Configuration Guide

This guide covers all configuration options for Conduit's Control Plane and Translators.

Configuration Sources

Conduit reads configuration from multiple sources in order of precedence:

1. Command-line arguments (highest priority)
2. Environment variables
3. Configuration file (YAML/JSON)
4. Default values (lowest priority)

Control Plane Configuration

Core Settings

# conduit.yaml
server:
  host: 0.0.0.0
  port: 8080
  baseUrl: https://conduit.company.com

  cors:
    enabled: true
    origins:
      - https://app.company.com
    methods: [GET, POST, PUT, DELETE]

  rateLimit:
    enabled: true
    requestsPerMinute: 1000

Database Configuration

database:
  type: postgresql
  host: localhost
  port: 5432
  name: conduit
  username: conduit
  password: ${DB_PASSWORD}

  pool:
    min: 5
    max: 20
    idleTimeout: 30000

  ssl:
    enabled: true
    mode: require
    ca: /etc/conduit/certs/db-ca.pem

NATS Mesh Routing

nats:
  server:
    host: localhost
    port: 4222
    username: conduit
    password: ${NATS_PASSWORD}

  subjects:
    commands: conduit.commands
    results: conduit.results
    discovery: conduit.discovery
    health: conduit.health

Authentication

auth:
  jwt:
    secret: ${JWT_SECRET}
    issuer: conduit
    expiresIn: 24h
    refreshExpiresIn: 7d

  apiKeys:
    enabled: true
    headerName: X-API-Key

  oauth:
    enabled: true
    providers:
      - name: google
        clientId: ${GOOGLE_CLIENT_ID}
        clientSecret: ${GOOGLE_CLIENT_SECRET}
      - name: microsoft
        clientId: ${MICROSOFT_CLIENT_ID}
        clientSecret: ${MICROSOFT_CLIENT_SECRET}

Logging

logging:
  level: info # debug, info, warn, error
  format: json # json, text

  outputs:
    - type: stdout
    - type: file
      path: /var/log/conduit/conduit.log
      maxSize: 100 # MB
      maxFiles: 10

  audit:
    enabled: true
    destination: database

Translator Configuration

Common Settings

translator:
  id: translator-01
  name: Plant Floor Gateway

  controlPlane:
    url: nats://nats:4222
    apiKey: ${TRANSLATOR_API_KEY}

  cache:
    type: redis
    url: redis://localhost:6379
    maxSize: 1000 # MB

  health:
    interval: 30 # seconds
    timeout: 10

Translator-Specific Configuration

See individual translator documentation for specific settings:

• Splunk
• MQTT
• OPC-UA
• MCP IoT Gateway

Environment Variables

All configuration values can be set via environment variables using the prefix CONDUIT_:

| Config Path | Environment Variable | | ----------------- | ------------------------- | | server.port | CONDUIT_SERVER_PORT | | database.host | CONDUIT_DATABASE_HOST | | auth.jwt.secret | CONDUIT_AUTH_JWT_SECRET |

Variable Substitution

Use ${VAR_NAME} in config files to reference environment variables:

database:
  password: ${DB_PASSWORD}

Security Configuration

TLS/SSL

server:
  tls:
    enabled: true
    cert: /etc/conduit/certs/server.pem
    key: /etc/conduit/certs/server.key
    ca: /etc/conduit/certs/ca.pem
    minVersion: TLS1.2

RBAC

rbac:
  enabled: true

  roles:
    - name: admin
      permissions: ["*"]

    - name: operator
      permissions:
        - query:read
        - tags:read
        - adapters:read

    - name: viewer
      permissions:
        - query:read
        - tags:read

  defaultRole: viewer

Secret Management

Integrate with external secret managers:

secrets:
  provider: vault # vault, aws-secrets, azure-keyvault

  vault:
    address: https://vault.company.com
    token: ${VAULT_TOKEN}
    path: secret/data/conduit

Performance Tuning

Query Settings

query:
  defaultTimeout: 30000 # ms
  maxTimeout: 300000
  maxResultRows: 100000
  parallelExecution: true
  maxParallel: 10

Caching

cache:
  tagMetadata:
    enabled: true
    ttl: 3600
    maxSize: 100000

  queryResults:
    enabled: true
    ttl: 60
    maxSize: 1000

  patterns:
    enabled: true
    ttl: 300

Connection Pools

pools:
  database:
    min: 10
    max: 50
    acquireTimeout: 10000

  http:
    maxConnections: 100
    keepAlive: true

High Availability

Clustering

cluster:
  enabled: true
  name: conduit-cluster

  discovery:
    type: kubernetes # kubernetes, consul, static
    namespace: conduit

  loadBalancing:
    strategy: round-robin

Redis (for distributed caching)

redis:
  enabled: true
  host: redis.internal
  port: 6379
  password: ${REDIS_PASSWORD}
  database: 0

  sentinel:
    enabled: false
    master: mymaster
    nodes:
      - sentinel1:26379
      - sentinel2:26379

Observability

Metrics (Prometheus)

metrics:
  enabled: true
  port: 9090
  path: /metrics

  labels:
    environment: production
    region: us-east-1

Tracing (OpenTelemetry)

tracing:
  enabled: true
  exporter: otlp

  otlp:
    endpoint: otel-collector:4317
    insecure: false

  sampling:
    type: ratio
    ratio: 0.1

Example Complete Configuration

# /etc/conduit/conduit.yaml

server:
  host: 0.0.0.0
  port: 8080
  tls:
    enabled: true
    cert: /etc/conduit/certs/server.pem
    key: /etc/conduit/certs/server.key

database:
  type: postgresql
  host: ${DB_HOST}
  port: 5432
  name: conduit
  username: conduit
  password: ${DB_PASSWORD}
  ssl:
    enabled: true

nats:
  server:
    host: ${NATS_HOST}
    port: 4222
    username: conduit
    password: ${NATS_PASSWORD}
    tls:
      enabled: true

auth:
  jwt:
    secret: ${JWT_SECRET}
    expiresIn: 24h

logging:
  level: info
  format: json
  audit:
    enabled: true

query:
  defaultTimeout: 30000
  maxResultRows: 50000

metrics:
  enabled: true
  port: 9090

Configuration Validation

Validate your configuration before starting:

conduit config validate --file /etc/conduit/conduit.yaml

Next Steps

• Deployment Guide - Deploy to production
• Architecture - Understand the system
• API Reference - REST API documentation