Skip to main content

Overview

The Parmana Docker stack uses two types of variables:
  1. Compose variables — consumed by docker-compose.yml itself to configure service behavior
  2. Server variables — passed to the server container and read by the governance server

docker-compose.yml variables

These variables are read by Docker Compose directly and are not passed to the containers as environment variables (unless also listed in the environment section of a service).
VariableRequiredDescription
POSTGRES_PASSWORDYesPassword for the Parmana Postgres user. Used in both the postgres service (POSTGRES_PASSWORD) and the AUDIT_DATABASE_URL in the server service.
PARMANA_API_KEYRecommendedAPI key for the governance server. Passed to the server service as PARMANA_API_KEY.
REDIS_PASSWORDNoRedis password. Used in production compose files to set --requirepass on Redis and in REDIS_URL.
RELEASE_TAGNoImage tag for the server image in production deploys: ghcr.io/pavancharak/parmanasystems/server:${RELEASE_TAG}.

Postgres container variables

Set on the postgres service in docker-compose.yml:
VariableDefault in composeDescription
POSTGRES_DBParmana_auditDatabase name. Must match the database in AUDIT_DATABASE_URL.
POSTGRES_USERParmanaDatabase user. Must match the user in AUDIT_DATABASE_URL.
POSTGRES_PASSWORD${POSTGRES_PASSWORD}Database password. From .env. Must match the password in AUDIT_DATABASE_URL.
POSTGRES_PASSWORD_FILEAlternative to POSTGRES_PASSWORD. Path to a Docker secret file. Use in production with Docker secrets.

Redis container variables

Set on the redis service via the command override:
SettingDefaultDescription
--appendonly yesRequiredEnable AOF persistence. Always set in production.
--requirepass <password>Unset (no auth)Redis password. Set in production and update REDIS_URL accordingly: redis://:password@redis:6379

Server container variables

All variables passed to the server container. See Environment Variables for the complete server variable reference.
VariableSourceDescription
PORTHardcoded in compose3000
HOSTHardcoded in compose0.0.0.0 (local) or 127.0.0.1 (production)
CORS_ORIGINHardcoded in composeDashboard URL
REDIS_URLHardcoded in composeredis://redis:6379 (using compose service name)
AUDIT_DATABASE_URLCompose variable expansionpostgresql://Parmana:${POSTGRES_PASSWORD}@postgres:5432/Parmana_audit
PARMANA_API_KEYFrom .envBearer token
PARMANA_SIGNING_PROVIDERFrom .envenv or disk
PARMANA_SIGNING_PRIVATE_KEYFrom .env or secretPEM private key
PARMANA_SIGNING_PUBLIC_KEYFrom .env or secretPEM public key
PARMANA_POLICIES_ROOTHardcoded/app/policies
PARMANA_TRUST_ROOTHardcoded/app/trust/trust-root.json
PARMANA_TRUST_PUBLIC_KEYHardcoded/app/trust/root.pub
PARMANA_RELEASE_MANIFESTHardcoded/app/artifacts/release-manifest.json
PARMANA_RELEASE_SIGNATUREHardcoded/app/artifacts/release-manifest.sig

Dashboard container variables

The dashboard container (ghcr.io/pavancharak/parmanasystems/dashboard) does not read environment variables at runtime. It is a static React application. The server URL it calls is configured at build time. The server must be accessible at the URL the dashboard was built to use (typically http://localhost:3000 for local and https://governance.yourdomain.com for production).

Port mapping reference

ServiceContainer portHost port (local)Notes
server30003000In production, bind to 127.0.0.1:3000:3000 (Nginx proxies)
dashboard808081Static files only
postgres54325433Do not expose in production
redis63796380Do not expose in production

.env file template

# Required
POSTGRES_PASSWORD=choose-a-strong-password
PARMANA_API_KEY=choose-a-secret-api-key

# Signing — choose provider and set corresponding variables
PARMANA_SIGNING_PROVIDER=env
PARMANA_SIGNING_PRIVATE_KEY=
PARMANA_SIGNING_PUBLIC_KEY=

# Production only
REDIS_PASSWORD=
RELEASE_TAG=1.0.0