Configuring Hasura
Hasura GraphQL configuration nhost.toml JWT secrets CORS live queriesYou can customize and tweak the configuration of the Hasura GraphQL Engine using your project’s configuration file.
Below, you will find the official CUE schema and an example on how to configure your GraphQL service.
Available Settings
Section titled “Available Settings”// Configuration for hasura service#Hasura: { // Version of hasura, you can see available versions in the URL below: // https://hub.docker.com/r/hasura/graphql-engine/tags version: string | *"v2.33.4-ce"
// JWT Secrets configuration jwtSecrets: [#JWTSecret]
// Admin secret adminSecret: string
// Webhook secret webhookSecret: string
// Configuration for hasura services // Reference: https://hasura.io/docs/latest/deployment/graphql-engine-flags/reference/ settings: { // HASURA_GRAPHQL_CORS_DOMAIN corsDomain: [...#Url] | *["*"] // HASURA_GRAPHQL_DEV_MODE devMode: bool | *true // HASURA_GRAPHQL_ENABLE_ALLOWLIST enableAllowList: bool | *false // HASURA_GRAPHQL_ENABLE_CONSOLE enableConsole: bool | *true // HASURA_GRAPHQL_ENABLE_REMOTE_SCHEMA_PERMISSIONS enableRemoteSchemaPermissions: bool | *false // HASURA_GRAPHQL_ENABLED_APIS enabledAPIs: [...#HasuraAPIs] | *["metadata", "graphql", "pgdump", "config"]
// HASURA_GRAPHQL_LIVE_QUERIES_MULTIPLEXED_REFETCH_INTERVAL liveQueriesMultiplexedRefetchInterval: uint32 | *1000
// HASURA_GRAPHQL_STRINGIFY_NUMERIC_TYPES stringifyNumericTypes: bool | *false }
authHook?: { // HASURA_GRAPHQL_AUTH_HOOK url: string
// HASURA_GRAPHQL_AUTH_HOOK_MODE mode: "GET"|*"POST"
// HASURA_GRAPHQL_AUTH_HOOK_SEND_REQUEST_BODY sendRequestBody: bool | *true }
logs: { // HASURA_GRAPHQL_LOG_LEVEL level: "debug" | "info" | "error" | *"warn" }
events: { // HASURA_GRAPHQL_EVENTS_HTTP_POOL_SIZE httpPoolSize: uint32 & >=1 & <=100 | *100 }
// Resources for the service resources?: #Resources}Example Configuration
Section titled “Example Configuration”To configure your GraphQL instance, simply set the relevant settings under [hasura] in your project’s configuration file.
[hasura]version = ''adminSecret = 'adminsecret'webhookSecret = 'webhooksecret'
[[hasura.jwtSecrets]]type = 'HS256'key = 'secret'
[hasura.settings]corsDomain = ['*']devMode = falseenableAllowList = trueenableConsole = trueenableRemoteSchemaPermissions = trueenabledAPIs = ['metadata']liveQueriesMultiplexedRefetchInterval = 1000stringifyNumericTypes = false
[hasura.logs]level = 'warn'
[hasura.events]httpPoolSize = 10
[hasura.resources]replicas = 1
[hasura.resources.compute]cpu = 500memory = 1024JWT Secret
Section titled “JWT Secret”Zooming in on JWTSecret.
#JWTSecret: ({ type: "HS384" | "HS512" | "RS256" | "RS384" | "RS512" | "Ed25519" | *"HS256" key: string } | { jwk_url: #Url | *null }) & { claims_format?: "stringified_json" | *"json" audience?: string issuer?: string allowed_skew?: uint32 header?: string } & { claims_map?: [...#ClaimMap]
} & ({ claims_namespace: string | *"https://hasura.io/jwt/claims" } | { claims_namespace_path: string } | *{})
#ClaimMap: { claim: string { value: string } | { path: string default?: string }} & {}Example Configuration
Section titled “Example Configuration”# example 1[[hasura.jwtSecrets]]type = 'HS256'key = 'secret'
# example 2[[hasura.jwtSecrets]]jwk_url = 'https:/....'
# example 3[[hasura.jwtSecrets]]jwk_url = "https://......"issuer = "https://my-auth-server.com"
[[hasura.jwtSecrets.claims_map]]claim = "x-some-claim"value = "some-value"
[[hasura.jwtSecrets.claims_map]]claim = "x-other-claim"path = "$.user.claim.id"default = "default-value"