Temporal Web UI environment variables reference

You can use environment variables to dynamically alter the configuration of your Temporal Web UI.

These can be used in many environments, such as with Docker. For example:

docker run\
-e TEMPORAL_ADDRESS=127.0.0.1:7233\
-e TEMPORAL_UI_PORT=8080\
-e TEMPORAL_UI_PUBLIC_PATH=path/to/webui\
-e TEMPORAL_UI_ENABLED=true\
-e TEMPORAL_BANNER_TEXT="Some banner text"\
-e TEMPORAL_CLOUD_UI=false\
-e TEMPORAL_DEFAULT_NAMESPACE=default\
-e TEMPORAL_FEEDBACK_URL=https://feedback.here\
-e TEMPORAL_NOTIFY_ON_NEW_VERSION=true\
-e TEMPORAL_CONFIG_REFRESH_INTERVAL=0s\
-e TEMPORAL_SHOW_TEMPORAL_SYSTEM_NAMESPACE=false\
-e TEMPORAL_DISABLE_WRITE_ACTIONS=false\
-e TEMPORAL_AUTH_ENABLED=true\
-e TEMPORAL_AUTH_TYPE=oidc\
-e TEMPORAL_AUTH_PROVIDER_URL=https://accounts.google.com\
-e TEMPORAL_AUTH_ISSUER_URL=https://accounts.google.com\
-e TEMPORAL_AUTH_CLIENT_ID=xxxxx-xxxx.apps.googleusercontent.com\
-e TEMPORAL_AUTH_CLIENT_SECRET=xxxxxxxxxxxxxxx\
-e TEMPORAL_AUTH_CALLBACK_URL=https://xxxx.com:8080/auth/sso/callback\
-e TEMPORAL_AUTH_SCOPES=openid,email,profile\
-e TEMPORAL_TLS_CA=../ca.cert\
-e TEMPORAL_TLS_CERT=../cluster.pem\
-e TEMPORAL_TLS_KEY=../cluster.key\
-e TEMPORAL_TLS_ENABLE_HOST_VERIFICATION=true\
-e TEMPORAL_TLS_SERVER_NAME=tls-server\
-e TEMPORAL_CODEC_ENDPOINT=https://codec.server\
-e TEMPORAL_CODEC_PASS_ACCESS_TOKEN=false\
-e TEMPORAL_CODEC_INCLUDE_CREDENTIALS=false\
-e TEMPORAL_HIDE_LOGS=false\
temporalio/ui:<tag>

The environment variables are defined in the UI server configuration template file and described in more detail below.

`TEMPORAL_ADDRESS`

The Frontend Service address for the Temporal Cluster. This environmental variable can be set in the base configuration file using temporalGrpcAddress.

This variable is required for setting other environmental variables.

`TEMPORAL_UI_PORT`

The port used by the Temporal WebUI Server and the HTTP API.

This variable is needed for TEMPORAL_OPENAPI_ENABLED and all auth-related settings to work properly.

`TEMPORAL_UI_PUBLIC_PATH`

Stores a value such as "" or "/custom-path" that allows the UI to be served from a subpath.

`TEMPORAL_UI_ENABLED`

Enables or disables the browser UI for the Temporal Cluster.

Enabling the browser UI allows the Server to be accessed from your web browser. If disabled, the server cannot be viewed on the web, but the UI server APIs remain available for use.

`TEMPORAL_BANNER_TEXT`

Provides banner text to display on the Web UI.

`TEMPORAL_CLOUD_UI`

If enabled, use the alternate UI from Temporal Cloud.

`TEMPORAL_DEFAULT_NAMESPACE`

The default Namespace that the Web UI opens first.

`TEMPORAL_FEEDBACK_URL`

The URL that users are directed to when they click the Feedback button in the UI.

If not specified, this variable defaults to the UI's GitHub Issue page.

`TEMPORAL_NOTIFY_ON_NEW_VERSION`

Enables or disables notifications that appear in the UI whenever a newer version of the Temporal Cluster is available.

`TEMPORAL_CONFIG_REFRESH_INTERVAL`

Determines how often the UI Server reads the configuration file for new values.

`TEMPORAL_SHOW_TEMPORAL_SYSTEM_NAMESPACE`

If enabled, shows the System Namespace that handles internal Temporal Workflows in the Web UI.

`TEMPORAL_DISABLE_WRITE_ACTIONS`

Disables any button in the UI that allows the user to modify Workflows or Activities.

`TEMPORAL_AUTH_ENABLED`

Enables or disables Web UI authentication and authorization methods.

When enabled, the Web UI will use the provider information in the UI configuration file to verify the identity of users.

All auth-related variables can be defined when TEMPORAL_AUTH_ENABLED is set to "true". Disabling the variable will retain given values.

`TEMPORAL_AUTH_TYPE`

Specifies the type of authentication. Defaults to oidc.

`TEMPORAL_AUTH_PROVIDER_URL`

The .well-known IDP discovery URL for authentication and authorization.

This can be set as in the UI server configuration with auth.

`TEMPORAL_AUTH_ISSUER_URL`

The URL for the authentication or authorization issuer.

This value is only needed when the issuer differes from the auth provider URL.

`TEMPORAL_AUTH_CLIENT_ID`

The client ID used for authentication or authorization.

This value is a required parameter.

`TEMPORAL_AUTH_CLIENT_SECRET`

The client secret used for authentication and authorization.

Client Secrets are used by the oAuth Client for authentication.

`TEMPORAL_AUTH_CALLBACK_URL`

The callback URL used by Temporal for authentication and authorization.

Callback URLs are invoked by IDP after user has finished authenticating in IDP.

`TEMPORAL_AUTH_SCOPES`

Specifies a set of scopes for auth. Typically, this is openid, profile, email.

`TEMPORAL_TLS_CA`

The path for the Transport Layer Security (TLS) Certificate Authority file.

In order to configure TLS for your server, you'll need a CA certificate issued by a trusted Certificate Authority. Set this variable to properly locate and use the file.

`TEMPORAL_TLS_CERT`

The path for the Transport Layer Security (TLS) Certificate.

In order to configure TLS for your server, you'll need a self-signed certificate. Set the path to allow the environment to locate and use the certificate.

`TEMPORAL_TLS_KEY`

The path for the Transport Layer Security (TLS) key file.

A key file is used to create private and public keys for encryption and signing. Together, these keys are used to create certificates.

`TEMPORAL_TLS_CA_DATA`

Stores the data for a TLS CA file.

This variable can be used instead of providing a path for TEMPORAL_TLS_CA.

`TEMPORAL_TLS_CERT_DATA`

Stores the data for a TLS cert file.

This variable can be used instead of providing a path for TEMPORAL_TLS_CERT.

`TEMPORAL_TLS_KEY_DATA`

Stores the data for a TLS key file.

This variable can be used instead of providing a path for TEMPORAL_TLS_KEY.

`TEMPORAL_TLS_ENABLE_HOST_VERIFICATION`

Enables or disables Transport Layer Security (TLS) host verification.

When enabled, TLS checks the Host Server to ensure that files are being sent to and from the correct URL.

`TEMPORAL_TLS_SERVER_NAME`

The server on which to operate Transport Layer Security (TLS) protocols.

TLS allows the current server to transmit encrypted files to other URLs without having to reveal itself. Because of this, TLS operates a go-between server.

`TEMPORAL_CODEC_ENDPOINT`

The endpoint for the Codec Server, if configured.

`TEMPORAL_CODEC_PASS_ACCESS_TOKEN`

Specifies whether to send a JWT access token as ‘authorization' header in requests with the Codec Server.

`TEMPORAL_CODEC_INCLUDE_CREDENTIALS`

Specifies whether to include credentials along with requests to the Codec Server.

`TEMPORAL_FORWARD_HEADERS`

Forward-specified HTTP headers to direct from HTTP API requests to the Temporal gRPC backend.

`TEMPORAL_HIDE_LOGS`

If enabled, does not print logs from the Temporal Service.

TEMPORAL_ADDRESS​

TEMPORAL_UI_PORT​

TEMPORAL_UI_PUBLIC_PATH​

TEMPORAL_UI_ENABLED​

TEMPORAL_BANNER_TEXT​

TEMPORAL_CLOUD_UI​

TEMPORAL_DEFAULT_NAMESPACE​

TEMPORAL_FEEDBACK_URL​

TEMPORAL_NOTIFY_ON_NEW_VERSION​

TEMPORAL_CONFIG_REFRESH_INTERVAL​

TEMPORAL_SHOW_TEMPORAL_SYSTEM_NAMESPACE​

TEMPORAL_DISABLE_WRITE_ACTIONS​

TEMPORAL_AUTH_ENABLED​

TEMPORAL_AUTH_TYPE​

TEMPORAL_AUTH_PROVIDER_URL​

TEMPORAL_AUTH_ISSUER_URL​

TEMPORAL_AUTH_CLIENT_ID​

TEMPORAL_AUTH_CLIENT_SECRET​

TEMPORAL_AUTH_CALLBACK_URL​

TEMPORAL_AUTH_SCOPES​

TEMPORAL_TLS_CA​

TEMPORAL_TLS_CERT​

TEMPORAL_TLS_KEY​

TEMPORAL_TLS_CA_DATA​

TEMPORAL_TLS_CERT_DATA​

TEMPORAL_TLS_KEY_DATA​

TEMPORAL_TLS_ENABLE_HOST_VERIFICATION​

TEMPORAL_TLS_SERVER_NAME​

TEMPORAL_CODEC_ENDPOINT​

TEMPORAL_CODEC_PASS_ACCESS_TOKEN​

TEMPORAL_CODEC_INCLUDE_CREDENTIALS​

TEMPORAL_FORWARD_HEADERS​

TEMPORAL_HIDE_LOGS​