JWT Configuration

Configure JSON Web Token (JWT) validation for your ingestion and consumption APIs.

[jwt]# Enforce JWT on all consumption APIs (Default: false)enforce_on_all_consumptions_apis = false# Enforce JWT on all ingestion APIs (Default: false)enforce_on_all_ingest_apis = false# Secret key for JWT signing (Required if jwt is enabled)# secret = "your-jwt-secret"# JWT issuer (Required if jwt is enabled)# issuer = "your-issuer-name"# JWT audience (Required if jwt is enabled)# audience = "your-audience-name"

Key	Env Variable	Default	Description
`enforce_on_all_consumptions_apis`	`MOOSE_JWT__ENFORCE_ON_ALL_CONSUMPTIONS_APIS`	false	Globally enable JWT for consumption endpoints.
`enforce_on_all_ingest_apis`	`MOOSE_JWT__ENFORCE_ON_ALL_INGEST_APIS`	false	Globally enable JWT for ingestion endpoints.
`secret`	`MOOSE_JWT__SECRET`	-	SECRET. The key used to sign/verify tokens.
`issuer`	`MOOSE_JWT__ISSUER`	-	Expected token issuer claim (`iss`).
`audience`	`MOOSE_JWT__AUDIENCE`	-	Expected token audience claim (`aud`).

Warning:

The secret field contains sensitive authentication material and should never be defined in plaintext in moose.config.toml. Store it in your secrets manager and expose it via the MOOSE_JWT__SECRET environment variable.

JWT Configuration

Configure JSON Web Token (JWT) validation for your ingestion and consumption APIs.

[jwt]# Enforce JWT on all consumption APIs (Default: false)enforce_on_all_consumptions_apis = false# Enforce JWT on all ingestion APIs (Default: false)enforce_on_all_ingest_apis = false# Secret key for JWT signing (Required if jwt is enabled)# secret = "your-jwt-secret"# JWT issuer (Required if jwt is enabled)# issuer = "your-issuer-name"# JWT audience (Required if jwt is enabled)# audience = "your-audience-name"

Key	Env Variable	Default	Description
`enforce_on_all_consumptions_apis`	`MOOSE_JWT__ENFORCE_ON_ALL_CONSUMPTIONS_APIS`	false	Globally enable JWT for consumption endpoints.
`enforce_on_all_ingest_apis`	`MOOSE_JWT__ENFORCE_ON_ALL_INGEST_APIS`	false	Globally enable JWT for ingestion endpoints.
`secret`	`MOOSE_JWT__SECRET`	-	SECRET. The key used to sign/verify tokens.
`issuer`	`MOOSE_JWT__ISSUER`	-	Expected token issuer claim (`iss`).
`audience`	`MOOSE_JWT__AUDIENCE`	-	Expected token audience claim (`aud`).