Skip to main content

Temporal Web UI environmental variables

You can use environment variables to dynamically alter the configuration of your Temporal Web UI.

These can be used in many environments such as Docker. For example:

The environment variables are defined in the UI server configuration template file and described in more detail below.

TEMPORAL_ADDRESS

The Frontend ServiceLink preview iconWhat is a Frontend Service?

The Frontend Service is a stateless gateway service that exposes a strongly typed Proto API. The Frontend Service is responsible for rate limiting, authorizing, validating, and routing all inbound calls.

Learn more address for the Temporal Cluster. This environmental variable can be set in the base configuration file using temporalGrpcAddress.

This variable is required for setting other environmental variables.

TEMPORAL_UI_PORT

The port used by the Temporal WebUI Server and the HTTP API.

This variable is needed for TEMPORAL_OPENAPI_ENABLED and all auth-related settings to work properly.

TEMPORAL_PUBLIC_PATH

Stores a value such as "" or "/custom-path" that allows the UI to be served from a subpath.

TEMPORAL_AUTH_ENABLED

Enables or disables Web UI authentication and authorization methods.

When enabled, the Web UI will use the provider information in the UI configuration file to verify the identity of users.

All auth-related variables can be defined when TEMPORAL_AUTH_ENABLED is set to "true". Disabling the variable will retain given values.

TEMPORAL_AUTH_PROVIDER_URL

The .well-known IDP discovery URL for authentication and authorization.

This can be set as in the UI server configuration with auth.

TEMPORAL_AUTH_ISSUER_URL

The URL for the authentication or authorization issuer.

This value is only needed when the issuer differes from the auth provider URL.

TEMPORAL_AUTH_CLIENT_ID

The client ID used for authentication or authorization.

This value is a required parameter.

TEMPORAL_AUTH_CLIENT_SECRET

The client secret used for authentication and authorization.

Client Secrets are used by the oAuth Client for authentication.

TEMPORAL_AUTH_CALLBACK_URL

The callback URL used by Temporal for authentication and authorization.

Callback URLs are invoked by IDP after user has finished authenticating in IDP.

TEMPORAL_UI_ENABLED

Enables or disables the browser UI for the Temporal Cluster.

Enabling the browser UI allows the Server to be accessed from your web browser. If disabled, the server cannot be viewed on the web, but the UI server APIs remain available for use.

TEMPORAL_OPENAPI_ENABLED

Enables or disables OpenAPI features for the Temporal Web UI.

This can be set initially with the enableOpenAPI UI configuration. The documentation can be found at /openapi/ on your Temporal Cluster.

This variable requires TEMPORAL_UI_ENABLED to be set to 'true'.

TEMPORAL_DEFAULT_NAMESPACE

The default NamespaceLink preview iconWhat is a Namespace?

A Namespace is a unit of isolation within the Temporal Platform

Learn more that the Web UI opens first.

TEMPORAL_FEEDBACK_URL

The URL that users are directed to when they click the Feedback button in the UI.

If not specified, this variable defaults to the UI's GitHub Issue page.

TEMPORAL_NOTIFY_ON_NEW_VERSION

Enables or disables notifications that appear in the UI whenever a newer version of the Temporal Cluster is available.

TEMPORAL_CONFIG_REFRESH_INTERVAL

Determines how often the UI Server reads the configuration file for new values.

TEMPORAL_TLS_CA

The path for the Transport Layer Security (TLS) Certificate Authority file.

In order to configure TLS for your server, you'll need a CA certificate issued by a trusted Certificate Authority. Set this variable to properly locate and use the file.

TEMPORAL_TLS_CERT

The path for the Transport Layer Security (TLS) Certificate.

In order to configure TLS for your server, you'll need a self-signed certificate. Set the path to allow the environment to locate and use the certificate.

TEMPORAL_TLS_KEY

The path for the Transport Layer Security (TLS) key file.

A key file is used to create private and public keys for encryption and signing. Together, these keys are used to create certificates.

TEMPORAL_TLS_CA_DATA

Stores the data for a TLS CA file.

This variable can be used instead of providing a path for TEMPORAL_TLS_CA.

TEMPORAL_TLS_CERT_DATA

Stores the data for a TLS cert file.

This variable can be used instead of providing a path for TEMPORAL_TLS_CERT.

TEMPORAL_TLS_KEY_DATA

Stores the data for a TLS key file.

This variable can be used instead of providing a path for TEMPORAL_TLS_KEY.

TEMPORAL_TLS_ENABLE_HOST_VERIFICATION

Enables or disables Transport Layer Security (TLS) host verification.

When enabled, TLS checks the Host Server to ensure that files are being sent to and from the correct URL.

TEMPORAL_TLS_SERVER_NAME

The server on which to operate Transport Layer Security (TLS) protocols.

TLS allows the current server to transmit encrypted files to other URLs without having to reveal itself. Because of this, TLS operates a go-between server.

TEMPORAL_CODEC_ENDPOINT

The endpoint for the Codec ServerLink preview iconWhat is a Codec Server?

A Codec Server is an HTTP server that runs data from tctl or the Web UI through a Payload Codec.

Learn more, if configured.

TEMPORAL_CODEC_PASS_ACCESS_TOKEN

Whether to send a JWT access token as ‘authorization’ header in requests with the Codec Server.

TEMPORAL_FORWARD_HEADERS

Forward-specified HTTP headers to direct from HTTP API requests to the Temporal gRPC backend.

TEMPORAL_DISABLE_WRITE_ACTIONS

Disables any button in the UI that allows the user to modify Workflows or Activities.