Documentation Index Fetch the complete documentation index at: https://docs.golf.dev/llms.txt
Use this file to discover all available pages before exploring further.
Environment Variables Golf Gateway uses environment variables with the GOLF_ prefix for configuration. This reference covers all variables available when running in Centralized or Distributed mode.
Golf Gateway supports multiple deployment modes. This documentation covers Centralized and Distributed modes, which are the recommended configurations for production deployments.
Quick Start Centralized Mode Minimal configuration to connect a gateway to Control Plane:
# Gateway Identity (Required) # Get these values from the Control Plane when creating a new gateway export GOLF_GATEWAY_ID =< uuid-from-control-plane > export GOLF_GATEWAY_API_KEY =< api-key-from-control-plane > export GOLF_GATEWAY_CONTROL_PLANE_URL = https :// your-control-plane . example . com # Redis (Required) export GOLF_CACHE_REDIS_URL = redis :// localhost : 6379 / 0
Distributed Mode Distributed mode uses a local YAML configuration file for servers while connecting to Control Plane for organization policies and monitoring. Use the same environment variables as Centralized mode, plus a golf_gateway.yaml configuration file.
# Same as Centralized mode export GOLF_GATEWAY_ID =< uuid-from-control-plane > export GOLF_GATEWAY_API_KEY =< api-key-from-control-plane > export GOLF_GATEWAY_CONTROL_PLANE_URL = https :// your-control-plane . example . com export GOLF_CACHE_REDIS_URL = redis :// localhost : 6379 / 0 # Plus: Create a golf_gateway.yaml file with your server configurations
In Centralized and Distributed modes, server configurations, identity providers, and security policies are managed through the Golf Control Plane or YAML file - not through environment variables.
Complete .env Template Copy this template and customize for your environment:
# ============================================================ # Golf Gateway Configuration - Centralized / Distributed Mode # ============================================================ # -------------------- REQUIRED SETTINGS -------------------- # Gateway Identity [REQUIRED] # Get these from Control Plane when creating a new gateway GOLF_GATEWAY_ID = your-gateway-uuid-here GOLF_GATEWAY_API_KEY = your-gateway-api-key-here GOLF_GATEWAY_CONTROL_PLANE_URL = https://your-control-plane.example.com # Redis [REQUIRED] GOLF_CACHE_REDIS_URL = redis://localhost:6379/0 # -------------------- OPTIONAL SETTINGS -------------------- # Server Binding # GOLF_SERVER_HOST=0.0.0.0 # GOLF_SERVER_PORT=8080 # Security Mode # GOLF_SECURITY_MODE=block # Rate Limiting # GOLF_RATE_LIMIT_ENABLED=true # GOLF_RATE_LIMIT_REQUESTS_PER_MINUTE=20 # -------------------- EXPORT: ELASTICSEARCH ---------------- # GOLF_ELASTICSEARCH_ENABLED=false # GOLF_ELASTICSEARCH_URL=https://localhost:9200 # GOLF_ELASTICSEARCH_API_KEY= # GOLF_ELASTICSEARCH_INDEX_PREFIX=golf-gateway # -------------------- EXPORT: OPENTELEMETRY ---------------- # GOLF_OTEL_ENABLED=false # GOLF_OTEL_ENDPOINT=http://localhost:4317 # GOLF_OTEL_PROTOCOL=grpc # GOLF_OTEL_SERVICE_NAME=golf-gateway # -------------------- EXPORT: AZURE SENTINEL --------------- # GOLF_SENTINEL_ENABLED=false # GOLF_SENTINEL_DCR_IMMUTABLE_ID= # GOLF_SENTINEL_DCR_ENDPOINT= # GOLF_SENTINEL_TENANT_ID= # GOLF_SENTINEL_CLIENT_ID= # GOLF_SENTINEL_CLIENT_SECRET= # -------------------- TLS / mTLS --------------------------- # GOLF_TLS_SERVER_CERT_FILE= # GOLF_TLS_SERVER_KEY_FILE= # GOLF_TLS_MTLS_ENABLED=false
Gateway Identity These variables connect your gateway to the Control Plane. Get these values when creating a new gateway in the Golf Control Plane.
Environment prefix: GOLF_GATEWAY_
Variable Type Required Description GOLF_GATEWAY_IDUUID Yes Gateway UUID from Control Plane GOLF_GATEWAY_API_KEYstring Yes Gateway API key for authentication GOLF_GATEWAY_CONTROL_PLANE_URLstring Yes Control Plane URL (must start with http:// or https://)
Keep your GOLF_GATEWAY_API_KEY secure. It authenticates your gateway to the Control Plane. If compromised, regenerate it in the Golf Control Plane.
Security Environment prefix: GOLF_SECURITY_
Settings Variable Type Description GOLF_SECURITY_INTEGRITY_KEYstring Required. 64-character hex key for audit log integrity verification
# Generate a security key openssl rand -hex 32
Operation Mode Variable Type Default Description GOLF_SECURITY_MODEmonitor | blockblockmonitor: log threats only; block: prevent threats
Cache (Redis) Environment prefix: GOLF_CACHE_
Variable Type Default Description GOLF_CACHE_REDIS_URLstring redis://localhost:6379/0Required. Redis connection URL
Rate Limiting Environment prefix: GOLF_RATE_LIMIT_
Variable Type Default Description GOLF_RATE_LIMIT_ENABLEDbool trueEnable rate limiting GOLF_RATE_LIMIT_REQUESTS_PER_MINUTEint 20Requests per minute per user (1-1000) GOLF_RATE_LIMIT_WINDOW_SECONDSint 60Rate limit window (10-300 seconds)
Privacy Environment prefix: GOLF_PRIVACY_
Variable Type Default Description GOLF_PRIVACY_SCRUBBING_ENABLEDbool trueEnable/disable PII scrubbing in logs
TLS/mTLS Environment prefix: GOLF_TLS_
Server TLS Variable Type Default Description GOLF_TLS_SERVER_CERT_FILEstring - Path to server certificate (PEM) GOLF_TLS_SERVER_KEY_FILEstring - Path to server private key (PEM) GOLF_TLS_SERVER_KEY_PASSWORDstring - Password for encrypted server key
CA Certificate Variable Type Default Description GOLF_TLS_CA_CERT_FILEstring - Path to CA certificate for verifying internal services
Mutual TLS (mTLS) Variable Type Default Description GOLF_TLS_MTLS_ENABLEDbool falseEnable mutual TLS with client certificates GOLF_TLS_CLIENT_CERT_FILEstring - Path to client certificate (PEM) for mTLS GOLF_TLS_CLIENT_KEY_FILEstring - Path to client private key (PEM) for mTLS GOLF_TLS_CLIENT_KEY_PASSWORDstring - Password for encrypted client key
When GOLF_TLS_MTLS_ENABLED=true, both client_cert_file and client_key_file are required.
Export: Elasticsearch Environment prefix: GOLF_ELASTICSEARCH_
Variable Type Default Description GOLF_ELASTICSEARCH_ENABLEDbool falseEnable Elasticsearch export GOLF_ELASTICSEARCH_URLstring - Elasticsearch URL (for self-hosted) GOLF_ELASTICSEARCH_CLOUD_IDstring - Elastic Cloud ID (for Elastic Cloud) GOLF_ELASTICSEARCH_API_KEYstring - Elasticsearch API key GOLF_ELASTICSEARCH_INDEX_PREFIXstring golf-gatewayIndex name prefix GOLF_ELASTICSEARCH_TIMEOUTint 30Request timeout (5-120 seconds)
Use either url (self-hosted) or cloud_id (Elastic Cloud), not both.
Export: OpenTelemetry Environment prefix: GOLF_OTEL_
Basic Configuration Variable Type Default Description GOLF_OTEL_ENABLEDbool falseEnable OTEL export GOLF_OTEL_ENDPOINTstring - OTLP endpoint URL (required if enabled) GOLF_OTEL_PROTOCOLgrpc | http/protobuf | http/jsongrpcOTLP protocol GOLF_OTEL_SERVICE_NAMEstring golf-gatewayService name in OTEL GOLF_OTEL_TIMEOUTint 30Export timeout (5-120 seconds) GOLF_OTEL_COMPRESSIONgzip | nonegzipCompression method GOLF_OTEL_INSECUREbool falseAllow insecure connections
Export Targets Variable Type Default Description GOLF_OTEL_EXPORT_LOGSbool trueExport audit logs GOLF_OTEL_EXPORT_METRICSbool falseExport metrics GOLF_OTEL_EXPORT_TRACESbool falseExport traces
Batching Variable Type Default Description GOLF_OTEL_BATCH_SIZEint 512Items per batch (1-2048) GOLF_OTEL_BATCH_TIMEOUT_MSint 5000Batch timeout in milliseconds (100-30000)
Headers and Attributes Variable Type Default Description GOLF_OTEL_HEADERSJSON {}Additional headers for authentication GOLF_OTEL_RESOURCE_ATTRIBUTESJSON {}Additional resource attributes
# Example: OTEL with authentication header GOLF_OTEL_HEADERS = '{"Authorization": "Bearer YOUR_TOKEN"}' GOLF_OTEL_RESOURCE_ATTRIBUTES = '{"environment": "production", "region": "us-west-2"}'
Export: Azure Sentinel Environment prefix: GOLF_SENTINEL_
Data Collection Rule (DCR) Variable Type Default Description GOLF_SENTINEL_ENABLEDbool falseEnable Sentinel export GOLF_SENTINEL_DCR_IMMUTABLE_IDstring - Data Collection Rule immutable ID GOLF_SENTINEL_DCR_ENDPOINTstring - DCR logs ingestion endpoint (HTTPS) GOLF_SENTINEL_DCR_STREAM_NAMEstring Custom-GolfGateway_CLDCR stream name
Azure AD Authentication Variable Type Default Description GOLF_SENTINEL_TENANT_IDstring - Azure tenant ID GOLF_SENTINEL_CLIENT_IDstring - Service principal client ID GOLF_SENTINEL_CLIENT_SECRETstring - Service principal secret
Variable Type Default Description GOLF_SENTINEL_BATCH_SIZEint 100Batch size (1-500) GOLF_SENTINEL_BATCH_TIMEOUT_MSint 10000Batch timeout in milliseconds (100-30000) GOLF_SENTINEL_TIMEOUTint 30Request timeout (5-120 seconds) GOLF_SENTINEL_MAX_RETRIESint 3Maximum retry attempts (1-10)
Better Stack Logging Environment prefix: GOLF_BETTERSTACK_
Variable Type Default Description GOLF_BETTERSTACK_SOURCE_TOKENstring - Better Stack source token (required to enable) GOLF_BETTERSTACK_HOSTstring https://in.logtail.comBetter Stack ingestion host GOLF_BETTERSTACK_LOG_LEVELstring INFOMinimum log level (DEBUG, INFO, WARNING, ERROR, CRITICAL)
YAML Configuration YAML configuration schema for Distributed mode deployments
Audit Log Schema Complete audit log entry structure reference
Security Overview Learn about Golf Gateway’s security features
Deployment Guide Deploy Golf Gateway to production
