Configuration Options

Comprehensive reference for `config.yaml`, validation ranges, and Athena runtime environment variables.

Athena’s runtime configuration comes from four layers:

config.yaml file sections such as api, gateway, backup, daemon, and postgres_clients
Environment variables used directly by the runtime or interpolated into config.yaml
Validation ranges inside config.yaml that clamp numeric values to safe ranges
CLI flags such as --config, --pipelines, --port, and the deprecated --api-only

This page is meant to be exhaustive for the main Athena server and the runtime settings wired through src/config.rs and src/config_validation.rs.

Config file discovery and precedence

Athena searches for config.yaml in this order:

%APPDATA%/athena/config.yaml
%LOCALAPPDATA%/athena/config.yaml
%USERPROFILE%/.athena/config.yaml
$XDG_CONFIG_HOME/athena/config.yaml
$HOME/.config/athena/config.yaml
$HOME/.athena/config.yaml
~/Library/Application Support/athena/config.yaml on macOS
./config.yaml in the current working directory

If no file exists, Athena copies the bundled default config into the first writable location.

Explicit overrides

Override	Meaning
`ATHENA_CONFIG_PATH`	Explicit config file path
`--config <path>` / `--config-path <path>`	CLI override for config file path
`--pipelines <path>`	Override `config/pipelines.yaml`
`--port <port>`	Override API port at startup
`--api-only`	Deprecated alias for the default server boot path

Scalar keys under sections such as api, gateway, backup, daemon, and typesense can also be overridden with ATHENA_<SECTION>_<KEY> style environment variables, for example ATHENA_API_PORT or ATHENA_DAEMON_ENABLED.

Top-level `config.yaml` sections

Section	Purpose
`urls`	Named upstream/base URLs used by Athena routes and tooling
`hosts`	Named host/domain values
`authenticator`	Per-service auth credentials (for example Athena or Scylla)
`api`	HTTP listener, cache, timeout, and CORS behavior
`gateway`	Routing, resilience, admission, deferred queue, insert window, and telemetry behavior
`backup`	S3-compatible backup storage configuration
`daemon`	Split-runtime ownership and clone-worker controls
`postgres_clients`	Logical client name → Postgres URI registry
`validation_ranges`	Numeric min/max clamps for config values and runtime env vars

`urls`, `hosts`, and `authenticator`

`urls`

urls is a list of single-entry maps. Each key is a logical service name and each value is the resolved URL or an env placeholder.

Example:

urls:
	- athena: "${ATHENA_DB_URL}"

`hosts`

hosts works the same way, but stores named host strings used by the application.

Example:

hosts:
	- athena: athena-db.com
	- scylladb: "${SCYLLADB_HOST}"

`authenticator`

authenticator stores per-service credential objects.

Example:

authenticator:
	- scylladb:
			username: "${SCYLLADB_USERNAME}"
			password: "${SCYLLADB_PASSWORD}"

`postgres_clients`

postgres_clients defines the logical Postgres pools Athena will try to create at boot.

Key pattern	Meaning
`postgres_clients[].<client_name>`	Postgres URI or env placeholder for that logical client

Example:

postgres_clients:
	- athena_logging: "${POSTGRES_ATHENA_LOGGING_URI}"
	- athena_benchmark: "${POSTGRES_ATHENA_BENCHMARK_URI}"

Behavior notes

Failed Postgres clients log warnings and are skipped; startup continues with healthy clients.
gateway.logging_pg_uri can override the URI used for the configured logging client.
Catalog-backed clients from athena_clients can extend the registry after bootstrap when enabled.

`api` section reference

Key	Type	Default / typical value	Meaning
`api.port`	integer	`4052`	HTTP listen port
`api.immortal_cache`	boolean	`false`	Enables non-expiring cache behavior where supported
`api.cache_ttl`	integer seconds	`240`	Default in-memory cache TTL
`api.pool_idle_timeout`	integer seconds	`90`	Reqwest HTTP client pool idle timeout
`api.keep_alive_secs`	integer seconds	`15`	HTTP keep-alive timeout
`api.client_disconnect_timeout_secs`	integer seconds	`60`	Time to wait for client disconnect completion
`api.client_request_timeout_secs`	integer seconds	`60`	Upper bound for request handling
`api.http_workers`	integer	`8`	Number of Actix workers
`api.http_max_connections`	integer	`10000`	Max listener connections
`api.http_backlog`	integer	`2048`	TCP listen backlog
`api.tcp_keepalive_secs`	integer seconds	`75`	TCP keepalive duration
`api.cors_allow_any_origin`	boolean	`false` if omitted	Allow all CORS origins
`api.cors_allowed_origins`	comma-separated string	none	Explicit allowlist of origins
`api.prometheus_metrics_enabled`	boolean	`true` if omitted	Enable `/metrics` exporter

API env helpers

Variable	Meaning
`ATHENA_CORS_ALLOWED_ORIGINS`	Comma-separated extra CORS origins merged with `api.cors_allowed_origins`

`gateway` section reference

Routing and shaping

Key	Type	Default	Meaning
`gateway.force_camel_case_to_snake_case`	boolean	`false`	Normalize incoming field names to snake_case
`gateway.auto_cast_uuid_filter_values_to_text`	boolean	`true`	Cast UUID-like filter values to text when Athena casts the compared column
`gateway.allow_schema_names_prefixed_as_table_name`	boolean	`true`	Allow `public.table` style names in information_schema lookups
`gateway.logging_client`	string	none	Logical Postgres client for logs, audit rows, deferred queue, and catalog tables
`gateway.auth_client`	string	falls back to `logging_client`	Logical Postgres client for API key and auth storage
`gateway.benchmark_client`	string	falls back to `logging_client`	Logical client used by benchmark tooling
`gateway.logging_pg_uri`	string / env placeholder	none	Direct URI override for the logging client
`gateway.logging_pg_uri_env_var`	string	none	Env-var indirection for the logging client override

Direct PostgreSQL URI routing safety (`gateway.jdbc_*`)

Key	Type	Default	Meaning
`gateway.jdbc_allow_private_hosts`	boolean	`true`	Allow direct JDBC URLs pointing at private/local hosts
`gateway.jdbc_allowed_hosts`	comma-separated string	empty	Optional allowlist for JDBC destination hosts

These controls apply to direct PostgreSQL routing headers:

x-pg-uri (preferred)
x-athena-jdbc-url (compatibility)
x-jdbc-url / X-JDBC-URL (compatibility)

Behavior notes:

Headers are normalized through one parser before host policy checks.
Keyless direct bypass still requires URI username + password credentials.
Host allow/deny policy is independent from auth bypass eligibility.

Read resilience

Key	Type	Default	Meaning
`gateway.resilience_timeout_secs`	integer seconds	`30`	Per-operation read timeout
`gateway.resilience_read_max_retries`	integer	`1`	Max retries for transient read failures
`gateway.resilience_initial_backoff_ms`	integer ms	`100`	Initial retry backoff

Admission limiting and deferred queue

Key	Type	Default	Meaning
`gateway.admission_limit_enabled`	boolean	`false`	Enable admission limiting middleware
`gateway.admission_window_secs`	integer seconds	`1`	Fixed window size
`gateway.admission_global_requests_per_window`	integer	`0`	Global request budget per window (`0` means unlimited)
`gateway.admission_per_client_requests_per_window`	integer	`0`	Per-client request budget per window (`0` means unlimited)
`gateway.admission_defer_on_limit_enabled`	boolean	`false`	Defer eligible requests instead of rejecting them
`gateway.admission_defer_route_prefixes`	comma-separated string	`"/pipelines"` in sample config	Which route prefixes can be deferred on limit
`gateway.deferred_query_worker_enabled`	boolean	`true`	Enable background deferred worker
`gateway.deferred_query_worker_poll_ms`	integer ms	`1000`	Deferred worker poll interval
`gateway.log_retention_secs`	integer seconds	`1209600`	Retention for `gateway_request_log`/`gateway_operation_log` (`0` disables cleanup)
`gateway.admission_store_backend`	string	`redis`	Admission state backend (`memory` or `redis`)
`gateway.admission_store_fail_mode`	string	`fail_closed`	Behavior when admission store is unavailable

Insert windowing and batching

Key	Type	Default	Meaning
`gateway.insert_execution_window_ms`	integer ms	`0`	Default batching window for `/gateway/insert`; `0` disables unless request header enables it
`gateway.insert_window_max_batch`	integer	`100`	Max merged rows per bulk insert
`gateway.insert_window_max_queued`	integer	`10000`	Queue capacity before falling back to direct execution
`gateway.insert_merge_deny_tables`	comma-separated string	empty	Tables that must not be bulk-merged

Client catalog and startup stats

Key	Type	Default	Meaning
`gateway.database_backed_client_loading`	boolean	`true`	Load runtime clients from `athena_clients` after boot
`gateway.client_statistics_startup_refresh_mode`	string	`fast`	`fast` or `full` refresh of aggregate client statistics on startup
`gateway.client_statistics_startup_refresh_lookback_days`	integer	`0`	Optional startup stats aggregation lookback (`0` means all rows)
`gateway.api_key_fail_mode`	string	`fail_closed`	Auth behavior when the API key store is unavailable

`backup` section reference

backup stores S3-compatible backup defaults. In practice, most deployments use env vars directly.

Key	Type	Meaning
`backup.s3_bucket`	string	Bucket name
`backup.s3_region`	string	AWS/S3 region
`backup.s3_endpoint`	string	Custom S3-compatible endpoint
`backup.s3_prefix`	string	Prefix/folder used for uploaded backups
`backup.s3_access_key`	string	Optional access key override in config
`backup.s3_secret_key`	string	Optional secret key override in config
`backup.worker_enabled`	boolean	Enable backup schedule + execution workers
`backup.execution_worker_poll_ms`	integer ms	Poll interval for queued backup/restore job execution worker
`backup.schedule_worker_poll_ms`	integer ms	Poll interval for due schedule enqueue worker
`backup.worker_max_attempts`	integer	Retry-attempt budget persisted on queued backup jobs
`backup.worker_lease_ttl_minutes`	integer minutes	Lease ownership TTL before another worker can reclaim stalled work

Backup worker defaults and bounds

backup.worker_enabled: default true
backup.execution_worker_poll_ms: default 1500, minimum 250
backup.schedule_worker_poll_ms: default 30000, minimum 1000
backup.worker_max_attempts: default 3, clamped to 1..=10
backup.worker_lease_ttl_minutes: default 15, clamped to 1..=120

Backup and restore env vars

Variable	Meaning
`ATHENA_BACKUP_S3_BUCKET`	Required bucket name
`ATHENA_BACKUP_S3_REGION`	Optional region
`ATHENA_BACKUP_S3_ACCESS_KEY`	Optional access key
`ATHENA_BACKUP_S3_SECRET_KEY`	Optional secret key
`ATHENA_BACKUP_S3_ENDPOINT`	Optional S3-compatible endpoint
`ATHENA_BACKUP_S3_PREFIX`	Optional object prefix
`ATHENA_PG_DUMP_PATH`	Explicit path to `pg_dump`
`ATHENA_PG_RESTORE_PATH`	Explicit path to `pg_restore`

`daemon` section reference

daemon controls whether Athena keeps worker ownership inside athena_rs or moves it into the separate daemon package.

Key	Type	Bundled config value	Runtime fallback if omitted	Meaning
`daemon.enabled`	boolean	`false`	`false`	When `true`, `athena_rs` skips inline legacy, deferred, backup, and Typesense workers
`daemon.id`	string	empty	none	Optional stable runtime id used for daemon heartbeats and durable ownership
`daemon.clone_worker_enabled`	boolean	`true`	`true`	Master toggle for clone execution inside daemon package binaries
`daemon.clone_worker_poll_ms`	integer ms	`5000`	`3000`, minimum `500`	Clone worker poll interval
`daemon.clone_worker_lease_ttl_secs`	integer seconds	`300`	`900`, minimum `60`	Lease TTL for claimed clone jobs
`daemon.clone_worker_max_attempts`	integer	`3`	`3`, clamped `1..=10`	Retry budget for clone jobs
`daemon.spawn_legacy_workers`	boolean	`true`	`true`	Make `athena_daemon` also boot legacy in-process workers during migration

Daemon behavior notes

daemon.enabled: false means athena_rs still owns legacy, deferred, backup, and Typesense workers inline.
daemon.enabled: true means those worker families must be started outside the API process, normally with athena_daemon.
Clone jobs never execute inside athena_rs; they require athena_daemon or athena_clone_worker.
athena_clone_worker is the only supported partial split today. Backup, deferred, Typesense, and legacy workers do not yet have a per-family "external only, inline off" toggle.

Daemon environment overrides

The generic config override pattern still applies, so ATHENA_DAEMON_ENABLED and ATHENA_DAEMON_CLONE_WORKER_ENABLED can override their matching config.yaml keys. The dedicated daemon package also reads a runtime-specific set of overrides:

Variable	Meaning
`ATHENA_DAEMON_ID`	Override the daemon identity published into the control plane
`ATHENA_DAEMON_CLONE_ENABLED`	Runtime-level shortcut for enabling or disabling clone execution
`ATHENA_DAEMON_CLONE_POLL_MS`	Runtime override for clone poll interval
`ATHENA_DAEMON_CLONE_LEASE_TTL_SECS`	Runtime override for clone lease TTL
`ATHENA_DAEMON_CLONE_MAX_ATTEMPTS`	Runtime override for clone retry budget
`ATHENA_DAEMON_SPAWN_LEGACY_WORKERS`	Runtime override for `athena_daemon` legacy worker startup

`validation_ranges` reference

validation_ranges lets the config file define numeric min/max clamps for both file-based config values and runtime environment variables.

`validation_ranges.config`

These keys clamp values read from config.yaml:

api.port
api.cache_ttl
api.pool_idle_timeout
api.keep_alive_secs
api.client_disconnect_timeout_secs
api.client_request_timeout_secs
api.http_workers
api.http_max_connections
api.http_backlog
api.tcp_keepalive_secs
gateway.insert_execution_window_ms
gateway.insert_window_max_batch
gateway.insert_window_max_queued
gateway.resilience_timeout_secs
gateway.resilience_read_max_retries
gateway.resilience_initial_backoff_ms
gateway.admission_global_requests_per_window
gateway.admission_per_client_requests_per_window
gateway.admission_window_secs
gateway.deferred_query_worker_poll_ms

`validation_ranges.env`

These keys clamp runtime env settings loaded through RuntimeEnvSettings.

Runtime env settings (`src/config_validation.rs`)

These settings do not live under api or gateway in config.yaml; they are direct environment variables with internal defaults and optional min/max clamps.

Variable	Default	Meaning
`ATHENA_POOL_MONITOR_INTERVAL_SECS`	`30`	Pool monitor sample interval
`ATHENA_POOL_MONITOR_RETENTION_HOURS`	`24`	Connection snapshot retention
`ATHENA_VACUUM_HEALTH_INTERVAL_SECS`	`3600`	Vacuum-health collector interval
`ATHENA_VACUUM_HEALTH_RETENTION_DAYS`	`30`	Vacuum-health retention
`ATHENA_VACUUM_HEALTH_STATEMENT_TIMEOUT_MS`	`60000`	Vacuum-health statement timeout
`ATHENA_CLIENT_RECONNECT_INTERVAL_SECS`	`20`	Retry interval for reconnecting unavailable catalog clients
`ATHENA_CACHE_MAX_CAPACITY`	`10000`	Max request-cache entries/weight budget
`ATHENA_CACHE_MAX_ENTRY_WEIGHT`	`262144`	Per-entry cache weight cap
`ATHENA_PG_POOL_MAX_CONNECTIONS`	`100`	SQLx pool max connections per logical client
`ATHENA_DEADPOOL_WARMUP_TIMEOUT_MS`	`800`	Deadpool warmup timeout
`ATHENA_PG_POOL_MAX_LIFETIME_SECS`	`900`	SQLx pool max lifetime
`ATHENA_PG_POOL_MIN_CONNECTIONS`	`0`	SQLx pool min connections
`ATHENA_PG_POOL_ACQUIRE_TIMEOUT_SECS`	`8`	SQLx acquire timeout
`ATHENA_PG_POOL_IDLE_TIMEOUT_SECS`	`120`	SQLx idle timeout
`ATHENA_DEFERRED_MAX_ATTEMPTS`	`3`	Deferred-request retry count
`ATHENA_DEFERRED_WORKER_NO_STORAGE_POLL_MS`	`30000`	Deferred worker backoff when storage is unavailable
`ATHENA_DEADPOOL_CHECKOUT_TIMEOUT_MS`	`800`	Deadpool checkout timeout
`ATHENA_FETCH_SINGLEFLIGHT_WAIT_TIMEOUT_MS`	`5000`	Cache singleflight wait timeout
`ATHENA_CACHE_INVALIDATION_WINDOW_MS`	`25`	Cache invalidation coalescing window
`ATHENA_REDIS_OP_TIMEOUT_MS`	`30`	Redis operation timeout
`ATHENA_REDIS_COOLDOWN_MS`	`5000`	Temporary Redis bypass cooldown after failure
`ATHENA_VACUUM_HEALTH_BLOAT_DEAD_PCT`	`10.0`	Bloat threshold for warnings
`ATHENA_VACUUM_HEALTH_XID_RISK_PCT`	`50.0`	Transaction-ID risk threshold
`ATHENA_REALTIME_REGISTRY_PURGE_INTERVAL_SECS`	`30`	Realtime connection registry purge cadence
`ATHENA_REALTIME_REGISTRY_INACTIVE_AFTER_SECS`	`300`	Realtime connection inactivity window

Other important environment variables

These are widely used operational variables that are not part of RuntimeEnvSettings but matter in most Athena deployments.

Variable	Meaning
`POSTGRES_ATHENA_LOGGING_URI`	Logging database connection URI
`POSTGRES_ATHENA_BENCHMARK_URI`	Benchmark-target database connection URI
`ATHENA_BENCHMARK_CLIENT`	Benchmark client name for `cargo bench --bench gateway_e2e`
`ATHENA_REDIS_URL`	Enable Redis write-through cache and admission-store backend
`ATHENA_KEY_12`	Static admin key used by admin/control-plane routes
`ATHENA_WILDCARD_HOST_PATTERN`	Wildcard host routing pattern
`ATHENA_WILDCARD_HOST_ROUTING_ENABLED`	Toggle wildcard host routing
`ATHENA_PG_TOOLS_ALLOW_DOWNLOAD`	Allow auto-download of Postgres tools when not on `PATH`
`ATHENA_CORS_ALLOWED_ORIGINS`	Extra allowed origins merged into config

Operational guidance

Shared logging pool

If gateway.logging_client and gateway.auth_client point to the same logical client, auth, request logs, operation logs, deferred queue rows, admission events, and aggregate stats can all compete for one Postgres pool. For deep dives, read:

docs/architecture_gateway_pool_starvation.md
docs/architecture_gateway_client_stats_batcher.md

Startup behavior

Missing or unreachable Postgres clients do not hard-stop the process; Athena starts with the reachable subset.
Config-backed clients and database-backed catalog clients merge into one in-memory registry.
Numeric values can be silently clamped to configured validation_ranges limits; watch logs for normalization warnings.

Safe authoring tips

Prefer env placeholders for secrets: "${POSTGRES_ATHENA_LOGGING_URI}"
Keep gateway.logging_client, gateway.auth_client, and gateway.benchmark_client explicit in production
Use validation_ranges when you want guardrails for operators editing config by hand

Configuration Options

On this page