Application Configuration
The backend platform uses a layered configuration system. Understanding these layers is critical — misconfiguration is the most common cause of deployment failures.
Configuration Layers (Priority Order)
1. Runtime flags (-e SPRING_PROFILES_ACTIVE=test) ← highest priority
2. Environment file (--env-file /opt/slaunchx/.../test.env)
3. Profile YAML (application-test.yml in JAR)
4. Base YAML (application.yml in JAR) ← lowest priorityHigher layers override lower layers. You should never modify YAML files in the JAR — use env files and runtime flags instead.
Spring Profiles
| Profile | Purpose | When to Use |
|---|---|---|
dev | Local development | IDE / localhost |
test | Integration testing | CI/CD test stage |
alpha | Pre-production staging | Staging environment |
product | Production | Live production |
Set the active profile at container start:
-e SPRING_PROFILES_ACTIVE=testEnvironment Variable Reference
Database (MySQL)
| Variable | Example | Notes |
|---|---|---|
DB_HOST | slaunchx-mysql-test | Use Docker container name, not IP |
DB_PORT | 3306 | Internal Docker port, not the host-mapped port |
DB_NAME | slaunchx | Main database name |
DB_USERNAME | slaunchx | Application user |
DB_PASSWORD | (secret) |
Known Issue: Variable Naming
The dev profile uses DB_USER and RABBITMQ_USER, while other profiles use DB_USERNAME and RABBITMQ_USERNAME. Always check which name your target profile expects. Using the wrong name causes a silent fallback to default credentials.
Redis
| Variable | Example | Notes |
|---|---|---|
REDIS_HOST | slaunchx-redis-test | Container name |
REDIS_PORT | 6379 | Internal port |
REDIS_DATABASE | 0 | Database index |
REDIS_PASSWORD | (secret) |
RabbitMQ
| Variable | Example | Notes |
|---|---|---|
RABBITMQ_HOST | slaunchx-rabbitmq-test | Container name |
RABBITMQ_PORT | 5672 | AMQP port |
RABBITMQ_USERNAME | slaunchx | See naming warning above |
RABBITMQ_PASSWORD | (secret) |
Security & Encryption
| Variable | Example | Notes |
|---|---|---|
SLAUNCHX_SECURITY_ENCRYPTION_MASTER_KEYS_K1 | (base64) | AES-256 key, 32 bytes base64-encoded |
SLAUNCHX_SECURITY_ENCRYPTION_ACTIVE_KEY_VERSION | K1 | Which master key is active |
SLAUNCHX_SECURITY_ENCRYPTION_HKDF_SALT | (hex) | HKDF salt for key derivation |
OTP_ENCRYPTION_KEY | (base64) | 32-byte key for OTP secret encryption |
Encryption Keys
These keys protect user data at rest. Losing the master key means losing access to all encrypted data. Back up these values securely and never store them in plain text in version control.
Object Storage (MinIO)
| Variable | Example | Notes |
|---|---|---|
MINIO_ENDPOINT | http://slaunchx-minio-test:9000 | Full URL with protocol |
MINIO_ACCESS_KEY | (secret) | |
MINIO_SECRET_KEY | (secret) |
Bootstrap (First Deployment Only)
| Variable | Example | Notes |
|---|---|---|
SYSTEM_BOOTSTRAP_CONFIG | /config/bootstrap.json | Path to institution init config |
SLAUNCHX_BOOTSTRAP_ADMIN_PASSWORD | (secret) | Initial SYSTEM admin password |
These are only needed on the very first startup to create the initial institution, portal configuration, and admin account.
External Integrations (Optional)
| Variable | Service | Notes |
|---|---|---|
TURNSTILE_SECRET_KEY | Cloudflare Turnstile | Bot protection |
STRIPE_API_KEY | Stripe | Payment processing |
TRON_RPC_ENDPOINT | TRON | Blockchain access |
SOLANA_RPC_ENDPOINT | Solana | Blockchain access |
JVM Configuration
Set JVM options via the JAVA_OPTS environment variable:
-e JAVA_OPTS="-Xms512m -Xmx1024m -XX:+UseG1GC -XX:MaxGCPauseMillis=200"| Environment | Recommended Xms | Recommended Xmx |
|---|---|---|
| test | 256m | 512m |
| alpha | 512m | 1024m |
| product | 1024m | 2048m |
The platform uses JDK 21 virtual threads (spring.threads.virtual.enabled=true), so thread pool sizing is less critical than in traditional deployments.
Preparing the Env File
Create one env file per module per environment. Example for app-prometheus in test:
cat > /opt/slaunchx/config/app-prometheus/test.env << 'EOF'
# Database
DB_HOST=slaunchx-mysql-test
DB_PORT=3306
DB_NAME=slaunchx
DB_USERNAME=slaunchx
DB_PASSWORD=your-db-password
# Redis
REDIS_HOST=slaunchx-redis-test
REDIS_PORT=6379
REDIS_DATABASE=0
REDIS_PASSWORD=your-redis-password
# RabbitMQ
RABBITMQ_HOST=slaunchx-rabbitmq-test
RABBITMQ_PORT=5672
RABBITMQ_USERNAME=slaunchx
RABBITMQ_PASSWORD=your-rabbitmq-password
# MinIO
MINIO_ENDPOINT=http://slaunchx-minio-test:9000
MINIO_ACCESS_KEY=your-access-key
MINIO_SECRET_KEY=your-secret-key
# Security
SLAUNCHX_SECURITY_ENCRYPTION_MASTER_KEYS_K1=your-base64-master-key
SLAUNCHX_SECURITY_ENCRYPTION_ACTIVE_KEY_VERSION=K1
SLAUNCHX_SECURITY_ENCRYPTION_HKDF_SALT=your-hkdf-salt
OTP_ENCRYPTION_KEY=your-base64-otp-key
# JVM
JAVA_OPTS=-Xms256m -Xmx512m -XX:+UseG1GC -XX:MaxGCPauseMillis=200
EOF
# Secure the file
chmod 600 /opt/slaunchx/config/app-prometheus/test.envConfiguration Checklist
- [ ] Active profile is set (
SPRING_PROFILES_ACTIVE) - [ ] All database connection variables filled
- [ ] All Redis connection variables filled
- [ ] All RabbitMQ connection variables filled
- [ ] MinIO endpoint and credentials set
- [ ] Encryption keys generated and stored securely
- [ ] Env file permissions restricted (
chmod 600) - [ ] For first deployment: bootstrap config prepared