Configuration

Complete guide to configuring Conduit - Control Plane settings, environment variables, and deployment options.

Configuration Guide

This guide covers all configuration options for Conduit's Control Plane and Edge Connectors.

Configuration Sources

Conduit reads configuration from multiple sources in order of precedence:

  1. Command-line arguments (highest priority)
  2. Environment variables
  3. Configuration file (YAML/JSON)
  4. Default values (lowest priority)

Control Plane Configuration

Core Settings

# conduit.yaml
server:
  host: 0.0.0.0
  port: 8080
  baseUrl: https://conduit.company.com

  cors:
    enabled: true
    origins:
      - https://app.company.com
    methods: [GET, POST, PUT, DELETE]

  rateLimit:
    enabled: true
    requestsPerMinute: 1000

Database Configuration

database:
  type: postgresql
  host: localhost
  port: 5432
  name: conduit
  username: conduit
  password: ${DB_PASSWORD}

  pool:
    min: 5
    max: 20
    idleTimeout: 30000

  ssl:
    enabled: true
    mode: require
    ca: /etc/conduit/certs/db-ca.pem

MQTT Broker

mqtt:
  broker:
    host: localhost
    port: 1883
    username: conduit
    password: ${MQTT_PASSWORD}

  topics:
    commands: conduit/commands
    results: conduit/results
    discovery: conduit/discovery
    health: conduit/health

Authentication

auth:
  jwt:
    secret: ${JWT_SECRET}
    issuer: conduit
    expiresIn: 24h
    refreshExpiresIn: 7d

  apiKeys:
    enabled: true
    headerName: X-API-Key

  oauth:
    enabled: true
    providers:
      - name: google
        clientId: ${GOOGLE_CLIENT_ID}
        clientSecret: ${GOOGLE_CLIENT_SECRET}
      - name: microsoft
        clientId: ${MICROSOFT_CLIENT_ID}
        clientSecret: ${MICROSOFT_CLIENT_SECRET}

Logging

logging:
  level: info  # debug, info, warn, error
  format: json  # json, text

  outputs:
    - type: stdout
    - type: file
      path: /var/log/conduit/conduit.log
      maxSize: 100  # MB
      maxFiles: 10

  audit:
    enabled: true
    destination: database

Edge Connector Configuration

Common Settings

connector:
  id: edge-connector-1
  name: Plant Floor Gateway

  controlPlane:
    url: mqtt://control-plane:1883
    apiKey: ${CONNECTOR_API_KEY}

  cache:
    type: sqlite
    path: /var/lib/conduit/cache.db
    maxSize: 1000  # MB

  health:
    interval: 30  # seconds
    timeout: 10

Adapter Configuration

See individual adapter documentation for specific settings:

Environment Variables

All configuration values can be set via environment variables using the prefix CONDUIT_:

| Config Path | Environment Variable | |-------------|---------------------| | server.port | CONDUIT_SERVER_PORT | | database.host | CONDUIT_DATABASE_HOST | | auth.jwt.secret | CONDUIT_AUTH_JWT_SECRET |

Variable Substitution

Use ${VAR_NAME} in config files to reference environment variables:

database:
  password: ${DB_PASSWORD}

Security Configuration

TLS/SSL

server:
  tls:
    enabled: true
    cert: /etc/conduit/certs/server.pem
    key: /etc/conduit/certs/server.key
    ca: /etc/conduit/certs/ca.pem
    minVersion: TLS1.2

RBAC

rbac:
  enabled: true

  roles:
    - name: admin
      permissions: ["*"]

    - name: operator
      permissions:
        - query:read
        - tags:read
        - adapters:read

    - name: viewer
      permissions:
        - query:read
        - tags:read

  defaultRole: viewer

Secret Management

Integrate with external secret managers:

secrets:
  provider: vault  # vault, aws-secrets, azure-keyvault

  vault:
    address: https://vault.company.com
    token: ${VAULT_TOKEN}
    path: secret/data/conduit

Performance Tuning

Query Settings

query:
  defaultTimeout: 30000  # ms
  maxTimeout: 300000
  maxResultRows: 100000
  parallelExecution: true
  maxParallel: 10

Caching

cache:
  tagMetadata:
    enabled: true
    ttl: 3600
    maxSize: 100000

  queryResults:
    enabled: true
    ttl: 60
    maxSize: 1000

  patterns:
    enabled: true
    ttl: 300

Connection Pools

pools:
  database:
    min: 10
    max: 50
    acquireTimeout: 10000

  http:
    maxConnections: 100
    keepAlive: true

High Availability

Clustering

cluster:
  enabled: true
  name: conduit-cluster

  discovery:
    type: kubernetes  # kubernetes, consul, static
    namespace: conduit

  loadBalancing:
    strategy: round-robin

Redis (for distributed caching)

redis:
  enabled: true
  host: redis.internal
  port: 6379
  password: ${REDIS_PASSWORD}
  database: 0

  sentinel:
    enabled: false
    master: mymaster
    nodes:
      - sentinel1:26379
      - sentinel2:26379

Observability

Metrics (Prometheus)

metrics:
  enabled: true
  port: 9090
  path: /metrics

  labels:
    environment: production
    region: us-east-1

Tracing (OpenTelemetry)

tracing:
  enabled: true
  exporter: otlp

  otlp:
    endpoint: otel-collector:4317
    insecure: false

  sampling:
    type: ratio
    ratio: 0.1

Example Complete Configuration

# /etc/conduit/conduit.yaml

server:
  host: 0.0.0.0
  port: 8080
  tls:
    enabled: true
    cert: /etc/conduit/certs/server.pem
    key: /etc/conduit/certs/server.key

database:
  type: postgresql
  host: ${DB_HOST}
  port: 5432
  name: conduit
  username: conduit
  password: ${DB_PASSWORD}
  ssl:
    enabled: true

mqtt:
  broker:
    host: ${MQTT_HOST}
    port: 8883
    username: conduit
    password: ${MQTT_PASSWORD}
    tls:
      enabled: true

auth:
  jwt:
    secret: ${JWT_SECRET}
    expiresIn: 24h

logging:
  level: info
  format: json
  audit:
    enabled: true

query:
  defaultTimeout: 30000
  maxResultRows: 50000

metrics:
  enabled: true
  port: 9090

Configuration Validation

Validate your configuration before starting:

conduit config validate --file /etc/conduit/conduit.yaml

Next Steps