Skip to main content

Configuration

All configuration is via environment variables prefixed with CAIRN_. Each subsystem has its own group (CAIRN_<GROUP>_<KEY>), processed in one pass at startup. Below are the variables you'll most often set; defaults in parentheses.

Core

VariableNotes
CAIRN_DATABASE_URLrequiredpostgres://user:pass@host:5432/cairn
CAIRN_DATABASE_AUTO_MIGRATErun goose migrations on boot (false)
CAIRN_HTTP_ADDRlisten address (0.0.0.0:8080)
CAIRN_HTTP_PUBLIC_BASE_URLexternal URL — used for OAuth/redirects/federation (http://localhost:8080)
CAIRN_HTTP_CORS_ALLOWED_ORIGINScomma-separated origins for browser clients
CAIRN_HTTP_TLS_CERT_FILE / ..._TLS_KEY_FILEterminate TLS in-process (or use a proxy)

Auth

VariableNotes
CAIRN_AUTH_SESSION_SECRETsecret for session/token signing — set a long random value

See OAuth & MCP for the authorization-server settings (scopes, token lifetimes, dynamic client registration).

NATS (control plane)

VariableNotes
CAIRN_NATS_URLnats://nats:4222
CAIRN_NATS_CLUSTER_NAMEoptional guard against pointing at the wrong cluster
CAIRN_NATS_CREDS_FILE / CAIRN_NATS_USERNAME / CAIRN_NATS_PASSWORDcredentials (prod: nkey/JWT creds file)

Storage (S3-compatible, optional)

VariableNotes
CAIRN_STORAGE_ENDPOINTe.g. https://minio.local
CAIRN_STORAGE_BUCKETbucket name (cairn)
CAIRN_STORAGE_ACCESS_KEY_ID / ..._SECRET_ACCESS_KEYwhen both empty, core runs without blob storage

Other groups

CAIRN_EMAIL_* (SMTP for verification/reset), CAIRN_INSTANCE_* (name, bootstrap admin, invite policy), CAIRN_LOG_*, CAIRN_SCHEDULER_*, CAIRN_GEOCODER_*, CAIRN_QUOTA_MAX_ACTIVITIES_PER_USER, and CAIRN_FEDERATION_ENABLED for ActivityPub.

tip

Start from dev.env.example in cairn-core — it lists every variable with sane local defaults.