Skip to main content

Overview

suSHi uses environment variables for configuration, loaded via the utils/load_config.go module. All settings can be configured through environment variables, with some having default values.

Configuration Loading

The application loads configuration in the following order:
  1. Environment variables (highest priority)
  2. OAuth configuration from config/oauth.yaml
  3. Default values (lowest priority)
Environment variables are read at application startup using Go’s os.Getenv() function.

Core Configuration

Server Settings

SERVER_PORT
string
required
Port number for the HTTP server.Example: 8080Used in: docker-compose.yaml:30, load_config.go:20
LOG_LEVEL
string
default:"Info"
Logging level for the application. Valid values: Debug, Info, Warn, Error.Example: DebugUsed in: docker-compose.yaml:31, load_config.go:22
Use Debug only in development. Set to Info or Warn in production for better performance.
LOG_PATH
string
default:"./logs"
Directory path for log files. Trailing slashes are automatically removed.Example: ./logs or /var/log/sushiUsed in: load_config.go:23, load_config.go:42-46
JWT_SECRET
string
required
Secret key for signing JWT tokens. Must be kept secure.Minimum length: 32 characters recommendedExample: your_random_jwt_secret_min_32_charsUsed in: docker-compose.yaml:32, load_config.go:21
Critical Security Setting: Never use the default value secret123 in production. Generate a strong random secret.

Database Configuration

All database connection parameters are loaded from environment variables and used to construct the connection string.
DB_HOST
string
required
PostgreSQL database host. Use postgres when running with Docker Compose (service name), or localhost for local development.Example: postgres (Docker) or localhostUsed in: docker-compose.yaml:33, load_config.go:32
DB_PORT
string
required
PostgreSQL database port.Default PostgreSQL port: 5432Used in: docker-compose.yaml:34, load_config.go:33
DB_USER
string
required
PostgreSQL database username.Example: postgresUsed in: docker-compose.yaml:35, load_config.go:34
DB_PASSWORD
string
required
PostgreSQL database password.Example: secure_password_hereUsed in: docker-compose.yaml:36, load_config.go:35
Change the default password postgres in production deployments.
DB_NAME
string
required
PostgreSQL database name.Example: sushiUsed in: docker-compose.yaml:37, load_config.go:36
MIGRATE_DB
boolean
default:"false"
Enable automatic database migrations on startup. Set to true to run migrations automatically.Example: trueUsed in: docker-compose.yaml:38, load_config.go:38, migrations.go:13-18When enabled, the application will automatically run all pending migrations from the db/migrations/ directory using Goose.

OAuth Authentication

suSHi supports OAuth authentication with Google and GitHub. Configuration is loaded from both environment variables and the config/oauth.yaml file.

Google OAuth

GOOGLE_CLIENT_ID
string
Google OAuth 2.0 client ID from Google Cloud Console.Used in: docker-compose.yaml:41, load_config.go:66, oauth.yaml:3How to obtain: Create OAuth 2.0 credentials in Google Cloud Console
GOOGLE_CLIENT_SECRET
string
Google OAuth 2.0 client secret.Used in: docker-compose.yaml:42, load_config.go:67, oauth.yaml:4
Keep this value secret. Never commit it to version control.
GOOGLE_REDIRECT_URL
string
OAuth callback URL for Google authentication.Example: http://localhost:8080/api/v1/auth/callbackUsed in: docker-compose.yaml:43, load_config.go:68, oauth.yaml:8OAuth Scopes (from oauth.yaml:5-7):
  • https://www.googleapis.com/auth/userinfo.email
  • https://www.googleapis.com/auth/userinfo.profile

GitHub OAuth

GITHUB_CLIENT_ID
string
GitHub OAuth App client ID.Used in: docker-compose.yaml:45, load_config.go:69, oauth.yaml:12How to obtain: Create an OAuth App in GitHub Developer Settings
GITHUB_CLIENT_SECRET
string
GitHub OAuth App client secret.Used in: docker-compose.yaml:46, load_config.go:70, oauth.yaml:13
Keep this value secret. Never commit it to version control.
GITHUB_REDIRECT_URL
string
OAuth callback URL for GitHub authentication.Example: http://localhost:8080/api/v1/auth/callbackUsed in: docker-compose.yaml:47, load_config.go:71, oauth.yaml:17OAuth Scopes (from oauth.yaml:14-16):
  • read:user
  • read:email

SSH Configuration

These environment variables configure SSH connections for remote machine management.
SSH_HOST
string
SSH server hostname or IP address.Used in: load_config.go:26
SSH_PORT
string
default:"22"
SSH server port.Used in: load_config.go:27
SSH_USER
string
SSH username for authentication.Used in: load_config.go:28
SSH_PRIVATE_KEY
string
Path to SSH private key file or the private key content.Used in: load_config.go:29

Configuration File Structure

The configuration is mapped to the following Go struct (from models/config.go): 
type Config struct {
    ServerPort         string
    JWTSecret          string
    LogLevel           string
    LogPath            string
    SSHConfig          SSHConfig
    DatabaseConfig     DatabaseConfig
    DB                 *pgxpool.Pool
    Router             *chi.Mux
    DoMigrations       bool
    OAuthConfig        OAuthConfig
}

type DatabaseConfig struct {
    Host     string
    Port     string
    User     string
    Password string
    Database string
    String   string
}

type OAuthConfig struct {
    Google ProviderConfig
    GitHub ProviderConfig
}

type ProviderConfig struct {
    ClientID     string
    ClientSecret string
    Scopes       []string
    RedirectURL  string
    State        string
}

Environment File Examples

Development (.env.development)

# Server Configuration
SERVER_PORT=8080
LOG_LEVEL=Debug
LOG_PATH=./logs
JWT_SECRET=dev_secret_change_in_production

# Database Configuration
DB_HOST=localhost
DB_PORT=5432
DB_USER=postgres
DB_PASSWORD=postgres
DB_NAME=sushi
MIGRATE_DB=true

# OAuth - Leave empty if not using
GOOGLE_CLIENT_ID=
GOOGLE_CLIENT_SECRET=
GOOGLE_REDIRECT_URL=http://localhost:8080/api/v1/auth/callback

GITHUB_CLIENT_ID=
GITHUB_CLIENT_SECRET=
GITHUB_REDIRECT_URL=http://localhost:8080/api/v1/auth/callback

Production (.env.production)

# Server Configuration
SERVER_PORT=8080
LOG_LEVEL=Info
LOG_PATH=/var/log/sushi
JWT_SECRET=your_secure_random_jwt_secret_minimum_32_characters_long

# Database Configuration
DB_HOST=postgres
DB_PORT=5432
DB_USER=sushi_user
DB_PASSWORD=your_secure_database_password_here
DB_NAME=sushi_prod
MIGRATE_DB=true

# OAuth Configuration
GOOGLE_CLIENT_ID=your_google_client_id.apps.googleusercontent.com
GOOGLE_CLIENT_SECRET=your_google_client_secret
GOOGLE_REDIRECT_URL=https://yourdomain.com/api/v1/auth/callback

GITHUB_CLIENT_ID=your_github_client_id
GITHUB_CLIENT_SECRET=your_github_client_secret
GITHUB_REDIRECT_URL=https://yourdomain.com/api/v1/auth/callback

Using Environment Files with Docker

To use an environment file with Docker Compose:
1

Create an environment file

Create a .env file in the same directory as docker-compose.yaml:
cp .env.production .env
2

Update docker-compose.yaml

Replace the environment section with env_file:
sushi-backend:
  image: breeze5690/sushi-backend-prod:v1
  ports:
    - "8080:8080"
  env_file:
    - .env
  depends_on:
    - postgres
  restart: always
3

Start the services

docker-compose up -d
Security Best Practice: Never commit .env files containing secrets to version control. Add them to .gitignore.

Validation and Troubleshooting

Check Configuration Loading

Enable debug logging to see configuration values at startup: 
LOG_LEVEL=Debug
The application logs will show which configuration values were loaded (sensitive values are not logged).

Common Issues

Database connection failed:
  • Verify DB_HOST, DB_PORT, DB_USER, DB_PASSWORD, and DB_NAME are correct
  • Ensure the database server is running and accessible
  • Check firewall rules if using a remote database
OAuth authentication not working:
  • Verify client ID and secret are correct
  • Ensure redirect URLs match exactly in both the OAuth provider settings and your configuration
  • Check that the OAuth provider’s authorized domains include your application domain
Migrations not running:
  • Ensure MIGRATE_DB=true (not MIGRATE_DB=True or MIGRATE_DB=1)
  • Check that the database user has permission to create tables
  • Review logs for migration errors

Next Steps

Build docs developers (and LLMs) love

Get started for freeTalk to us