JouleBridgeDocs
Configuration

Environment

Environment variables, runtime flags, and profile-based configuration for Bridge Kernel.

Environment Configuration

Bridge Kernel supports environment-based configuration overrides on top of the YAML config file. This is useful for secrets management, CI/CD pipelines, and multi-environment deployments.

Configuration precedence

  1. CLI flags (highest priority)
  2. Environment variables
  3. bridge.yaml (lowest priority)

Environment variables

VariableDescriptionDefault
BRIDGE_CONFIGPath to config filebridge.yaml
BRIDGE_NODE_IDOverride runtime.node_idfrom config
BRIDGE_ENVIRONMENTOverride runtime.environmentdev
BRIDGE_KEYSTORE_PATHOverride keystore locationfrom config
BRIDGE_POLICY_SECRETHMAC secret for policy signingfrom config
BRIDGE_LEDGER_PATHOverride ledger database pathfrom config
BRIDGE_LOG_LEVELLog verbosity (debug, info, warn, error)info

Environment profiles

Development (dev)

Permissive defaults for rapid iteration:

runtime:
  node_id: bridge-node-local
  environment: dev
  replay_window_seconds: 600
  allowed_future_skew_seconds: 120

layers:
  proof:
    provider: software

Staging (staging)

Production-like constraints without strict enforcement:

runtime:
  node_id: bridge-staging-01
  environment: staging
  replay_window_seconds: 300
  allowed_future_skew_seconds: 60

policy:
  fail_closed: true

Production (production)

Full enforcement with hardware-backed signing:

runtime:
  node_id: bridge-prod-site-a
  environment: production
  replay_window_seconds: 120
  allowed_future_skew_seconds: 30

layers:
  proof:
    provider: tpm
    tpm_device: /dev/tpmrm0

policy:
  fail_closed: true

Runtime flags

bridge-node ctl run-once --config bridge.yaml --log-level debug
bridge-node ctl status --config bridge.yaml --format json

Docker environment

Pass environment variables to Docker containers:

docker run --rm \
  -e BRIDGE_ENVIRONMENT=production \
  -e BRIDGE_POLICY_SECRET=$POLICY_SECRET \
  -v $(pwd)/bridge.yaml:/app/bridge.yaml:ro \
  -v $(pwd)/data:/app/data \
  bridge-kernel:latest

Best practices

  • Never commit secrets (BRIDGE_POLICY_SECRET, keystore files) to version control.
  • Use a secret manager (Vault, AWS Secrets Manager, etc.) for production secrets.
  • Keep environment-specific overrides minimal — put shared configuration in bridge.yaml.
  • Validate configuration on every deployment with bridge-node ctl status.

Policy Rules

Write, sign, and deploy policy bundles that control which events reach the ledger.

Operations

Deploy, monitor, secure, and troubleshoot Bridge Kernel in production.

On this page

Environment ConfigurationConfiguration precedenceEnvironment variablesEnvironment profilesDevelopment (dev)Staging (staging)Production (production)Runtime flagsDocker environmentBest practices