Environment Variables Reference - SGIVU Config Repository

Overview

This page documents all environment variables used across the SGIVU microservices architecture. Variables follow the format ${VAR_NAME:default_value} where :default_value is optional.

Variables without default values are required and will cause startup failure if not set.

Variable Format

Spring Boot configuration files use the following syntax:

# Variable with default value
server:
  port: ${PORT:8080}

# Required variable (no default)
datasource:
  password: ${DB_PASSWORD}

# Variable in interpolated string
datasource:
  url: jdbc:postgresql://${DB_HOST:localhost}:${DB_PORT:5432}/${DB_NAME}

Common Variables (All Services)

These variables are used across multiple services in base configuration files.

Service Discovery

EUREKA_URL

string

default:"http://sgivu-discovery:8761/eureka"

Eureka service registry URL. All microservices register with Eureka for service discovery.Example values:

Dev: http://localhost:8761/eureka
Prod: http://eureka-server.sgivu.internal:8761/eureka

Service URLs

SGIVU_AUTH_URL

string

default:"http://sgivu-auth:9000"

Authorization server URL for OAuth2 authentication.Used by: Gateway, User, Client, Vehicle, Purchase-Sale services

SGIVU_GATEWAY_URL

string

default:"http://sgivu-gateway:8080"

API Gateway URL.Used by: Auth service

SGIVU_USER_URL

string

default:"http://sgivu-user:8081"

User service URL for internal service-to-service calls.Used by: Auth, Purchase-Sale services

SGIVU_CLIENT_URL

string

default:"http://sgivu-client:8082"

Client service URL.Used by: Purchase-Sale service

SGIVU_VEHICLE_URL

string

default:"http://sgivu-vehicle:8083"

Vehicle service URL.Used by: Purchase-Sale service

Security

SERVICE_INTERNAL_SECRET_KEY

string

required

Shared secret for internal service-to-service authentication. No default value.Used by: Auth, User, Client, Vehicle, Purchase-Sale servicesSecurity requirements:

Minimum 64 characters
Cryptographically random
Different per environment
Rotated periodically

Example generation:

openssl rand -base64 64 | tr -d '\n'

SGIVU_GATEWAY_SECRET

string

required

OAuth2 client secret for gateway-auth communication. No default value.Used by: Auth service (server), Gateway service (client)Security requirements:

Minimum 32 characters
Keep in sync between auth and gateway
Store in secrets management system

Server Configuration

PORT

integer

default:"varies by service"

HTTP server port for the service.Default ports:

Gateway: 8080
User: 8081
Client: 8082
Vehicle: 8083
Purchase-Sale: 8084
Auth: 9000
Discovery: 8761

ISSUER_URL

string

default:"http://sgivu-auth:9000"

OAuth2 issuer URL for JWT token validation.Used by: Auth service

Flyway Migrations

FLYWAY_BASELINE_ON_MIGRATE

boolean

default:"false"

Whether Flyway should baseline an existing database.Usage:

Dev: true (allows migrations on existing schemas)
Prod: false (requires explicit baseline)

Used by: All services with databases

Auth Service Variables

Database (Dev)

DEV_AUTH_DB_HOST

string

default:"host.docker.internal"

PostgreSQL host for auth service in dev environment.

DEV_AUTH_DB_PORT

string

default:"5432"

PostgreSQL port for auth service in dev environment.

DEV_AUTH_DB_NAME

string

required

Database name for auth service in dev. No default value.

DEV_AUTH_DB_USERNAME

string

required

Database username for auth service in dev. No default value.

DEV_AUTH_DB_PASSWORD

string

required

Database password for auth service in dev. No default value.

Database (Prod)

PROD_AUTH_DB_HOST

string

default:"host.docker.internal"

PostgreSQL host for auth service in production.

PROD_AUTH_DB_PORT

string

default:"5432"

PostgreSQL port for auth service in production.

PROD_AUTH_DB_NAME

string

required

Database name for auth service in production. No default value.

PROD_AUTH_DB_USERNAME

string

required

Database username for auth service in production. No default value.

PROD_AUTH_DB_PASSWORD

string

required

Database password for auth service in production. No default value.

JWT Configuration

JWT_KEYSTORE_LOCATION

string

required

File path or classpath location of the JWT signing keystore. No default value.Example values:

file:/etc/sgivu/jwt-keystore.jks
classpath:keystore/jwt.jks

Security: Store keystore file outside application JAR in production.

JWT_KEYSTORE_PASSWORD

string

required

Password for the JWT keystore file. No default value.

JWT_KEY_ALIAS

string

required

Alias of the signing key within the keystore. No default value.

JWT_KEY_PASSWORD

string

required

Password for the signing key. No default value.

Application URLs

DEV_ANGULAR_APP_URL

string

required

Angular frontend URL in dev environment. No default value.Example: http://localhost:4200Used for: OAuth redirects, CORS configuration

PROD_ANGULAR_APP_URL

string

required

Angular frontend URL in production. No default value.Example: https://app.sgivu.com

OPENAPI_SERVER_URL

string

required

Base URL for OpenAPI “Try it out” feature in production. No default value.Example: https://api.sgivu.comUsed by: Auth, User, Client, Vehicle, Purchase-Sale services (prod only)

Gateway Service Variables

Redis Session Store

REDIS_HOST

string

default:"sgivu-redis"

Redis server hostname for session management.Production: Use managed Redis service (ElastiCache, Redis Cloud, etc.)

REDIS_PORT

string

default:"6379"

Redis server port.

REDIS_PASSWORD

string

required

Redis authentication password. No default value.Security: Always set a strong password for Redis in all environments.

User Service Variables

Database (Dev)

DEV_USER_DB_HOST

string

default:"host.docker.internal"

PostgreSQL host for user service in dev.

DEV_USER_DB_PORT

string

default:"5432"

PostgreSQL port for user service in dev.

DEV_USER_DB_NAME

string

required

Database name for user service in dev. No default value.

DEV_USER_DB_USERNAME

string

required

Database username for user service in dev. No default value.

DEV_USER_DB_PASSWORD

string

required

Database password for user service in dev. No default value.

Database (Prod)

PROD_USER_DB_HOST

string

required

PostgreSQL host for user service in production. No default value.

PROD_USER_DB_PORT

string

required

PostgreSQL port for user service in production. No default value.

PROD_USER_DB_NAME

string

required

Database name for user service in production. No default value.

PROD_USER_DB_USERNAME

string

required

Database username for user service in production. No default value.

PROD_USER_DB_PASSWORD

string

required

Database password for user service in production. No default value.

Client Service Variables

Database (Dev)

DEV_CLIENT_DB_HOST

string

default:"host.docker.internal"

PostgreSQL host for client service in dev.

DEV_CLIENT_DB_PORT

string

default:"5432"

PostgreSQL port for client service in dev.

DEV_CLIENT_DB_NAME

string

required

Database name for client service in dev. No default value.

DEV_CLIENT_DB_USERNAME

string

required

Database username for client service in dev. No default value.

DEV_CLIENT_DB_PASSWORD

string

required

Database password for client service in dev. No default value.

Database (Prod)

PROD_CLIENT_DB_HOST

string

required

PostgreSQL host for client service in production. No default value.

PROD_CLIENT_DB_PORT

string

required

PostgreSQL port for client service in production. No default value.

PROD_CLIENT_DB_NAME

string

required

Database name for client service in production. No default value.

PROD_CLIENT_DB_USERNAME

string

required

Database username for client service in production. No default value.

PROD_CLIENT_DB_PASSWORD

string

required

Database password for client service in production. No default value.

Vehicle Service Variables

Database (Dev)

DEV_VEHICLE_DB_HOST

string

default:"host.docker.internal"

PostgreSQL host for vehicle service in dev.

DEV_VEHICLE_DB_PORT

string

default:"5432"

PostgreSQL port for vehicle service in dev.

DEV_VEHICLE_DB_NAME

string

required

Database name for vehicle service in dev. No default value.

DEV_VEHICLE_DB_USERNAME

string

required

Database username for vehicle service in dev. No default value.

DEV_VEHICLE_DB_PASSWORD

string

required

Database password for vehicle service in dev. No default value.

Database (Prod)

PROD_VEHICLE_DB_HOST

string

required

PostgreSQL host for vehicle service in production. No default value.

PROD_VEHICLE_DB_PORT

string

required

PostgreSQL port for vehicle service in production. No default value.

PROD_VEHICLE_DB_NAME

string

required

Database name for vehicle service in production. No default value.

PROD_VEHICLE_DB_USERNAME

string

required

Database username for vehicle service in production. No default value.

PROD_VEHICLE_DB_PASSWORD

string

required

Database password for vehicle service in production. No default value.

AWS S3 Configuration

AWS_VEHICLES_BUCKET

string

required

S3 bucket name for vehicle images. No default value.Example: sgivu-vehicle-images-prodPermissions required:

s3:PutObject
s3:GetObject
s3:DeleteObject
s3:ListBucket

AWS_S3_ALLOWED_ORIGINS

string

default:"http://localhost:4200,https://localhost:4200"

Comma-separated list of allowed CORS origins for S3 bucket.Production example: https://app.sgivu.com,https://www.sgivu.com

AWS_ACCESS_KEY

string

required

AWS IAM access key ID. No default value.Best practice: Use IAM roles instead of access keys when running on AWS infrastructure.

AWS_SECRET_KEY

string

required

AWS IAM secret access key. No default value.Security: Never commit this value to version control.

AWS_REGION

string

required

AWS region for S3 bucket. No default value.Example: us-east-1, eu-west-1

Purchase Sale Service Variables

Database (Dev)

DEV_PURCHASE_SALE_DB_HOST

string

default:"host.docker.internal"

PostgreSQL host for purchase-sale service in dev.

DEV_PURCHASE_SALE_DB_PORT

string

default:"5432"

PostgreSQL port for purchase-sale service in dev.

DEV_PURCHASE_SALE_DB_NAME

string

required

Database name for purchase-sale service in dev. No default value.

DEV_PURCHASE_SALE_DB_USERNAME

string

required

Database username for purchase-sale service in dev. No default value.

DEV_PURCHASE_SALE_DB_PASSWORD

string

required

Database password for purchase-sale service in dev. No default value.

Database (Prod)

PROD_PURCHASE_SALE_DB_HOST

string

required

PostgreSQL host for purchase-sale service in production. No default value.

PROD_PURCHASE_SALE_DB_PORT

string

required

PostgreSQL port for purchase-sale service in production. No default value.

PROD_PURCHASE_SALE_DB_NAME

string

required

Database name for purchase-sale service in production. No default value.

PROD_PURCHASE_SALE_DB_USERNAME

string

required

Database username for purchase-sale service in production. No default value.

PROD_PURCHASE_SALE_DB_PASSWORD

string

required

Database password for purchase-sale service in production. No default value.

Setting Environment Variables

Local Development

Create a .env file (not committed to git):

# .env
export DEV_AUTH_DB_NAME=auth_dev
export DEV_AUTH_DB_USERNAME=dev_user
export DEV_AUTH_DB_PASSWORD=dev_pass
export SERVICE_INTERNAL_SECRET_KEY=your-secret-key-here
export SGIVU_GATEWAY_SECRET=gateway-secret-here
# ... other variables

Source before running:

source .env
java -jar sgivu-auth.jar --spring.profiles.active=dev

Docker Compose

version: '3.8'
services:
  sgivu-auth:
    image: sgivu-auth:latest
    environment:
      SPRING_PROFILES_ACTIVE: dev
      DEV_AUTH_DB_HOST: postgres
      DEV_AUTH_DB_PORT: 5432
      DEV_AUTH_DB_NAME: auth_dev
      DEV_AUTH_DB_USERNAME: dev_user
      DEV_AUTH_DB_PASSWORD: dev_pass
      SERVICE_INTERNAL_SECRET_KEY: ${SERVICE_INTERNAL_SECRET_KEY}
      SGIVU_GATEWAY_SECRET: ${SGIVU_GATEWAY_SECRET}
    env_file:
      - .env.local  # For sensitive values

Kubernetes Secrets

apiVersion: v1
kind: Secret
metadata:
  name: sgivu-common-secrets
  namespace: production
type: Opaque
stringData:
  SERVICE_INTERNAL_SECRET_KEY: "your-secret-key"
  SGIVU_GATEWAY_SECRET: "gateway-secret"
---
apiVersion: v1
kind: Secret
metadata:
  name: sgivu-auth-db-secrets
  namespace: production
type: Opaque
stringData:
  PROD_AUTH_DB_NAME: "auth_prod"
  PROD_AUTH_DB_USERNAME: "auth_user"
  PROD_AUTH_DB_PASSWORD: "secure-password"

Reference in Deployment:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: sgivu-auth
spec:
  template:
    spec:
      containers:
      - name: sgivu-auth
        env:
        - name: SPRING_PROFILES_ACTIVE
          value: "prod"
        envFrom:
        - secretRef:
            name: sgivu-common-secrets
        - secretRef:
            name: sgivu-auth-db-secrets

Kubernetes ConfigMap (Non-Sensitive)

apiVersion: v1
kind: ConfigMap
metadata:
  name: sgivu-common-config
  namespace: production
data:
  EUREKA_URL: "http://eureka-service:8761/eureka"
  SGIVU_AUTH_URL: "http://sgivu-auth-service:9000"
  SGIVU_GATEWAY_URL: "http://sgivu-gateway-service:8080"
  AWS_REGION: "us-east-1"
  OPENAPI_SERVER_URL: "https://api.sgivu.com"

Security Best Practices

Never Commit Secrets

Never commit passwords, API keys, or secrets to the config repository or any version control.

Use Strong Secrets

Generate cryptographically random secrets with sufficient length (64+ characters for shared secrets).

Rotate Regularly

Implement a rotation schedule for all secrets (quarterly or semi-annually).

Principle of Least Privilege

Grant services only the permissions they need (database users, IAM roles, etc.).

Use Secrets Management

Use dedicated secrets management (Vault, AWS Secrets Manager, etc.) in production.

Audit Access

Monitor and log access to secrets and sensitive configuration.

Required vs Optional Variables

Required (No Defaults)

These variables must be set or the service will fail to start:

Security Secrets

SERVICE_INTERNAL_SECRET_KEY
SGIVU_GATEWAY_SECRET
JWT_KEYSTORE_LOCATION
JWT_KEYSTORE_PASSWORD
JWT_KEY_ALIAS
JWT_KEY_PASSWORD
REDIS_PASSWORD

Database Credentials

All *_DB_NAME, *_DB_USERNAME, *_DB_PASSWORD variables (no defaults)

AWS Configuration

AWS_VEHICLES_BUCKET
AWS_ACCESS_KEY
AWS_SECRET_KEY
AWS_REGION

Application URLs

DEV_ANGULAR_APP_URL (dev profile)
PROD_ANGULAR_APP_URL (prod profile)
OPENAPI_SERVER_URL (prod profile)

Optional (With Defaults)

These variables have sensible defaults for Docker/Kubernetes networking:

EUREKA_URL (default: http://sgivu-discovery:8761/eureka)
SGIVU_AUTH_URL (default: http://sgivu-auth:9000)
SGIVU_GATEWAY_URL (default: http://sgivu-gateway:8080)
Service URLs (all have Docker service name defaults)
PORT (each service has a default port)
REDIS_HOST (default: sgivu-redis)
REDIS_PORT (default: 6379)
Database hosts/ports in dev (default: host.docker.internal:5432)

Validation Checklist

Before deploying, verify all required variables are set:

List all environment variables

env | grep -E '(DEV_|PROD_|AWS_|JWT_|SERVICE_|SGIVU_|REDIS_)' | sort

Check for empty values

# This should return nothing
env | grep -E '(DEV_|PROD_|AWS_|JWT_|SERVICE_|SGIVU_|REDIS_)' | grep '=$'

Test database connectivity

psql -h $PROD_AUTH_DB_HOST -p $PROD_AUTH_DB_PORT -U $PROD_AUTH_DB_USERNAME -d $PROD_AUTH_DB_NAME -c '\dt'

Verify AWS credentials

aws s3 ls s3://$AWS_VEHICLES_BUCKET --region $AWS_REGION

Test Redis connection

redis-cli -h $REDIS_HOST -p $REDIS_PORT -a $REDIS_PASSWORD ping

Overview

Profile mechanism and configuration merging

Dev Environment

Development environment setup

Prod Environment

Production deployment and security

Overview

Getting Started

Service Configuration

Environment Management

Operations

​Overview

​Variable Format

​Common Variables (All Services)

​Service Discovery

​Service URLs

​Security

​Server Configuration

​Flyway Migrations

​Auth Service Variables

​Database (Dev)

​Database (Prod)

​JWT Configuration

​Application URLs

​Gateway Service Variables

​Redis Session Store

​User Service Variables

​Database (Dev)

​Database (Prod)

​Client Service Variables

​Database (Dev)

​Database (Prod)

​Vehicle Service Variables

​Database (Dev)

​Database (Prod)

​AWS S3 Configuration

​Purchase Sale Service Variables

​Database (Dev)

​Database (Prod)

​Setting Environment Variables

​Local Development

​Docker Compose

​Kubernetes Secrets

​Kubernetes ConfigMap (Non-Sensitive)

​Security Best Practices

Never Commit Secrets

Use Strong Secrets

Rotate Regularly

Principle of Least Privilege

Use Secrets Management

Audit Access

​Required vs Optional Variables

​Required (No Defaults)

​Optional (With Defaults)

​Validation Checklist

​See Also

Overview

Dev Environment

Prod Environment

Build docs developers (and LLMs) love

Overview

Variable Format

Common Variables (All Services)

Service Discovery

Service URLs

Security

Server Configuration

Flyway Migrations

Auth Service Variables

Database (Dev)

Database (Prod)

JWT Configuration

Application URLs

Gateway Service Variables

Redis Session Store

User Service Variables

Database (Dev)

Database (Prod)

Client Service Variables

Database (Dev)

Database (Prod)

Vehicle Service Variables

Database (Dev)

Database (Prod)

AWS S3 Configuration

Purchase Sale Service Variables

Database (Dev)

Database (Prod)

Setting Environment Variables

Local Development

Docker Compose

Kubernetes Secrets

Kubernetes ConfigMap (Non-Sensitive)

Security Best Practices

Required vs Optional Variables

Required (No Defaults)

Optional (With Defaults)

Validation Checklist

See Also