Environment Variables

Environment variables override YAML configuration and are primarily intended for secrets and deployment knobs.

Deep dive:

• Env override logic lives in pkg/gateway/config/config.go (annotated): Config loader

See also:

• Config keys: Config reference
• Guide: Configure upstreams

Common variables

Config file

• APIGW_CONFIG: path to a default config file (used when the CLI/config options do not specify one)

Ports and timeouts

• PORT: public HTTP listen port (maps to http.port)
• SHUTDOWN_TIMEOUT_MS: graceful shutdown timeout in milliseconds
• READINESS_TIMEOUT_MS: readiness probe timeout in milliseconds
• READINESS_USER_AGENT: User-Agent for readiness probes

Upstream URLs and health paths

Upstream overrides are built from a product prefix plus a suffix:

• <PREFIX>_API_URL
• <PREFIX>_HEALTH_PATH
• <PREFIX>_TLS_ENABLED
• <PREFIX>_TLS_INSECURE_SKIP_VERIFY
• <PREFIX>_TLS_CA_FILE
• <PREFIX>_TLS_CERT_FILE
• <PREFIX>_TLS_KEY_FILE

Prefixes used by the gateway:

• TRADE
• TASK

Examples:

TRADE_API_URL="https://trade.example.com"
TRADE_HEALTH_PATH="/health"
TRADE_TLS_ENABLED="true"
TRADE_TLS_CA_FILE="/etc/certs/ca.pem"

Auth (JWT)

• JWT_SECRET: shared secret for validating JWTs (required when auth is enabled)
• JWT_ISSUER: expected issuer claim
• JWT_AUDIENCE: expected audience claim

CORS

• CORS_ALLOWED_ORIGINS: comma-separated allowed origins

Rate limiting

• RATE_LIMIT_WINDOW_MS: rate-limit window in milliseconds
• RATE_LIMIT_MAX: max requests per window

Metrics

• METRICS_ENABLED: enables or disables metrics exposure

Admin server

• ADMIN_ENABLED: enables the admin server
• ADMIN_LISTEN: bind address (host:port)
• ADMIN_TOKEN: bearer token required for admin endpoints
• ADMIN_ALLOW: comma-separated allowlist entries (CIDR or IP)

Build metadata

• GIT_SHA: build SHA metadata surfaced in some status/config outputs

Precedence notes

• Env vars override YAML and defaults.
• Some values are normalized (e.g., leading slashes for paths) and validated after env application.