Configuration

Rust uses environment variables for a number of configuration options. Some of these include:

variable	value	description
RUST_LOG	debug, info, warn, error	minimum Rust error logging level
RUST_TEST_THREADS	1	maximum number of concurrent threads for testing.

In addition, Sync server configuration options can either be specified as environment variables (prefixed with SYNC_*) or in a configuration file using the --config option.

For example the following are equivalent:

$ SYNC_HOST=0.0.0.0 SYNC_MASTER_SECRET="SuperSikkr3t" SYNC_SYNCSTORAGE__DATABASE_URL=mysql://scott:tiger@localhost/syncstorage cargo run

$ cat syncstorage.local.toml
host = "0.0.0.0"
master_secret = "SuperSikkr3t"

[syncstorage]
database_url = "mysql://scott:tiger@localhost/syncstorage"
$ cargo run -- --config syncstorage.local.toml

Options can be mixed between environment variables and configuration. Environment variables have higher precedence.

Options

The following configuration options are available.

Server Settings

Env Var	Default Value	Description
SYNC_HOST	127.0.0.1	Host address to bind the server to
SYNC_PORT	8000	Server port to bind to
SYNC_MASTER_SECRET	None, required	Secret used to derive auth secrets
SYNC_ENVIRONMENT	dev	Environment name (“dev”, “stage”, “prod”)
SYNC_HUMAN_LOGS	false	Enable human-readable logs
SYNC_ACTIX_KEEP_ALIVE	None	HTTP keep-alive header value in seconds
SYNC_WORKER_MAX_BLOCKING_THREADS	512	The maximum number of blocking threads in the worker threadpool. This threadpool is used by Actix-web to handle blocking operations.

CORS

Env Var	Default Value	Description
SYNC_CORS_ALLOWED_ORIGIN	*	Allowed origins for CORS requests
SYNC_CORS_MAX_AGE	1728000	CORS preflight cache seconds (20 days)
SYNC_CORS_ALLOWED_METHODS	[“DELETE”, “GET”, “POST”, “PUT”]	Allowed methods
SYNC_CORS_ALLOWED_HEADERS	See source	Allowed headers for CORS requests

Syncstorage Database

Env Var	Default Value	Description
SYNC_SYNCSTORAGE__DATABASE_URL	mysql://root@127.0.0.1/syncstorage	Database connection URL
SYNC_SYNCSTORAGE__DATABASE_POOL_MAX_SIZE	10	Max database connections
SYNC_SYNCSTORAGE__DATABASE_POOL_CONNECTION_TIMEOUT	30	Pool timeout in seconds
SYNC_SYNCSTORAGE__DATABASE_POOL_CONNECTION_LIFESPAN	None	Max connection age in seconds
SYNC_SYNCSTORAGE__DATABASE_POOL_CONNECTION_MAX_IDLE	None	Max idle time in seconds
SYNC_SYNCSTORAGE__DATABASE_POOL_SWEEPER_TASK_INTERVAL	30	How often, in seconds, a background task runs to evict idle database connections (Spanner only)
SYNC_SYNCSTORAGE__DATABASE_SPANNER_ROUTE_TO_LEADER	false	Send leader-aware headers to Spanner
SYNC_SYNCSTORAGE__SPANNER_EMULATOR_HOST	None	Spanner emulator host (e.g., localhost:9010)

Syncstorage Limits

Env Var	Default Value	Description
SYNC_SYNCSTORAGE__LIMITS__MAX_POST_BYTES	2,621,440	Max BSO payload size per request
SYNC_SYNCSTORAGE__LIMITS__MAX_POST_RECORDS	100	Max BSO count per request
SYNC_SYNCSTORAGE__LIMITS__MAX_RECORD_PAYLOAD_BYTES	2,621,440	Max individual BSO payload size
SYNC_SYNCSTORAGE__LIMITS__MAX_REQUEST_BYTES	2,625,536	Max Content-Length for requests
SYNC_SYNCSTORAGE__LIMITS__MAX_TOTAL_BYTES	262,144,000	Max BSO payload size per batch
SYNC_SYNCSTORAGE__LIMITS__MAX_TOTAL_RECORDS	10,000	Max BSO count per batch
SYNC_SYNCSTORAGE__LIMITS__MAX_QUOTA_LIMIT	2,147,483,648	Max storage quota per user (2 GB)

Syncstorage Features

Env Var	Default Value	Description
SYNC_SYNCSTORAGE__ENABLED	true	Enable syncstorage service
SYNC_SYNCSTORAGE__ENABLE_QUOTA	false	Enable quota tracking (Spanner only)
SYNC_SYNCSTORAGE__ENFORCE_QUOTA	false	Enforce quota limits (Spanner only)
SYNC_SYNCSTORAGE__GLEAN_ENABLED	true	Enable Glean telemetry
SYNC_SYNCSTORAGE__LBHEARTBEAT_TTL	None	Load balancer heartbeat period in seconds
SYNC_SYNCSTORAGE__LBHEARTBEAT_TTL_JITTER	25	Jitter percentage for the load balancer heartbeat period
SYNC_SYNCSTORAGE__STATSD_LABEL	syncstorage	StatsD metrics label prefix

Tokenserver Database

Env Var	Default Value	Description
SYNC_TOKENSERVER__DATABASE_URL	mysql://root@127.0.0.1/tokenserver	Tokenserver database URL
SYNC_TOKENSERVER__DATABASE_POOL_MAX_SIZE	10	Max tokenserver DB connections
SYNC_TOKENSERVER__DATABASE_POOL_CONNECTION_TIMEOUT	30	Pool timeout in seconds

Tokenserver Features

Env Var	Default Value	Description
SYNC_TOKENSERVER__INIT_NODE_URL	None	The storage node URL, protocol + host, to insert into the `nodes` table on startup. This is the origin where the service is hosted, e.g. “http://localhost:8000”.
SYNC_TOKENSERVER__INIT_NODE_CAPACITY	100000	The storage node capacity of the server specified by `SYNC_TOKENSERVER__INIT_NODE_URL`. Only used if `SYNC_TOKENSERVER__INIT_NODE_URL` is set.
SYNC_TOKENSERVER__ENABLED	false	Enable tokenserver service
SYNC_TOKENSERVER__RUN_MIGRATIONS	false	Run DB migrations on startup
SYNC_TOKENSERVER__NODE_TYPE	spanner	Storage backend type reported in token response for telemetry. Valid values: “mysql”, “postgres”, “spanner”
SYNC_TOKENSERVER__STATSD_LABEL	syncstorage.tokenserver	StatsD metrics label prefix
SYNC_TOKENSERVER__TOKEN_DURATION	3600	Token TTL (1 hour)
SYNC_TOKENSERVER__FXA_WEBHOOK_ENABLED	false	Enable the FxA webhook endpoint. When disabled, the route is not registered.
SYNC_TOKENSERVER__FXA_WEBHOOK_METRICS_ONLY	false	Run the FxA webhook handler in metrics-only mode. Received events are counted but not processed. Only used if `FXA_WEBHOOK_ENABLED` is true.
SYNC_TOKENSERVER__FXA_WEBHOOK_SET_CLIENT_ID	None	Expected `aud` of FxA Security Event Tokens. Required for account event webhooks.
SYNC_TOKENSERVER__FXA_WEBHOOK_SET_ISSUER	None	Expected `iss` of FxA Security Event Tokens. Required for account event webhooks.

Tokenserver+FxA Integration

Env Var	Default Value	Description
SYNC_TOKENSERVER__FXA_EMAIL_DOMAIN	api-accounts.stage.mozaws.net	FxA email domain
SYNC_TOKENSERVER__FXA_OAUTH_SERVER_URL	https://oauth.stage.mozaws.net	FxA OAuth server URL
SYNC_TOKENSERVER__FXA_OAUTH_REQUEST_TIMEOUT	10	OAuth request timeout in seconds
SYNC_TOKENSERVER__FXA_METRICS_HASH_SECRET	secret	Secret for hashing metrics to maintain anonymity
SYNC_TOKENSERVER__ADDITIONAL_BLOCKING_THREADS_FOR_FXA_REQUESTS	1	Number of additional blocking threads to add to the threadpool for OAuth verification requests to FxA
SYNC_TOKENSERVER__FXA_OAUTH_PRIMARY_JWK__KTY	None	Primary JWK key type (e.g., “RSA”)
SYNC_TOKENSERVER__FXA_OAUTH_PRIMARY_JWK__ALG	None	Primary JWK algorithm (e.g., “RS256”)
SYNC_TOKENSERVER__FXA_OAUTH_PRIMARY_JWK__KID	None	Primary JWK key ID
SYNC_TOKENSERVER__FXA_OAUTH_PRIMARY_JWK__FXA_CREATED_AT	None	Primary JWK creation timestamp
SYNC_TOKENSERVER__FXA_OAUTH_PRIMARY_JWK__USE	None	Primary JWK use (e.g., “sig”)
SYNC_TOKENSERVER__FXA_OAUTH_PRIMARY_JWK__N	None	Primary JWK modulus (RSA public key component)
SYNC_TOKENSERVER__FXA_OAUTH_PRIMARY_JWK__E	None	Primary JWK exponent (RSA public key component)
SYNC_TOKENSERVER__FXA_OAUTH_SECONDARY_JWK__*	None	Secondary JWK (same structure as primary)

StatsD Metrics

Env Var	Default Value	Description
SYNC_STATSD_HOST	localhost	StatsD server hostname
SYNC_STATSD_PORT	8125	StatsD server port
SYNC_INCLUDE_HOSTNAME_TAG	false	Include hostname in metrics tags

Keyboard shortcuts

Mozilla Syncstorage-rs