Skip to content
GitHub

Configure variables

This document outlines all variables you must customize for you specific environment when deploying Rafiki with your digital wallet.

Google Cloud environment variables

Section titled “Google Cloud environment variables”

These are the primary variables you’ll need to define for your deployment:

VariableExample ValueDescription
YOUR_PROJECT_IDmy-wallet-project-123Your Google Cloud Project ID
YOUR_DOMAINmywallet.comYour primary domain name
YOUR_COMPANYMyWallet IncYour company/organization name
YOUR_EMAILadmin@mywallet.comAdministrative email for certificates and notifications
YOUR_REGIONus-central1Primary GCP region for deployment
YOUR_REGISTRYgcr.io/my-wallet-project-123Container registry for your wallet images

Terraform variables

Section titled “Terraform variables”

Found in: terraform/variables.tf (definitions) and terraform.tfvars (values)

Configure your infrastructure deployment with these variables:

VariableDefault ValueRequiredDescription
project_id-YesGCP Project ID where resources will be created
domain_name-YesPrimary domain for your wallet (e.g., mywallet.com)
regionus-central1NoPrimary GCP region for cluster and resources
cluster_namerafiki-wallet-clusterNoName of the GKE cluster
node_pool_machine_typee2-standard-4NoGCE machine type for Kubernetes nodes
min_node_count1NoMinimum number of nodes in the cluster
max_node_count10NoMaximum number of nodes for autoscaling
disk_size_gb100NoBoot disk size for each node in GB
enable_network_policytrueNoEnable Kubernetes network policies for security

DNS configuration

Section titled “DNS configuration”

Found in: DNS provider settings and terraform/dns.tf

Set up your domain and subdomains according to the following convention:

SubdomainExample FQDNPurposeDescription
walletwallet.mywallet.comUser InterfaceMain wallet web application
apiapi.mywallet.comWallet APIWallet backend REST/GraphQL API
authauth.mywallet.comRafiki AuthRafiki authentication server
backendbackend.mywallet.comRafiki BackendRafiki payment processing backend
adminadmin.mywallet.comRafiki AdminRafiki administrative GraphQL API
argocdargocd.mywallet.comGitOpsArgo CD web interface
grafanagrafana.mywallet.comMonitoringGrafana dashboards
prometheusprometheus.mywallet.comMetricsPrometheus metrics endpoint

Database configuration

Section titled “Database configuration”

PostgreSQL variables

Section titled “PostgreSQL variables”
VariableExample ValueDescription
POSTGRES_DBrafikiPrimary database name for Rafiki
POSTGRES_USERrafikiDatabase username for Rafiki services
POSTGRES_PASSWORD<generated-secret>Database password (use Kubernetes secrets)
WALLET_DB_NAMEwalletDatabase name for wallet application
WALLET_DB_USERwallet_userDatabase username for wallet application
DB_HOSTrafiki-postgresqlDatabase service hostname within cluster
DB_PORT5432Database port
DB_SSL_MODErequireSSL mode for database connections

Redis variables

Section titled “Redis variables”
VariableExample ValueDescription
REDIS_HOSTrafiki-redis-masterRedis service hostname within cluster
REDIS_PORT6379Redis port
REDIS_PASSWORD<optional-password>Redis password (if authentication enabled)
REDIS_DB0Redis database number
REDIS_URLredis://rafiki-redis-master:6379Complete Redis connection URL

Rafiki service configuration

Section titled “Rafiki service configuration”

Configure your Rafiki services with these variables:

Rafiki auth service variables

Section titled “Rafiki auth service variables”

Found in: helm-values/rafiki/values.yaml under rafiki-auth.env section

VariableExample ValueDescription
AUTH_DATABASE_URLpostgresql://rafiki:***@host:5432/authDatabase connection for auth service
AUTH_SERVER_URLhttps://auth.mywallet.comPublic URL for the auth server
COOKIE_KEY<32-byte-secret>Secret key for cookie encryption
REDIS_URLredis://redis:6379Redis connection for session storage
NODE_ENVIRONMENTproductionRuntime environment
LOG_LEVELinfoLogging level
TRUST_PROXYtrueEnable when behind load balancer/proxy
ADMIN_PORT3003Port for auth admin API
AUTH_PORT3006Port for auth server
INTROSPECTION_PORT3007Port for token introspection
INTERACTION_PORT3009Port for user interaction flows

Rafiki backend service variables

Section titled “Rafiki backend service variables”

Found in: helm-values/rafiki/values.yaml under rafiki-backend.env section

VariableExample ValueDescription
DATABASE_URLpostgresql://rafiki:***@host:5432/rafikiMain database connection
REDIS_URLredis://redis:6379Redis connection for caching
WEBHOOK_URLhttps://api.mywallet.com/webhooks/rafikiWebhook endpoint for payment notifications
OPEN_PAYMENTS_URLhttps://backend.mywallet.comPublic URL for Open Payments API
ILP_ADDRESStest.mywalletILP address for this instance
ILP_CONNECTOR_URLhttps://ilp.mywallet.comILP connector endpoint
EXCHANGE_RATES_URLhttps://api.mywallet.com/ratesExchange rates endpoint
PRIVATE_KEY_FILE/path/to/private.keyPrivate key file path

Worker configuration variables

Section titled “Worker configuration variables”

Found in: helm-values/rafiki/values.yaml under rafiki-backend.env section

VariableExample ValueDescription
OUTGOING_PAYMENT_WORKERS1Number of outgoing payment workers
INCOMING_PAYMENT_WORKERS1Number of incoming payment workers
WALLET_ADDRESS_WORKERS1Number of wallet address processing workers
WEBHOOK_WORKERS1Number of webhook processing workers
OUTGOING_PAYMENT_WORKER_IDLE200Idle time (ms) for outgoing payment workers
INCOMING_PAYMENT_WORKER_IDLE200Idle time (ms) for incoming payment workers
WALLET_ADDRESS_WORKER_IDLE1000Idle time (ms) for wallet address workers
WEBHOOK_WORKER_IDLE200Idle time (ms) for webhook workers

Additional Rafiki configuration

Section titled “Additional Rafiki configuration”

Found in: helm-values/rafiki/values.yaml under various sections (global, rafiki-backend.env)

VariableExample ValueDescription
PAYMENT_POINTER_URLhttps://wallet.mywallet.com/.well-known/payPayment pointer well-known endpoint
AUTH_SERVER_SECRET<32-byte-secret>Secret for auth server JWT signing
USE_TIGERBEETLEfalseDisable TigerBeetle for accounting

TLS certificate configuration

Section titled “TLS certificate configuration”

Found in: k8s-manifests/cert-manager/cluster-issuer.yaml

VariableExample ValueDescription
CERT_MANAGER_EMAILcertificates@mywallet.comEmail for Let’s Encrypt certificate registration
CLUSTER_ISSUER_NAMEletsencrypt-prodName of the cert-manager cluster issuer
ACME_SERVERhttps://acme-v02.api.letsencrypt.org/directoryACME server URL (prod vs staging)
CERT_SECRET_NAME{service}-tlsPattern for TLS secret names

Container image configuration

Section titled “Container image configuration”

Found in: helm-values/rafiki/values.yaml and helm-values/wallet/values.yaml under image sections

VariableExample ValueDescription
RAFIKI_AUTH_IMAGEghcr.io/interledger/rafiki-auth:latestRafiki auth server container image
RAFIKI_BACKEND_IMAGEghcr.io/interledger/rafiki-backend:latestRafiki backend container image
RAFIKI_ADMIN_IMAGEghcr.io/interledger/rafiki-admin:latestRafiki admin API container image
WALLET_UI_IMAGEgcr.io/my-project/wallet-ui:v1.0.0Your wallet UI container image
WALLET_API_IMAGEgcr.io/my-project/wallet-api:v1.0.0Your wallet API container image
POSTGRES_IMAGEpostgres:14PostgreSQL container image version
REDIS_IMAGEredis:7-alpineRedis container image version

Resource limits

Section titled “Resource limits”

Found in: helm-values/rafiki/values.yaml and helm-values/wallet/values.yaml under resources sections

Resource TypeCPU RequestCPU LimitMemory RequestMemory LimitDescription
Rafiki Auth100m500m128Mi512MiAuthentication server resources
Rafiki Backend200m1000m256Mi1GiPayment processing backend resources
Rafiki Admin100m500m128Mi512MiAdmin API resources
Wallet API200m1000m256Mi1GiWallet backend API resources
Wallet UI50m200m64Mi256MiWallet frontend resources
PostgreSQL250m1000m256Mi2GiDatabase resources
Redis100m500m128Mi512MiCache resources

Storage configuration

Section titled “Storage configuration”

Found in: helm-values/rafiki/values.yaml and helm-values/wallet/values.yaml under persistence sections

Storage TypeSizeStorage ClassDescription
Rafiki Database20GissdPersistent storage for Rafiki PostgreSQL
Wallet Database50GissdPersistent storage for wallet PostgreSQL
Redis5GissdPersistent storage for Redis cache
Backup Storage100GistandardStorage for database backups

Monitoring configuration

Section titled “Monitoring configuration”

Found in: k8s-manifests/monitoring/values.yaml

VariableExample ValueDescription
GRAFANA_ADMIN_PASSWORD<secure-password>Grafana admin user password
PROMETHEUS_RETENTION15dHow long to retain Prometheus metrics
ALERTMANAGER_SLACK_URLhttps://hooks.slack.com/...Slack webhook for alerts
GRAFANA_SMTP_HOSTsmtp.gmail.com:587SMTP server for Grafana notifications
GRAFANA_SMTP_USERnotifications@mywallet.comSMTP username for email alerts

Security configuration

Section titled “Security configuration”

Found in: helm-values/rafiki/values.yaml and helm-values/wallet/values.yaml under various security sections

VariableExample ValueDescription
NETWORK_POLICY_ENABLEDtrueEnable Kubernetes network policies
POD_SECURITY_STANDARDrestrictedPod security standard level
SERVICE_ACCOUNT_NAMErafiki-saKubernetes service account name
RBAC_ENABLEDtrueEnable role-based access control
ADMISSION_CONTROLLERgatekeeperAdmission controller for policy enforcement

Backup configuration

Section titled “Backup configuration”

Found in: k8s-manifests/backup/postgres-backup.yaml

VariableExample ValueDescription
BACKUP_SCHEDULE0 2 * * *Cron schedule for database backups
BACKUP_RETENTION_DAYS30How many days to keep backups
BACKUP_STORAGE_BUCKETgs://mywallet-backupsGCS bucket for storing backups
BACKUP_ENCRYPTION_KEY<kms-key-id>KMS key for backup encryption

Environment-specific overrides

Section titled “Environment-specific overrides”

Development environment

Section titled “Development environment”
VariableDevelopment ValueDescription
ACME_SERVERhttps://acme-staging-v02.api.letsencrypt.orgUse Let’s Encrypt staging for dev
LOG_LEVELdebugEnable debug logging
REPLICA_COUNT1Single replica for all services
RESOURCE_REQUESTS50% of productionLower resource requests
STORAGE_SIZE10GiSmaller storage volumes

Staging environment

Section titled “Staging environment”
VariableStaging ValueDescription
REPLICA_COUNT2Moderate replicas for testing
RESOURCE_REQUESTS75% of productionHigher than dev, lower than prod
MONITORING_ENABLEDtrueFull monitoring enabled
BACKUP_ENABLEDfalseNo backups in staging

Production environment

Section titled “Production environment”
VariableProduction ValueDescription
REPLICA_COUNT3-5High availability replicas
RESOURCE_REQUESTSFull allocationProduction resource limits
MONITORING_ENABLEDtrueComprehensive monitoring
BACKUP_ENABLEDtrueFull backup strategy
NETWORK_POLICIEStrueEnhanced security
POD_SECURITY_POLICIEStrueStrict security policies

DNS record configuration

Section titled “DNS record configuration”

Configure these DNS A records pointing to your static IP:

NameValueTTL
wallet.YOUR_DOMAIN.comYOUR_STATIC_IP300
api.YOUR_DOMAIN.comYOUR_STATIC_IP300
auth.YOUR_DOMAIN.comYOUR_STATIC_IP300
backend.YOUR_DOMAIN.comYOUR_STATIC_IP300
admin.YOUR_DOMAIN.comYOUR_STATIC_IP300
argocd.YOUR_DOMAIN.comYOUR_STATIC_IP300
grafana.YOUR_DOMAIN.comYOUR_STATIC_IP300
prometheus.YOUR_DOMAIN.comYOUR_STATIC_IP300

Note about placeholders

Section titled “Note about placeholders”

All configuration files use these placeholder patterns that you must replace:

  • YOUR_DOMAIN.com - Replace with your actual domain
  • YOUR_PROJECT_ID - Replace with your GCP project ID
  • YOUR_REGISTRY - Replace with your container registry
  • YOUR_EMAIL - Replace with your administrative email
  • <generated-secret> - Generate using openssl rand -base64 32 (refer to the Secrets Management guide)
  • <secure-password> - Generate strong passwords for admin accounts

Ensure you systematically replace all placeholder values before deployment to avoid configuration errors.

Next steps

Section titled “Next steps”

Now that you understand all the configuration variables, proceed to:

  1. Secrets management: Generate and securely store all required secrets before infrastructure deployment
  2. Infrastructure setup: Deploy GCP infrastructure using Terraform
  3. Services deployment: Install and configure Rafiki and wallet services