Configuration Management Tutorial#

This tutorial covers managing scafctl’s application configuration using the config CLI commands.

Overview#

scafctl uses a YAML configuration file to control application behavior including logging, HTTP client settings, resolver timeouts, catalog locations, and more.

CommandDescription
config initCreate config file
config viewView current config
config get/setRead/write values
config validateValidate config
config schemaView JSON schema
config pathsShow XDG paths

Quick Start#

1. Initialize Configuration#

Create a new config file:

# Create minimal config
scafctl config init

# Create with all options documented
scafctl config init --full

# Preview without writing
scafctl config init --dry-run

# Write to custom path
scafctl config init --output ./my-config.yaml
# Create minimal config
scafctl config init

# Create with all options documented
scafctl config init --full

# Preview without writing
scafctl config init --dry-run

# Write to custom path
scafctl config init --output ./my-config.yaml

2. View Configuration#

See the current effective configuration:

# Full config (YAML format)
scafctl config view

# As JSON
scafctl config view -o json

# Filter with CEL expression
scafctl config view -e '_.settings'

# Interactive TUI explorer
scafctl config view -i
# Full config (YAML format)
scafctl config view

# As JSON
scafctl config view -o json

# Filter with CEL expression
scafctl config view -e '_.settings'

# Interactive TUI explorer
scafctl config view -i

3. Show Config Sources#

See where each value comes from (file, environment, default):

scafctl config show
scafctl config show

Getting and Setting Values#

Read Values#

Use dot notation to read specific config values:

# Get logging level
scafctl config get logging.level

# Get default catalog
scafctl config get settings.defaultCatalog

# Get HTTP timeout
scafctl config get httpClient.timeout
# Get logging level
scafctl config get logging.level

# Get default catalog
scafctl config get settings.defaultCatalog

# Get HTTP timeout
scafctl config get httpClient.timeout

Write Values#

# Set logging level
scafctl config set logging.level debug

# Set HTTP timeout
scafctl config set httpClient.timeout 60s

# Set resolver concurrency
scafctl config set resolver.concurrency 8

# Enable a boolean
scafctl config set httpClient.caching.enabled true
# Set logging level
scafctl config set logging.level debug

# Set HTTP timeout
scafctl config set httpClient.timeout 60s

# Set resolver concurrency
scafctl config set resolver.concurrency 8

# Enable a boolean
scafctl config set httpClient.caching.enabled true

Reset to Default#

# Reset a value to its default
scafctl config unset logging.level

# Reset HTTP configuration
scafctl config unset httpClient.timeout
# Reset a value to its default
scafctl config unset logging.level

# Reset HTTP configuration
scafctl config unset httpClient.timeout

Managing Catalogs#

Add a Catalog#

# Add a local filesystem catalog
scafctl config add-catalog my-catalog --type filesystem --path ~/my-solutions

# Add an OCI registry catalog
scafctl config add-catalog company --type oci --url ghcr.io/myorg/scafctl-catalog

# Add and set as default
scafctl config add-catalog primary --type filesystem --path ~/catalogs/main --default
# Add a local filesystem catalog
scafctl config add-catalog my-catalog --type filesystem --path ~/my-solutions

# Add an OCI registry catalog
scafctl config add-catalog company --type oci --url ghcr.io/myorg/scafctl-catalog

# Add and set as default
scafctl config add-catalog primary --type filesystem --path ~/catalogs/main --default

Remove a Catalog#

scafctl config remove-catalog my-catalog
scafctl config remove-catalog my-catalog

Set Default Catalog#

scafctl config use-catalog my-catalog
scafctl config use-catalog my-catalog

Validation#

Validate Config File#

# Validate current config
scafctl config validate

# Validate a specific file
scafctl config validate path/to/config.yaml
# Validate current config
scafctl config validate

# Validate a specific file
scafctl config validate path/to/config.yaml

View Config Schema#

# Pretty-printed JSON Schema
scafctl config schema

# Minified (for piping)
scafctl config schema --compact
# Pretty-printed JSON Schema
scafctl config schema

# Minified (for piping)
scafctl config schema --compact

View System Paths#

See where scafctl stores files on your system:

# Show all XDG paths
scafctl config paths

# As JSON
scafctl config paths -o json

# Show paths for a different platform
scafctl config paths --platform linux
# Show all XDG paths
scafctl config paths

# As JSON
scafctl config paths -o json

# Show paths for a different platform
scafctl config paths --platform linux

Typical output:

 💡 scafctl Paths
Platform: darwin/arm64
Config:      ~/.config/scafctl/config.yaml
Secrets:     ~/.local/share/scafctl/secrets
Data:        ~/.local/share/scafctl
Catalog:     ~/.local/share/scafctl/catalog
Cache:       ~/.cache/scafctl
HTTP Cache:  ~/.cache/scafctl/http-cache
State:       ~/.local/state/scafctl
Override paths with XDG environment variables or SCAFCTL_SECRETS_DIR.

Configuration Reference#

Key Settings#

KeyTypeDefaultDescription
logging.levelstringnoneLog level: none, error, warn, info, debug, trace, or numeric V-level
logging.formatstringconsoleLog format: console (colored), json (structured)
settings.defaultCatalogstringlocalDefault catalog name
httpClient.timeoutduration30sHTTP request timeout
httpClient.retry.maxRetriesint3Max HTTP retries
httpClient.caching.enabledbooltrueEnable HTTP response caching
httpClient.maxResponseBodySizeint104857600Max HTTP response body size (bytes, default 100 MB)
httpClient.allowPrivateIPsboolfalseAllow requests to private/loopback IPs (SSRF protection)
settings.requireSecureKeyringboolfalseFail if OS keyring unavailable instead of insecure fallback
resolver.timeoutduration5mOverall resolver timeout
resolver.concurrencyint4Max parallel resolver execution
action.timeoutduration10mOverall action timeout
action.concurrencyint4Max parallel action execution
auth.entra.*objectEntra (Azure AD) auth handler config
auth.github.hostnamestringgithub.comGitHub hostname (or GHES hostname)
auth.github.clientIdstringbuilt-inOAuth App client ID
auth.github.defaultScopes[]string[gist, read:org, repo, workflow]Default OAuth scopes

Config File Location#

The config file is located at the XDG config path:

PlatformDefault Location
macOS~/.config/scafctl/config.yaml
Linux~/.config/scafctl/config.yaml
Windows%APPDATA%\scafctl\config.yaml

Override with the --config flag on any command:

scafctl run solution my-solution --config ./custom-config.yaml
scafctl run solution my-solution --config ./custom-config.yaml

Examples#

Minimal Config#

See examples/config/minimal-config.yaml :

version: 1
settings:
  defaultCatalog: "local"
logging:
  level: "none"
catalogs:
  - name: local
    type: filesystem
    path: ~/scafctl-catalog/

Full Config#

See examples/config/full-config.yaml for a complete reference with all options documented.

Common Workflows#

Initial Setup#

# 1. Initialize config
scafctl config init

# 2. Set up a catalog
scafctl config add-catalog local --type filesystem --path ~/scafctl-catalog --default

# 3. Verify
scafctl config view
scafctl config validate
# 1. Initialize config
scafctl config init

# 2. Set up a catalog
scafctl config add-catalog local --type filesystem --path ~/scafctl-catalog --default

# 3. Verify
scafctl config view
scafctl config validate

Switch Environments#

# Use staging catalog
scafctl config use-catalog staging

# Increase logging for debugging
scafctl config set logging.level debug

# After debugging, reset
scafctl config unset logging.level
# Use staging catalog
scafctl config use-catalog staging

# Increase logging for debugging
scafctl config set logging.level debug

# After debugging, reset
scafctl config unset logging.level

Next Steps#

Edit Edit this page
Backward Auto-Discovery Tutorial File Provider Tutorial Forward