Configuration
Enterprise deployments use environment-specific configuration supplied during onboarding. This page describes the public configuration categories, not internal service names.
Core Settings
| Setting | Purpose |
|---|---|
OPENFACTORY_PUBLIC_URL | User-facing console URL |
OPENFACTORY_API_URL | Public API URL for clients and integrations |
OPENFACTORY_SECRET_KEY | Strong generated secret used by the deployment |
OPENFACTORY_ARTIFACT_STORAGE | Durable artifact storage location |
OPENFACTORY_LOG_LEVEL | Runtime logging level |
Identity
| Setting | Purpose |
|---|---|
OPENFACTORY_AUTH_MODE | Local, SAML, OIDC, or Enterprise-managed identity |
OPENFACTORY_OIDC_ISSUER | OIDC issuer URL when OIDC is enabled |
OPENFACTORY_OIDC_CLIENT_ID | OIDC client identifier |
OPENFACTORY_OIDC_CLIENT_SECRET | OIDC client secret stored in your secrets manager |
Execution Targets
| Setting | Purpose |
|---|---|
OPENFACTORY_BUILD_CAPACITY | Expected concurrent build capacity |
OPENFACTORY_VM_TARGETS | Registered VM or hypervisor targets |
OPENFACTORY_PACKAGE_MIRRORS | Approved package mirrors for connected or restricted environments |
OPENFACTORY_HARDWARE_PROFILE | Optional validated hardware profile when enabled for your deployment |
Integrations
| Setting | Purpose |
|---|---|
OPENFACTORY_SERVICENOW_INSTANCE | ServiceNow instance URL |
OPENFACTORY_AUDIT_EXPORT | Audit log export destination |
OPENFACTORY_WEBHOOK_TARGETS | Approved outbound webhook destinations |
Secret Handling
- Generate unique secrets per environment.
- Store secrets in a managed secrets system.
- Do not commit secrets to Git.
- Rotate secrets as part of onboarding, staff changes, and incident response.
Last updated on