater than 1024.

Required: false

Default: 9292

The number of seconds after which the user needs to re-authenticate with the IDP. Default is 1 week.

Required: false

Default: 604800

The number of seconds of inactivity after which the user needs to re-authenticate with the IDP. By default, this will be set to the value of the PACTFLOW_SESSION_LENGTH, effectively disabling the feature, unless a value is specified by the user.

Required: false

Default: 604800

The secret used to encrypt the rack.session cookie. To generate an appropriate value, run the following on Linux/Mac:

LC_ALL=C tr -dc '_A-Z-a-z-0-9!#$%&*+-\\.^_|~' < /dev/urandom | fold -w 64 | head -n 1

Required: true

Example: X-sbeCpAUgO-8FRtKxYrVhgZ2hIJhPuzCh_89PypYrI

The previous secret - used when rotating the rack.session cookie secret.

Required: false

When set to true, the header Strict-Transport-Security: max-age=31536000 ; includeSubDomains is added to ensure connections are made over HTTPS, and the PACTFLOW_BASE_URL is validated to ensure it starts with https.

This value should never be set to false in a production environment. It should only ever be set to false for local testing or demonstration purposes where an SSL certificate is not available.

Required: false

Default: true

Allowed values: true, false

The PEM certificate file to use if the webhooks have to connect to servers that use self-signed certificates.

Required: false

The PEM certificate directory to use if the webhooks have to connect to servers that use self signed certificates.

Required: false

HTTP proxy used when making outgoing HTTP requests

Required: false

HTTPS proxy used when making outgoing HTTP requests

Required: false

The hosts for which to not use a proxy

Required: false

Whether or not to enable the embedded HAL Browser.

Required: false

Default: true

Allowed values: true, false

More information: https://github.com/mikekelly/hal-browser

The timezone in which to display dates for server side rendered pages.

Required: true

More information: Valid timezones