masks.yml

Although masks can be configured in a number of ways, YML is a convenient option.

Note

Masks will search for a masks.yml in a MASKS_DIR (if supplied) and your Rails.root (if applicable).

Settings

All of the settings outlined below can be overridden in your masks.yml. ENV vars can be used where noted.

Tip

Remember that you can embed ERB in all .yml config files.

url MASKS_URL string .

default null

mode MASKS_MODE string .

default client

name MASKS_NAME string .

default dynamic

tz MASKS_TZ string .

default Etc/UTC

debug MASKS_DEBUG string .

default dynamic

conf_dir MASKS_DIR string .

default null

data_dir MASKS_DATA_DIR string .

default dynamic

private_key MASKS_PRIVATE_KEY string .

default dynamic

secret_key MASKS_SECRET_KEY string .

default null

encryption_key MASKS_ENCRYPTION_KEY string .

default null

deterministic_key MASKS_DETERMINISTIC_KEY string .

default null

salt MASKS_SALT string .

default null

session_cookie_name string .

default dynamic

session_cookie_lifetime string .

default null

session_inactive string .

default 120 days

device_cookie_name string .

default dynamic

device_cookie_lifetime string .

default 400 days

session_model string .

default Masks::Session

device_inactive string .

default null

login_endpoint string .

default /login

graphql_endpoint string .

default /login.graphql

sso_endpoint string .

default /sso/:provider_id

client_issuer_endpoint string .

default /login/:client_id

client_registration_endpoint string .

default /oidc/client

userinfo_endpoint string .

default /oidc/userinfo

token_endpoint string .

default /oidc/token

manage_endpoint string .

default /masks

callback_endpoint string .

default /callback

oidc_endpoints boolean .

default true

token MASKS_TOKEN string .

default null

actor_model string .

default Masks::InMemory::Actor

client_model string .

default Masks::InMemory::Client

device_model string .

default Masks::InMemory::Device

token_model string .

default Masks::InMemory::Token

use_secrets boolean .

default false

use_sessions boolean .

default false

Server

Note

Unlike most other settings, some of the server settings can only be configured with ENV vars.

port MASKS_PORT int . Accepted via ENV var only.

default 5000

workers MASKS_WORKERS int . Accepted via ENV var only.

default 0

run_workers MASKS_RUN_WORKERS boolean . Accepted via ENV var only.

default true

skip_migrations MASKS_SKIP_MIGRATIONS boolean . Accepted via ENV var only.

default false

threads MASKS_THREADS int . Accepted via ENV var only.

default 3

local boolean .

default false

internal_client string .

default null

management_client string .

default masks

client_defaults json .

default null

client_types json .

default null

redirect_missing_clients string .

default dynamic

provider_types json .

default dynamic

phone_adapter MASKS_PHONE_ADAPTER string .

default twilio

phone_country MASKS_PHONE_COUNTRY string .

default CA

storage_adapter MASKS_STORAGE_ADAPTER string .

default disk

email_adapter MASKS_EMAIL_ADAPTER string .

default null

email_limit int .

default 5

email_from MASKS_EMAIL_FROM string .

default null

email_reply_to MASKS_EMAIL_REPLY_TO string .

default null

actor_scopes json .

default dynamic

actor_inactive string .

default null

subject_types string .

default public-uuid

backup_code_min_chars int .

default 8

backup_code_max_chars int .

default 100

backup_code_limit int .

default 10

nickname_format string .

default \A[a-zA-Z][a-zA-Z0-9\-]+\z

nickname_min_chars int .

default 4

nickname_max_chars int .

default 20

password_min_chars int .

default 8

password_max_chars int .

default 100

password_change_cooldown string .

default 15 minutes

otp_issuer string .

default dynamic

webauthn_name string .

default dynamic

webauthn_origins string .

default dynamic

webauthn_algos string .

default ES256

theme_homepage string .

default dynamic

theme_name string .

default dynamic

theme_layout string .

default masks/application

theme_view string .

default masks/login

light_logo_url string .

default null

dark_logo_url string .

default null

favicon_url string .

default null

styles_url string .

default null

terms_url string .

default null

db_url MASKS_DB_URL string .

default null

db_name MASKS_DB_NAME string .

default null

db_adapter MASKS_DB_ADAPTER string .

default sqlite3

queue_db_url MASKS_QUEUE_DB_URL string .

default null

queue_db_name MASKS_QUEUE_DB_NAME string .

default null

queue_db_adapter MASKS_QUEUE_DB_ADAPTER string .

default null

cache_db_url MASKS_CACHE_DB_URL string .

default null

cache_db_name MASKS_CACHE_DB_NAME string .

default null

cache_db_adapter MASKS_CACHE_DB_ADAPTER string .

default null

websockets_db_url MASKS_WEBSOCKETS_DB_URL string .

default null

websockets_db_name MASKS_WEBSOCKETS_DB_NAME string .

default null

websockets_db_adapter MASKS_WEBSOCKETS_DB_ADAPTER string .

default null

sessions_db_url MASKS_SESSIONS_DB_URL string .

default null

sessions_db_name MASKS_SESSIONS_DB_NAME string .

default null

sessions_db_adapter MASKS_SESSIONS_DB_ADAPTER string .

default null

sentry_dsn MASKS_SENTRY_DSN string .

default null

newrelic_app MASKS_NEWRELIC_APP string .

default dynamic

newrelic_license_key MASKS_NEWRELIC_LICENSE_KEY string .

default null

created_at datetime .

read-only

updated_at datetime .

read-only