Configuration
This page lists commonly used flags and environment variables for the server, workers, and CLI. Values can be set via CLI flags or environment variables; environment variables are shown in ALL_CAPS.
Server (lyftdata run server)
LyftData serves HTTPS by default (self-signed if you do not provide TLS material). Most production deployments configure a trusted certificate or terminate TLS behind a reverse proxy—see Networking & TLS.
| Setting | Flag | Env | Default | Notes |
|---|---|---|---|---|
| Bind address | --bind-address | LYFTDATA_BIND_ADDRESS | 127.0.0.1:3000 | Use 0.0.0.0:3000 to accept remote connections. |
| Disable TLS | --disable-tls | — | off | Serve HTTP only (use behind a TLS-terminating reverse proxy, or for local-only eval). |
| TLS certificate | --tls-cert | LYFTDATA_TLS_CERT | — | Requires --tls-key. |
| TLS private key | --tls-key | LYFTDATA_TLS_KEY | — | Requires --tls-cert. |
| Staging directory | --staging-dir | LYFTDATA_STAGING_DIR | OS default | Recommended for services; stores control-plane state and logs. |
| Accept EULA non-interactively | — | LYFTDATA_LICENSE_EULA_ACCEPT | — | Set to yes, true, or 1 on first run to avoid prompts in automation. |
| Admin bootstrap password | --admin-init-password | LYFTDATA_ADMIN_INIT_PASSWORD | unset | If unset, a password is generated and logged on first run. |
| Retention (days) | --db-retention-days | LYFTDATA_LOG_RETENTION_DAYS | 30 | Cleanup applies when retention or disk thresholds are reached. |
| Disk usage threshold (%) | --disk-usage-max-percentage | LYFTDATA_DB_DISK_USE_MAX_PERCENT | 80 | Cleanup attempts begin when disk usage exceeds the threshold. |
| Bootstrap license | --bootstrap-license | LYFTDATA_LICENSE | unset | Apply a license non-interactively at startup (automation/scripted installs). |
For the full server flag catalog, see lyftdata run server --help.
Worker (lyftdata-worker)
External workers connect to the server using LYFTDATA_URL and authenticate using either a pre-issued API key or auto-enrollment. The worker binary defaults to http://localhost:3000, but most deployments should set an explicit https://... server URL.
| Setting | Flag | Env | Default | Notes |
|---|---|---|---|---|
| Server URL | --url | LYFTDATA_URL | http://localhost:3000 | Worker default is http://localhost:3000 for local compatibility. In most setups set https://…; use http://… only when the server runs with --disable-tls. |
| Worker ID | --worker-id | LYFTDATA_WORKER_ID | unset | If unset, the worker can persist identity locally after enrollment. |
| Worker API key | --worker-api-key | LYFTDATA_WORKER_API_KEY | unset | Required for pre-issued auth; keep it secret. |
| Auto-enrollment key | --auto-enrollment-key | LYFTDATA_AUTO_ENROLLMENT_KEY | unset | Alternative to pre-issued API keys; use only on trusted networks. |
| Worker name | --worker-name | LYFTDATA_WORKER_NAME | unset | Human-friendly label for dashboards. |
| Jobs directory | --worker-jobs-dir | LYFTDATA_JOBS_DIR | OS default | Recommended for services; stores cached job configs and local state. |
| Startup state reset | --reset-state | — | unset | One-time troubleshooting reset mode: auth, repair, or full. |
| Insecure TLS (evaluation only) | --tls-insecure | LYFTDATA_TLS_INSECURE | off | Accept self-signed certificates until you install a trusted certificate. |
For the full worker flag catalog, see lyftdata-worker --help.
Notes
- Prefer setting secrets via environment files managed by your service manager.
- Keep ports firewalled to trusted networks; see Security hardening.
- For troubleshooting and quick checks, see Troubleshooting.