Configuration
License server environment options
This page lists every supported environment variable, what it controls, and its default value. DATABASE_URL and one of MANAGEMENT_API_KEYS or MANAGEMENT_API_KEY are required to start the server.
Minimal startup example
bash
# Required
DATABASE_URL=postgres://postgres:postgres@postgres:5432/simple_license_server?sslmode=disable
MANAGEMENT_API_KEYS=management_key_prod_please_make_this_long_and_random
# Optional
PORT=8080
UI_ENABLED=false
REQUEST_TIMEOUT=15s
OFFLINE_SIGNING_ENCRYPTION_KEY=replace_with_32_plus_chars_before_creating_signing_keysEnvironment variables
| Variable | Required | Default | What it does |
|---|---|---|---|
DATABASE_URL | Yes | None | Postgres connection string used by the API at startup. |
MANAGEMENT_API_KEYS | Yes* | None | Comma-separated management bootstrap keys for /management/* endpoints (each key must be 16+ chars). |
MANAGEMENT_API_KEY | Yes* | None | Single-key fallback used only when MANAGEMENT_API_KEYS is not set. |
PORT | No | 8080 | HTTP listen port for the API server. |
UI_ENABLED | No | false | Serve the bundled management console from the API server when true. The Docker image includes the UI assets. |
REQUEST_TIMEOUT | No | 15s | Per-request timeout applied by middleware. |
SHUTDOWN_TIMEOUT | No | 10s | Graceful shutdown timeout when the process receives a stop signal. |
HTTP_READ_TIMEOUT | No | 15s | Maximum time for reading request headers/body. |
HTTP_WRITE_TIMEOUT | No | 30s | Maximum time before timing out writes of the response. |
HTTP_IDLE_TIMEOUT | No | 60s | Maximum keep-alive idle time for client connections. |
RATE_LIMIT_ENABLED | No | true | Enables global + per-IP rate limiting middleware. |
RATE_LIMIT_GLOBAL_RPS | No | 100 | Global requests-per-second allowance when rate limiting is enabled. |
RATE_LIMIT_GLOBAL_BURST | No | 200 | Global burst capacity when rate limiting is enabled. |
RATE_LIMIT_PER_IP_RPS | No | 20 | Per-client-IP requests-per-second allowance. |
RATE_LIMIT_PER_IP_BURST | No | 40 | Per-client-IP burst capacity. |
RATE_LIMIT_IP_TTL | No | 10m | TTL for per-IP limiter entries before cleanup. |
RATE_LIMIT_MAX_IP_ENTRIES | No | 10000 | Maximum number of tracked IP limiter entries. |
TRUST_PROXY_HEADERS | No | false | Trust X-Forwarded-For/X-Real-IP when running behind a trusted proxy. |
OFFLINE_SIGNING_ENCRYPTION_KEY | No* | None | Stable 32+ character secret used to encrypt offline signing private keys at rest. Required before creating or using signing keys. |
OFFLINE_TOKEN_ISSUER | No | simple-license-server | Issuer claim written to offline JWTs. Clients should verify this value during offline validation. |
OFFLINE_TOKEN_AUDIENCE | No | None | Optional audience claim written to offline JWTs. Leave empty when clients do not validate an audience. |
Validation notes
*One ofMANAGEMENT_API_KEYSorMANAGEMENT_API_KEYmust be set.- All API keys must be at least 16 characters.
- Set
UI_ENABLED=trueto serve the bundled console included in the Docker image. - Use
POST /management/api-keysto create generated server API keys for/generateand/revoke. - All timeout values must be valid Go durations (for example
15s,10m). - When
RATE_LIMIT_ENABLED=true, all rate-limit numeric values must be greater than zero. - Booleans accept values like
true/false,1/0,yes/no. *OFFLINE_SIGNING_ENCRYPTION_KEYis optional for online-only licensing, but required before creating offline signing keys or issuing offline tokens.- Offline token issuance is controlled per slug with
offline_enabledandoffline_token_lifetime_hours; all slugs default to offline disabled with a 24-hour token lifetime.