You can customize and tweak the configuration of the Hasura GraphQL Engine using your project’s configuration file.

Below, you will find the official CUE schema and an example on how to configure your GraphQL service.

Available Settings

Schema
// Configuration for hasura service
#Hasura: {
	// Version of hasura, you can see available versions in the URL below:
	// https://hub.docker.com/r/hasura/graphql-engine/tags
	version: string | *"v2.33.4-ce"

	// JWT Secrets configuration
	jwtSecrets: [#JWTSecret]

	// Admin secret
	adminSecret: string

	// Webhook secret
	webhookSecret: string

	// Configuration for hasura services
	// Reference: https://hasura.io/docs/latest/deployment/graphql-engine-flags/reference/
	settings: {
		// HASURA_GRAPHQL_CORS_DOMAIN
		corsDomain: [...#Url] | *["*"]
		// HASURA_GRAPHQL_DEV_MODE
		devMode: bool | *true
		// HASURA_GRAPHQL_ENABLE_ALLOWLIST
		enableAllowList: bool | *false
		// HASURA_GRAPHQL_ENABLE_CONSOLE
		enableConsole: bool | *true
		// HASURA_GRAPHQL_ENABLE_REMOTE_SCHEMA_PERMISSIONS
		enableRemoteSchemaPermissions: bool | *false
		// HASURA_GRAPHQL_ENABLED_APIS
		enabledAPIs: [...#HasuraAPIs] | *["metadata", "graphql", "pgdump", "config"]

		// HASURA_GRAPHQL_LIVE_QUERIES_MULTIPLEXED_REFETCH_INTERVAL
		liveQueriesMultiplexedRefetchInterval: uint32 | *1000

        // HASURA_GRAPHQL_STRINGIFY_NUMERIC_TYPES
        stringifyNumericTypes: bool | *false
	}

    authHook?: {
        // HASURA_GRAPHQL_AUTH_HOOK
        url: string

        // HASURA_GRAPHQL_AUTH_HOOK_MODE
        mode: "GET"|*"POST"

        // HASURA_GRAPHQL_AUTH_HOOK_SEND_REQUEST_BODY
        sendRequestBody: bool | *true
    }

	logs: {
		// HASURA_GRAPHQL_LOG_LEVEL
		level: "debug" | "info" | "error" | *"warn"
	}

	events: {
		// HASURA_GRAPHQL_EVENTS_HTTP_POOL_SIZE
		httpPoolSize: uint32 & >=1 & <=100 | *100
	}

	// Resources for the service
	resources?: #Resources
}

Example Configuration

To configure your GraphQL instance, simply set the relevant settings under [hasura] in your project’s configuration file.

nhost.toml
[hasura]
version = ''
adminSecret = 'adminsecret'
webhookSecret = 'webhooksecret'

[[hasura.jwtSecrets]]
type = 'HS256'
key = 'secret'

[hasura.settings]
corsDomain = ['*']
devMode = false
enableAllowList = true
enableConsole = true
enableRemoteSchemaPermissions = true
enabledAPIs = ['metadata']
liveQueriesMultiplexedRefetchInterval = 1000
stringifyNumericTypes = false

[hasura.logs]
level = 'warn'

[hasura.events]
httpPoolSize = 10

[hasura.resources]
replicas = 1

[hasura.resources.compute]
cpu = 500
memory = 1024

JWT Secret

Zooming in on JWTSecret.

Schema
#JWTSecret:
	({
		type: "HS384" | "HS512" | "RS256" | "RS384" | "RS512" | "Ed25519" | *"HS256"
		key:  string
	} |
	{
		jwk_url: #Url | *null
	}) &
	{
		claims_format?: "stringified_json" | *"json"
		audience?:      string
		issuer?:        string
		allowed_skew?:  uint32
		header?:        string
	} & {
		claims_map?: [...#ClaimMap]

	} &
	({
		claims_namespace: string | *"https://hasura.io/jwt/claims"
	} |
	{
		claims_namespace_path: string
	} | *{})

#ClaimMap: {
	claim: string
	{
		value: string
	} | {
		path:     string
		default?: string
	}
} & {
}

Example Configuration

nhost.toml
# example 1
[[hasura.jwtSecrets]]
type = 'HS256'
key = 'secret'

# example 2
[[hasura.jwtSecrets]]
jwk_url = 'https:/....'

# example 3
[[hasura.jwtSecrets]]
jwk_url = "https://......"
issuer = "https://my-auth-server.com"

[[hasura.jwtSecrets.claims_map]]
claim = "x-some-claim"
value = "some-value"

[[hasura.jwtSecrets.claims_map]]
claim = "x-other-claim"
path = "$.user.claim.id"
default = "default-value"

Read how Authentication Using JWTs works in Hasura