This section covers the configuration required for the CLI and Worker SDK.
CLI configuration
Set the endpoint for SaaS or self-hosted deployments and authenticate with an API key for SaaS.
RELAYMESH_API_KEY=your-api-key relaymesh --endpoint https://api.your-domain.com providers list
For self-hosted deployments, the CLI reads the same config.yaml as the server. Use placeholders for secrets and keep them in environment variables or secret managers.
server:
port: 8080
endpoint: https://githook.example.com
storage:
driver: postgres
dsn: postgresql://postgres:${POSTGRES_PASSWORD}@db.example.com:5432/githook?sslmode=require
dialect: postgres
auto_migrate: true
max_open_conns: 2
max_idle_conns: 1
conn_max_lifetime_ms: 300000
conn_max_idle_time_ms: 60000
auth:
oauth2:
enabled: true
issuer: https://your-tenant.us.auth0.com/
audience: https://githook.example.com
mode: auth_code
Configure OAuth2 in the CLI config only if you enabled OAuth2 on the server.
Worker SDK configuration
Workers can read the same config.yaml as the server, but SaaS workers usually only need the endpoint and API key. They resolve driver configuration from the API, not from local storage.
endpoint: https://api.your-domain.com
auth:
oauth2:
enabled: true
issuer: https://auth.your-domain.com
audience: githook-api
client_id: ${GITHOOK_OAUTH_CLIENT_ID}
client_secret: ${GITHOOK_OAUTH_CLIENT_SECRET}
scopes: [githook.read]
If you prefer environment variables, set GITHOOK_API_BASE_URL and GITHOOK_CONFIG_PATH instead of endpoint.
SaaS workers call the control plane to validate topics, resolve installations, and update event log status. Self-hosted workers can continue to use local driver configuration.