Configuration Reference

Complete reference for appsettings.json settings in the Riptide Application Manager. Environment variables can override any setting — see Deployment Guide for environment-specific configuration.

Distinct from the API Reference, which documents the REST surface AM exposes to client applications. This document covers the configuration surface AM consumes at startup.

Ports and Hosting

Web UI

{
  "Web": {
    "Kestrel": {
      "Endpoints": {
        "Http": { "Url": "http://*:11401" }
      }
    },
    "ApiBaseUrl": "http://localhost:11402",
    "ApiKey": "",
    "Timeout": 30
  }
}

Setting	Default	Description
`Web:Kestrel:Endpoints:Http:Url`	`http://*:11401`	Web UI listen address
`Web:ApiBaseUrl`	`http://localhost:11402`	Internal URL the Web UI uses to call the API
`Web:ApiKey`	(empty)	API key for authenticating Web UI → API calls
`Web:Timeout`	`30`	HTTP client timeout in seconds

REST API

{
  "Api": {
    "Kestrel": {
      "Endpoints": {
        "Http": { "Url": "http://*:11402" }
      }
    },
    "Cors": {
      "AllowedOrigins": ["http://localhost:11401"]
    },
    "ApiKey": "",
    "MaxRequestBodySize": 10485760,
    "RequestTimeout": 30
  }
}

Setting	Default	Description
`Api:Kestrel:Endpoints:Http:Url`	`http://*:11402`	API listen address
`Api:Cors:AllowedOrigins`	`["http://localhost:11401"]`	Allowed CORS origins
`Api:ApiKey`	(empty)	API key for API authentication
`Api:MaxRequestBodySize`	`10485760` (10 MB)	Maximum request body size
`Api:RequestTimeout`	`30`	Request timeout in seconds

Databases

{
  "Database": {
    "Identity": {
      "Provider": "Sqlite",
      "ConnectionString": "Data Source=data/identity/identity.db",
      "MigrationsAssembly": "Riptide.ApplicationManager.Infrastructure"
    },
    "Configuration": {
      "Provider": "Sqlite",
      "ConnectionString": "Data Source=data/configuration/configuration.db",
      "MigrationsAssembly": "Riptide.ApplicationManager.Infrastructure"
    }
  }
}

Application Manager uses two separate databases:

Database	Purpose
Identity	Trial users, sessions, roles, capabilities, identity providers
Configuration	Admin users, managed applications, file tree, versions, audit logs

The Provider field supports Sqlite (default). The database provider is abstracted to support future backends (PostgreSQL, SQL Server).

Web UI Settings

{
  "Web": {
    "Ui": {
      "ApplicationName": "Riptide Application Manager",
      "PageSize": 20,
      "Theme": "light",
      "EnableDebugInfo": false
    },
    "Session": {
      "TimeoutMinutes": 60,
      "SlidingExpiration": true
    },
    "Features": {
      "EnableTrialManagement": true,
      "EnableConfigurationManagement": true,
      "EnableFileVersioning": true,
      "EnableAuditLog": true
    }
  }
}

Setting	Default	Description
`Web:Ui:ApplicationName`	`Riptide Application Manager`	Display name in the UI header
`Web:Ui:PageSize`	`20`	Default page size for list views
`Web:Ui:Theme`	`light`	UI theme
`Web:Ui:EnableDebugInfo`	`false`	Show debug information in the UI
`Web:Session:TimeoutMinutes`	`60`	Session inactivity timeout
`Web:Session:SlidingExpiration`	`true`	Reset timeout on activity
`Web:Features:Enable*`	`true`	Feature flags to enable/disable major sections

Trial Settings

{
  "Trial": {
    "DefaultDurationDays": 7,
    "GracePeriodDays": 30,
    "MaxTeamMembers": 5,
    "AutoActivate": true
  }
}

Setting	Default	Description
`Trial:DefaultDurationDays`	`7`	Default trial period length
`Trial:GracePeriodDays`	`30`	Grace period after trial expiration
`Trial:MaxTeamMembers`	`5`	Maximum team members per trial
`Trial:AutoActivate`	`true`	Automatically activate trials after email verification

Email

{
  "EmailProvider": "AwsSes",
  "Email": {
    "Enabled": true,
    "FromAddress": "noreply@riptide.solutions",
    "FromName": "Riptide Application Manager"
  }
}

Set EmailProvider to either Smtp or AwsSes.

SMTP

{
  "Smtp": {
    "Host": "smtp.example.com",
    "Port": 587,
    "Username": "",
    "Password": "",
    "EnableSsl": true
  }
}

AWS SES

{
  "AwsSes": {
    "Region": "us-east-1",
    "AccessKey": "",
    "SecretKey": "",
    "ConfigurationSetName": ""
  }
}

See the Deployment Guide for detailed AWS SES setup including IAM policies.

Security

{
  "Security": {
    "SessionTimeoutMinutes": 60,
    "PasswordResetTokenExpirationMinutes": 60,
    "MaxLoginAttempts": 5,
    "LockoutDurationMinutes": 15
  }
}

Setting	Default	Description
`Security:SessionTimeoutMinutes`	`60`	Session timeout
`Security:PasswordResetTokenExpirationMinutes`	`60`	Password reset token lifetime
`Security:MaxLoginAttempts`	`5`	Failed attempts before lockout
`Security:LockoutDurationMinutes`	`15`	Lockout duration after max attempts

SDK Security Middleware

{
  "Riptide": {
    "Security": {
      "Headers": {
        "EnableHsts": false,
        "RemoveServerHeader": true,
        "EnableXContentTypeOptions": true,
        "EnableXFrameOptions": true,
        "ContentSecurityPolicy": "default-src 'self'; ...",
        "ReferrerPolicy": "strict-origin-when-cross-origin"
      },
      "Audit": {
        "Enabled": true,
        "StorageProvider": "Database",
        "RetentionDays": 2555,
        "IncludeRequestBody": false,
        "IncludeResponseBody": false,
        "ExcludePaths": ["/health", "/ready", "/hangfire"],
        "AlertOnPolicyViolations": false
      },
      "Compliance": {
        "Enabled": true,
        "EnabledTemplates": ["SOC2", "HIPAA", "FedRAMP"]
      }
    }
  }
}

Setting	Default	Description
`Headers:EnableHsts`	`false`	Enable HTTP Strict Transport Security (enable in production behind TLS)
`Headers:RemoveServerHeader`	`true`	Remove the `Server` response header
`Audit:RetentionDays`	`2555`	Audit log retention (~7 years)
`Audit:ExcludePaths`	`["/health", "/ready", "/hangfire"]`	Paths excluded from audit logging
`Compliance:EnabledTemplates`	`["SOC2", "HIPAA", "FedRAMP"]`	Active compliance frameworks

Scheduled Audits

{
  "SecurityAudit": {
    "ScheduledAudit": {
      "Enabled": false,
      "IntervalHours": 24,
      "Frameworks": ["SOC2", "HIPAA", "FedRAMP", "StateRAMP"]
    }
  }
}

Setting	Default	Description
`ScheduledAudit:Enabled`	`false`	Enable automatic compliance audits
`ScheduledAudit:IntervalHours`	`24`	Hours between audit runs
`ScheduledAudit:Frameworks`	All four	Frameworks to audit

Riptide SDK

{
  "Riptide": {
    "Logging": {
      "ApplicationName": "RiptideApplicationManager",
      "MinimumLevel": "Information",
      "EnableCorrelationId": true,
      "EnablePiiSanitization": true,
      "Console": {
        "Enabled": true,
        "MinimumLevel": "Debug"
      },
      "File": {
        "Enabled": true,
        "LogDirectory": "logs",
        "MaxFileSizeInMB": 10,
        "RetainedFileCountLimit": 31
      },
      "External": {
        "Enabled": false,
        "Provider": "DataDog",
        "ApiKey": ""
      }
    },
    "Monitoring": {
      "ApplicationName": "RiptideApplicationManager",
      "EnableMetrics": true,
      "EnableTracing": true,
      "Provider": "Console",
      "SamplingRate": 1.0
    },
    "Configuration": {
      "Provider": "LocalDevelopment",
      "EnableValidation": true,
      "EnableCaching": true,
      "CacheExpirationMinutes": 60
    }
  }
}

Setting	Default	Description
`Logging:EnableCorrelationId`	`true`	Add correlation IDs to all log entries
`Logging:EnablePiiSanitization`	`true`	Sanitize personally identifiable information in logs
`Logging:File:RetainedFileCountLimit`	`31`	Number of log files to retain
`Monitoring:EnableMetrics`	`true`	Enable performance metrics collection
`Monitoring:EnableTracing`	`true`	Enable distributed tracing
`Monitoring:SamplingRate`	`1.0`	Trace sampling rate (1.0 = sample everything)

Rate Limiting

{
  "RateLimiting": {
    "GlobalPermitLimit": 100,
    "EmailResendLimitPerHour": 3,
    "BulkOperationConcurrency": 3,
    "ApiRequestsPerMinute": 60
  }
}

File Management

{
  "FileManagement": {
    "MaxFileSizeBytes": 5242880,
    "MaxVersions": 10,
    "AllowedFileExtensions": [".json", ".yaml", ".yml", ".txt", ".xml", ".conf", ".config", ".env"]
  }
}

Setting	Default	Description
`MaxFileSizeBytes`	`5242880` (5 MB)	Maximum configuration file size
`MaxVersions`	`10`	Maximum versions retained per file
`AllowedFileExtensions`	See above	Permitted file types

Background Jobs (Hangfire)

{
  "Hangfire": {
    "DashboardPath": "/hangfire",
    "ServerName": "ApplicationManager",
    "WorkerCount": 5,
    "EnableDashboard": true
  }
}

SignalR

{
  "SignalR": {
    "EnableDetailedErrors": true,
    "MaximumReceiveMessageSize": 102400
  }
}

The SignalR hub at /hubs/progress provides real-time progress updates for long-running operations like compliance assessments and bulk operations.

Environment Variable Overrides

Any setting can be overridden via environment variables using the standard ASP.NET Core convention (double underscores for section separators):

# Override the API key
Api__ApiKey=rtk_your-api-key-here

# Override the database path
Database__Identity__ConnectionString="Data Source=/custom/path/identity.db"

# Enable scheduled audits
SecurityAudit__ScheduledAudit__Enabled=true

In Docker deployments, set these in the .env file or pass them directly to docker compose.