# Setting up environment parameters ### `.env / .env.docker` Parameters in `guardian-service`
ParameterPurposeExample
MQ_ADDRESSWeb Socket Addresslocalhost
SERVICE_CHANNELVersion of the Guardianguardian.1
DB_HOSTHostname of the Databaselocalhost
DB_DATABASEDatabase Nameguardian_db
INITIAL_BALANCEInitial Balance Value500
INITIAL_STANDARD_REGISTRY_BALANCESetting Initial Standard Registry Balance500
OPERATOR_IDThe ID of the operation-
OPERATOR_KEYPrivate key of the operator-
LOCALNODE_ADDRESSThe address of the localnode server. This can be its IP address or a domain name1.1.1.1
LOCALNODE_PROTOCOLCommunication protocol for interactions with the local node, can be http or https.http/https
HEDERA_NETType of the Hedera node to transact withtestnet, localnode, mainnet
INITIALIZATION_TOPIC_IDThe ID of the initialization topic.0.0.1960
MESSAGE_LANGLanguage of the message text of all messagesen-US
LOG_LEVELLevel of the Logs2
SEND_KEYS_TO_VAULTChecked if keys to be sent to vaultTrue/False
MULTI_POLICY_SCHEDULERto set custom cron mask (timer mask) for sync job0 0 * * *
MQ_MESSAGE_CHUNKTo set up the message chunk size500000
OVERRIDE_HEDERA_CONSENSUS_NODESDefine hedera nodes to execute and pay transaction fee0.testnet.hedera.com:50211":"0.0.3
OVERRIDE_HEDERA_MIRROR_NODESDefine hedera mirror nodestestnet.mirrornode.hedera.com:443"
MAP_API_KEYDefines api to integrate Map schema typeALZ_X.....
DOCUMENT_CACHE_FIELD_LIMITDefines document field symbols limit for caching.500
BATCH_NFT_MINT_SIZEDefines size of batch of mint NFT transaction10
DIRECT_MESSAGE_PORTPort for direct messages (if not set generate random port)300
DIRECT_MESSAGE_HOSTHost for direct messages (if not set get hostname)localhost
DIRECT_MESSAGE_PROTOCOLProtocol https or http (http by default, https need additional server like nginx)http
MQ_MAX_PAYLOADMax message size for send via message-broker (otherwise create direct message) if not set always send messages using message broker35
RETIRE_CONTRACT_FILE_IDContract file ID for Retirement0.0.4860665
WIPE_CONTRACT_FILE_IDContract file ID for wiping0.0.4726865
DOCUMENTS_HANDLING_CHUNK_SIZETo set chunk size for delete or create a lot of data (value will affect speed performance communication with DB), default is 500.500
ALLOWED_PROTOCOLS="https"This variable defines the list of allowed protocols that can be used in outbound HTTP requests made by the httpRequestBlock.https
BLOCK_PRIVATE_IPThis variable controls whether the httpRequestBlock should reject outbound requests to private or sensitive IP address ranges.True/False
OVERRIDE_HEDERA_MIRROR_NODES_BASE_APIThis is automatically appended to every URL listed in OVERRIDE_HEDERA_MIRROR_NODES/api/v1
OVERRIDE_NETWORK_CONFIGURATIONControls whether the OVERRIDE_* variables are applied at all.True: apply override variables
False: ignore override variables and use default configuration
MIGRATION_HEARDBEAT_RUN_STALE_TIMEOUTDefines how long a run can stay running without heartbeat updates before it is treated as stale10
MIGRATION_WRITE_BATCH_SIZEDatabase write batch size — number of items processed per batch.50
{% hint style="info" %} **Important Note:** 1. Values from .env file need to be set up only on first start (when db or vault are empty). Then later if you want it to be changed, you can change it through Settings from admin Panel or through API. 2. Now we have upgraded DB\_HOST (in guardian and indexer), DB\_LOGGER\_HOST (in guardian) settings and now it allows to set up Mongo Atlas connection string like mongodb+srv://.... which means that if you are explicitly setting up protocol it will be automatically applied OR if your using only host and port, it will automatically add mongodb:// (backward compatibility) 3. ALLOWED\_PROTOCOLS: By default, only the https protocol is allowed:\ ALLOWED\_PROTOCOLS="https" To allow multiple protocols, add them as a comma-separated list. For example:\ ALLOWED\_PROTOCOLS="https,http" If a user attempts to use a protocol that is not explicitly listed, the request will be blocked during policy validation. 4. BLOCK\_PRIVATE\_IP: By default, this value is set to "false", under the assumption that Guardian is not operating in an environment where internal services are exposed over https and accessible via external requests. BLOCK\_PRIVATE\_IP="false" To enforce strict protection and block all requests to private or loopback IP addresses, set the variable to: BLOCK\_PRIVATE\_IP="true" {% endhint %} ### `.env / .env.docker` Parameters in `api-gateway` | Parameter | Purpose | Example | | ------------------------- | ----------------------------------------------------------------------------------------------------------------------------------- | --------------------------- | | MQ\_ADDRESS | Web Socket Address | message-broker | | SERVICE\_CHANNEL | Channel of the service | api-gateway | | MRV\_ADDRESS | MRV Address location | | | MQ\_MESSAGE\_CHUNK | To set up the message chunk size | 500000 | | RAW\_REQUEST\_LIMIT | Define request limit | 1 gb | | JSON\_REQUEST\_LIMIT | Define limit for body in Json format | 1 gb | | DIRECT\_MESSAGE\_PORT | Port for direct messages (if not set generate random port) | 300 | | DIRECT\_MESSAGE\_HOST | Host for direct messages (if not set get hostname) | localhost | | DIRECT\_MESSAGE\_PROTOCOL | Protocol https or http (http by default, https need additional server like nginx) | http | | MQ\_MAX\_PAYLOAD | Max message size for send via message-broker (otherwise create direct message) if not set always send messages using message broker | 35 | ### `.env / .env.docker` Parameters in `auth-service` | Parameter | Purpose | Example | | --------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ---------- | | SR\_INITIAL\_PASSWORD | Allows to set SR initial password when it will be created first time. It also should have more than 5 | Env!s!0n!@ | | MIN\_PASSWORD\_LENGTH | Sets the minimum password length. Default value is 8, minimum value is 1 | 8 | | PASSWORD\_COMPLEXITY |

Sets the password complexity level
Default value is medium
Available values: easy, medium, hard

| medium |