| `CLOWM_CONFIG_FILE_YAML` | - | `config.yaml` | Filepath | `/path/to/config.yaml` | Path to a YAML file to read the config. See [example-config/example-config.yaml](example-config/example-config.yaml). |
| `CLOWM_CONFIG_FILE_TOML` | - | `config.toml` | Filepath | `/path/to/config.toml` | Path to a TOML file to read the config. See [example-config/example-config.toml](example-config/example-config.toml). |
| `CLOWM_CONFIG_FILE_JSON` | - | `config.json` | Filepath | `/path/to/config.json` | Path to a JSON file to read the config. See [example-config/example-config.json](example-config/example-config.json). |
| `CLOWM_API_PREFIX` | `api_prefix` | unset | URI path | `/api` | Prefix before every URL path |
| *`CLOWM_UI_URI` | `ui_uri` | unset | HTTP URL | `https://localhost` | HTTP URL of the CloWM website |
| `CLOWM_BLOCK_FOREIGN_USERS` | `block_foreign_users` | `false` | boolean | `false` | Block users that have no role |
## Database
| Env variable | Config file key | Default | Value | Example | Description |
| `CLOWM_SMTP__SERVER` | `smtp.server` | unset | SMTP domain / `console` | `localhost` | Hostname of SMTP server. If `console`, emails are printed to the console. If not set, emails are not sent. |
| `CLOWM_SMTP__PORT` | `smtp.port` | 587 | Integer | 587 | Port of the SMTP server |
| `CLOWM_SMTP__SENDER_EMAIL` | `smtp.sender_email` | `no-reply@clowm.com` | Email | `no-reply@clowm.com` | Email address from which the emails are sent. |
| `CLOWM_SMTP__REPLY_EMAIL` | `smtp.reply_email` | unset | Email | `clowm@example.org` | Email address in the `Reply-To` header. |
| `CLOWM_SMTP__CONNECTION_SECURITY` | `smtp.connection_security` | unset | `starttls` / `ssl` | `starttls` | Connection security to the SMTP server. |
| `CLOWM_SMTP__LOCAL_HOSTNAME` | `smtp.local_hostname` | unset | String | `clowm.local` | Overwrite the local hostname from which the emails are sent. |
| `CLOWM_SMTP__CA_PATH` | `smtp.ca_path` | unset | Filepath | `/path/to/ca.pem` | Path to a custom CA certificate. |
| `CLOWM_SMTP__KEY_PATH` | `smtp.key_path` | unset | Filepath | `/path/to/key.pem` | Path to the CA key. |
| `CLOWM_SMTP__USER` | `smtp.user` | unset | String | `smtp-user` | Username to use for SMTP login. |
| `CLOWM_SMTP__PASSWORD` | `smtp.password` | unset | String | `smtp-password` | Password to use for SMTP login. |
## S3
| Env variable | Config file key | Default | Value | Example | Description |
| *`CLOWM_S3__URI` | `s3.uri` | unset | HTTP URL | `http://localhost` | URI of the S3 Object Storage |
| * `CLOWM_S3__ACCESS_KEY` | `s3.acess_key` | unset | String | `ZR7U56KMK20VW` | Access key for the S3 that owns the buckets and `user=*,bucket=*` capabilities |
| * `CLOWM_S3__SECRET_KEY` | `s3.secret_key` | unset | String | `9KRUU41EGSCB3H9ODECNHW` | Secret key for the S3 that owns the buckets |
| `CLOWM_S3__USERNAME` | `s3.username` | `bucket-manager` | String | `bucket-manager` | ID of the user in ceph who owns all the buckets. Owner of `CLOWM_S3__ACCESS_KEY` |
| `CLOWM_S3__INITIAL_BUCKET_SIZE_LIMIT` | `s3.initial_bucket_size_limit` | `100 GiB` | ByteSize | `10 KB`, `10 KiB`, `10 MB` | Size limit of the initial bucket. Between `1 KiB` and `4.3 TB` |
| `CLOWM_S3__INITIAL_BUCKET_OBJECT_LIMIT` | `s3.initial_bucket_object_limit` | `10000` | Integer | `10000` | Number of object limit in the initial bucket. Must be $<2^{32}$ |
| `CLOWM_S3__DEFAULT_BUCKET_SIZE_LIMIT` | `s3.default_bucket_size_limit` | `400 GiB` | ByteSize | `10 KB`, `10 KiB`, `10 MB` | Size limit of a new Bucket. Between `1 KiB` and `4.3 TB` |
| `CLOWM_S3__DEFAULT_BUCKET_OBJECT_LIMIT` | `s3.default_bucket_object_limit` | `40000` | Integer | `10000` | Maximum number of objects in a new bucket. Must be $<2^{32}$ |
## Security
| Env variable | Config file key | Default | Value | Example | Description |
| `CLOWM_PRIVATE_KEY` / `CLOWM_PRIVATE_KEY_FILE` | `private_key` / `private_key_file` | randomly generated | Public Key / Path to Public Key | `/path/to/key` | Private part of RSA Key in PEM format to sign JWTs. Public part is inferred from private key. |
| `CLOWM_JWT_TOKEN_EXPIRE_MINUTES` | `jwt_token_expire_minutes` | 8 days | number | 11520 | Minutes till a JWT expires |
| `CLOWM_SECRET_KEY` | `secret_key` | randomly generated | string | `xxxx` | Secret key to sign Session Cookies |
## Lifescience OIDC
| Env variable | Config file key | Default | Value | Example | Description |
| `CLOWM_OTLP__GRPC_ENDPOINT` | `otlp.grpc_endpoint` | unset | String | `localhost` | OTLP compatible endpoint to send traces via gRPC, e.g. Jaeger. If unset, no traces are sent. |
| `CLOWM_CONFIG_FILE_YAML` | - | `config.yaml` | Filepath | `/path/to/config.yaml` | Path to a YAML file to read the config. See [example-config/example-config.yaml](example-config/example-config.yaml). |
| `CLOWM_CONFIG_FILE_TOML` | - | `config.toml` | Filepath | `/path/to/config.toml` | Path to a TOML file to read the config. See [example-config/example-config.toml](example-config/example-config.toml). |
| `CLOWM_CONFIG_FILE_JSON` | - | `config.json` | Filepath | `/path/to/config.json` | Path to a JSON file to read the config. See [example-config/example-config.json](example-config/example-config.json). |
| `CLOWM_API_PREFIX` | `api_prefix` | unset | URI path | `/api` | Prefix before every URL path |
| *`CLOWM_UI_URI` | `ui_uri` | unset | HTTP URL | `https://localhost` | HTTP URL of the CloWM website |
| `CLOWM_BLOCK_FOREIGN_USERS` | `block_foreign_users` | `false` | boolean | `false` | Block users that have no role |
### Database
| Env variable | Config file key | Default | Value | Example | Description |
| `CLOWM_SMTP__SERVER` | `smtp.server` | unset | SMTP domain / `console` | `localhost` | Hostname of SMTP server. If `console`, emails are printed to the console. If not set, emails are not sent. |
| `CLOWM_SMTP__PORT` | `smtp.port` | 587 | Integer | 587 | Port of the SMTP server |
| `CLOWM_SMTP__SENDER_EMAIL` | `smtp.sender_email` | `no-reply@clowm.com` | Email | `no-reply@clowm.com` | Email address from which the emails are sent. |
| `CLOWM_SMTP__REPLY_EMAIL` | `smtp.reply_email` | unset | Email | `clowm@example.org` | Email address in the `Reply-To` header. |
| `CLOWM_SMTP__CONNECTION_SECURITY` | `smtp.connection_security` | unset | `starttls` / `ssl` | `starttls` | Connection security to the SMTP server. |
| `CLOWM_SMTP__LOCAL_HOSTNAME` | `smtp.local_hostname` | unset | String | `clowm.local` | Overwrite the local hostname from which the emails are sent. |
| `CLOWM_SMTP__CA_PATH` | `smtp.ca_path` | unset | Filepath | `/path/to/ca.pem` | Path to a custom CA certificate. |
| `CLOWM_SMTP__KEY_PATH` | `smtp.key_path` | unset | Filepath | `/path/to/key.pem` | Path to the CA key. |
| `CLOWM_SMTP__USER` | `smtp.user` | unset | String | `smtp-user` | Username to use for SMTP login. |
| `CLOWM_SMTP__PASSWORD` | `smtp.password` | unset | String | `smtp-password` | Password to use for SMTP login. |
### S3
| Env variable | Config file key | Default | Value | Example | Description |
| *`CLOWM_S3__URI` | `s3.uri` | unset | HTTP URL | `http://localhost` | URI of the S3 Object Storage |
| * `CLOWM_S3__ACCESS_KEY` | `s3.acess_key` | unset | String | `ZR7U56KMK20VW` | Access key for the S3 that owns the buckets and `user=*,bucket=*` capabilities |
| * `CLOWM_S3__SECRET_KEY` | `s3.secret_key` | unset | String | `9KRUU41EGSCB3H9ODECNHW` | Secret key for the S3 that owns the buckets |
| `CLOWM_S3__USERNAME` | `s3.username` | `bucket-manager` | String | `bucket-manager` | ID of the user in ceph who owns all the buckets. Owner of `CLOWM_S3__ACCESS_KEY` |
| `CLOWM_S3__INITIAL_BUCKET_SIZE_LIMIT` | `s3.initial_bucket_size_limit` | `100 GiB` | ByteSize | `10 KB`, `10 KiB`, `10 MB` | Size limit of the initial bucket. Between `1 KiB` and `4.3 TB` |
| `CLOWM_S3__INITIAL_BUCKET_OBJECT_LIMIT` | `s3.initial_bucket_object_limit` | `10000` | Integer | `10000` | Number of object limit in the initial bucket. Must be $<2^{32}$ |
| `CLOWM_S3__DEFAULT_BUCKET_SIZE_LIMIT` | `s3.default_bucket_size_limit` | `400 GiB` | ByteSize | `10 KB`, `10 KiB`, `10 MB` | Size limit of a new Bucket. Between `1 KiB` and `4.3 TB` |
| `CLOWM_S3__DEFAULT_BUCKET_OBJECT_LIMIT` | `s3.default_bucket_object_limit` | `40000` | Integer | `10000` | Maximum number of objects in a new bucket. Must be $<2^{32}$ |
### Security
| Env variable | Config file key | Default | Value | Example | Description |
| `CLOWM_PRIVATE_KEY` / `CLOWM_PRIVATE_KEY_FILE` | `private_key` / `private_key_file` | randomly generated | Public Key / Path to Public Key | `/path/to/key` | Private part of RSA Key in PEM format to sign JWTs. Public part is inferred from private key. |
| `CLOWM_JWT_TOKEN_EXPIRE_MINUTES` | `jwt_token_expire_minutes` | 8 days | number | 11520 | Minutes till a JWT expires |
| `CLOWM_SECRET_KEY` | `secret_key` | randomly generated | string | `xxxx` | Secret key to sign Session Cookies |
### Lifescience OIDC
| Env variable | Config file key | Default | Value | Example | Description |
| `CLOWM_OTLP__GRPC_ENDPOINT` | `otlp.grpc_endpoint` | unset | String | `localhost` | OTLP compatible endpoint to send traces via gRPC, e.g. Jaeger. If unset, no traces are sent. |