Temporal Web UI environmental variables
You can use environment variables to dynamically alter the configuration of your Temporal Web UI.
These can be used in many environments such as Docker. For example:
The environment variables are defined in the UI server configuration template file and described in more detail below.
TEMPORAL_ADDRESS
The Frontend ServiceWhat is a Frontend Service?
The Frontend Service is a stateless gateway service that exposes a strongly typed Proto API. The Frontend Service is responsible for rate limiting, authorizing, validating, and routing all inbound calls.
Learn more address for the Temporal Cluster.
This environmental variable can be set in the base configuration file using temporalGrpcAddress
.
This variable is required for setting other environmental variables.
TEMPORAL_UI_PORT
The port used by the Temporal WebUI Server and the HTTP API.
This variable is needed for TEMPORAL_OPENAPI_ENABLED
and all auth-related settings to work properly.
TEMPORAL_PUBLIC_PATH
Stores a value such as "" or "/custom-path" that allows the UI to be served from a subpath.
TEMPORAL_AUTH_ENABLED
Enables or disables Web UI authentication and authorization methods.
When enabled, the Web UI will use the provider information in the UI configuration file to verify the identity of users.
All auth-related variables can be defined when TEMPORAL_AUTH_ENABLED
is set to "true".
Disabling the variable will retain given values.
TEMPORAL_AUTH_PROVIDER_URL
The .well-known IDP discovery URL for authentication and authorization.
This can be set as in the UI server configuration with auth.
TEMPORAL_AUTH_ISSUER_URL
The URL for the authentication or authorization issuer.
This value is only needed when the issuer differes from the auth provider URL.
TEMPORAL_AUTH_CLIENT_ID
The client ID used for authentication or authorization.
This value is a required parameter.
TEMPORAL_AUTH_CLIENT_SECRET
The client secret used for authentication and authorization.
Client Secrets are used by the oAuth Client for authentication.
TEMPORAL_AUTH_CALLBACK_URL
The callback URL used by Temporal for authentication and authorization.
Callback URLs are invoked by IDP after user has finished authenticating in IDP.
TEMPORAL_UI_ENABLED
Enables or disables the browser UI for the Temporal Cluster.
Enabling the browser UI allows the Server to be accessed from your web browser. If disabled, the server cannot be viewed on the web, but the UI server APIs remain available for use.
TEMPORAL_OPENAPI_ENABLED
Enables or disables OpenAPI features for the Temporal Web UI.
This can be set initially with the enableOpenAPI UI configuration.
The documentation can be found at /openapi/
on your Temporal Cluster.
This variable requires TEMPORAL_UI_ENABLED
to be set to 'true'.
TEMPORAL_DEFAULT_NAMESPACE
The default NamespaceWhat is a Namespace?
A Namespace is a unit of isolation within the Temporal Platform
Learn more that the Web UI opens first.
TEMPORAL_FEEDBACK_URL
The URL that users are directed to when they click the Feedback button in the UI.
If not specified, this variable defaults to the UI's GitHub Issue page.
TEMPORAL_NOTIFY_ON_NEW_VERSION
Enables or disables notifications that appear in the UI whenever a newer version of the Temporal Cluster is available.
TEMPORAL_CONFIG_REFRESH_INTERVAL
Determines how often the UI Server reads the configuration file for new values.
TEMPORAL_TLS_CA
The path for the Transport Layer Security (TLS) Certificate Authority file.
In order to configure TLS for your server, you'll need a CA certificate issued by a trusted Certificate Authority. Set this variable to properly locate and use the file.
TEMPORAL_TLS_CERT
The path for the Transport Layer Security (TLS) Certificate.
In order to configure TLS for your server, you'll need a self-signed certificate. Set the path to allow the environment to locate and use the certificate.
TEMPORAL_TLS_KEY
The path for the Transport Layer Security (TLS) key file.
A key file is used to create private and public keys for encryption and signing. Together, these keys are used to create certificates.
TEMPORAL_TLS_CA_DATA
Stores the data for a TLS CA file.
This variable can be used instead of providing a path for TEMPORAL_TLS_CA
.
TEMPORAL_TLS_CERT_DATA
Stores the data for a TLS cert file.
This variable can be used instead of providing a path for TEMPORAL_TLS_CERT
.
TEMPORAL_TLS_KEY_DATA
Stores the data for a TLS key file.
This variable can be used instead of providing a path for TEMPORAL_TLS_KEY
.
TEMPORAL_TLS_ENABLE_HOST_VERIFICATION
Enables or disables Transport Layer Security (TLS) host verification.
When enabled, TLS checks the Host Server to ensure that files are being sent to and from the correct URL.
TEMPORAL_TLS_SERVER_NAME
The server on which to operate Transport Layer Security (TLS) protocols.
TLS allows the current server to transmit encrypted files to other URLs without having to reveal itself. Because of this, TLS operates a go-between server.
TEMPORAL_CODEC_ENDPOINT
The endpoint for the Codec ServerWhat is a Codec Server?
A Codec Server is an HTTP server that runs data from tctl or the Web UI through a Payload Codec.
Learn more, if configured.
TEMPORAL_CODEC_PASS_ACCESS_TOKEN
Whether to send a JWT access token as ‘authorization’ header in requests with the Codec Server.
TEMPORAL_FORWARD_HEADERS
Forward-specified HTTP headers to direct from HTTP API requests to the Temporal gRPC backend.
TEMPORAL_DISABLE_WRITE_ACTIONS
Disables any button in the UI that allows the user to modify Workflows or Activities.