Configuration

StackRivet reads its configuration from environment variables (with sensible local defaults), so the same artifact runs in every environment. Secrets stay in the environment and are never committed.

The groups below are the settings you’ll use most often. A common local pattern:

set -a && source .env && set +a    # load all of the below at once

Database

Variable	Purpose	Example
`STACKRIVET_DB_VENDOR`	Dialect	`mysql` (default) / `postgresql`
`STACKRIVET_DB_HOST`	Host	`localhost`
`STACKRIVET_DB_NAME`	Database name	`stackrivet`
`STACKRIVET_DB_USER`	User	—
`STACKRIVET_DB_PASSWORD`	Password	(env only)

Cache (required)

Redis backs JWT revocation and the health check, so it must be configured:

Variable	Purpose
`STACKRIVET_REDIS_HOST` / `STACKRIVET_REDIS_PORT`	Redis connection
`STACKRIVET_REDIS_USERNAME` / `STACKRIVET_REDIS_PASSWORD`	Redis auth (if set)
`STACKRIVET_REDIS_DATABASE` / `STACKRIVET_REDIS_SSL`	DB index / TLS toggle

Auth

Variable	Purpose
`STACKRIVET_SECURITY_JWT_SECRET`	Token signing secret — set a strong value in every non-local environment

Storage (Asset Service)

Variable	Purpose
`STACKRIVET_STORAGE_TYPE`	`local` (default) / `s3` / `aliyun_oss`
`STACKRIVET_S3_ENDPOINT` / `_REGION` / `_ACCESS_KEY` / `_SECRET_KEY`	S3-compatible (MinIO, AWS S3)
`STACKRIVET_ALIYUN_OSS_ENDPOINT` / `_ACCESS_KEY` / `_SECRET_KEY`	Aliyun OSS

These feed the stackrivet.asset.* block (storage-type, max-file-size, allowed-extensions, signed-url-ttl). See Configure object storage for the full mapping and the region-match caveat.

Scheduler

Key	Purpose
`stackrivet.scheduler.snailjob.enabled`	`false` by default; set `true` to activate the optional SnailJob adapter (Pro / Enterprise). See Tasks.

Profile

Variable	Purpose
`STACKRIVET_PROFILE`	Spring profiles, e.g. `dev` or `dev,otel` to enable the OpenTelemetry profile

For environment-specific deployment, keep secrets in the runtime environment and document each deployment’s selected values in your own operations runbook.