Permify offers various options for configuring your Permify Server. Here is the example configuration YAML file with glossary below.

You can also find this example config file in Permify repo.

Configure Using Flags

Alternatively, you can set configuration options using flags when running the command. See all the configuration flags by running,

docker run -p 3476:3476 -p 3478:3478 ghcr.io/permify/permify --help

Configuration Using YAML File

# The server section specifies the HTTP and gRPC server settings,
# including whether or not TLS is enabled and the certificate and
# key file locations.
server:
  rate_limit: 100
  http:
    enabled: true
    port: 3476
    tls:
      enabled: true
      cert: /etc/letsencrypt/live/yourdomain.com/fullchain.pem
      key: /etc/letsencrypt/live/yourdomain.com/privkey.pem
  grpc:
    port: 3478
    tls:
      enabled: true
      cert: /etc/letsencrypt/live/yourdomain.com/fullchain.pem
      key: /etc/letsencrypt/live/yourdomain.com/privkey.pem

# The logger section sets the logging level for the service.
logger:
  level: info

# The profiler section enables or disables the pprof profiler and
# sets the port number for the profiler endpoint.
profiler:
  enabled: true
  port: 6060

# The authn section specifies the authentication method for the service.
authn:
  enabled: true
  method: preshared
  preshared:
    keys: [ ]

# The tracer section enables or disables distributed tracing and sets the
# exporter and endpoint for the tracing data.
tracer:
  exporter: zipkin
  endpoint: http://localhost:9411/api/v2/spans
  enabled: true

# The meter section enables or disables metrics collection and sets the
# exporter and endpoint for the collected metrics.
meter:
  exporter: otlp
  endpoint: localhost:4318
  enabled: true

# The service section sets various service-level settings, including whether
# or not to use a circuit breaker, and cache sizes for schema, permission,
# and relationship data.
service:
  circuit_breaker: false
  watch:
    enabled: false
  schema:
    cache:
      number_of_counters: 1_000
      max_cost: 10MiB
  permission:
    bulk_limit: 100
    concurrency_limit: 100
    cache:
      number_of_counters: 10_000
      max_cost: 10MiB

# The database section specifies the database engine and connection settings,
# including the URI for the database, whether or not to auto-migrate the database,
# and connection pool settings.
database:
  engine: postgres
  uri: postgres://user:password@host:5432/db_name
  auto_migrate: false
  max_open_connections: 20
  max_idle_connections: 1
  max_connection_lifetime: 300s
  max_connection_idle_time: 60s
  garbage_collection:
    enabled: true
    interval: 200h
    window: 200h
    timeout: 5m

# distributed configuration settings
distributed:
  # Indicates whether the distributed mode is enabled or not
  enabled: true

  # The address of the distributed service.
  # Using a Kubernetes DNS name suggests this service runs in a Kubernetes cluster
  # under the 'default' namespace and is named 'permify'
  address: "kubernetes:///permify.default"

  # The port on which the service is exposed
  port: "5000"

Configuration Glossary