Settings
The Settings page (/settings) provides a centralized interface for managing global configuration values. Only users with the ADMIN role can access this page.
How Settings Work
Settings are stored in the database as key-value pairs using the ApplicationConfig entity. Each setting includes:
| Field | Description |
|---|---|
key | Unique identifier for the setting |
value | The configuration value (max 4096 characters) |
group | Logical grouping for the UI (e.g., general, docker, security) |
description | Human-readable explanation shown in the settings form |
isSecret | When true, the value is masked in the UI and API responses |
TIP
Secret settings (like registry passwords or API tokens) are masked with asterisks in the UI. The actual value is only sent to the backend on save — it is never returned in GET responses.
Configuration Groups
General
| Setting | Description |
|---|---|
| Frontend URL | Public URL of the frontend (used for CORS and redirects) |
| Backend URL | Public URL of the backend API |
| CORS Allowed Origins | Comma-separated list of allowed origins |
Docker Registry
| Setting | Description |
|---|---|
| Registry URL | Docker registry endpoint (e.g., registry.example.com) |
| Registry Username | Authentication username |
| Registry Password | Authentication password (secret) |
Notifications
| Setting | Description |
|---|---|
| Notification retention | How long to keep notification history |
| Email / Slack / Webhook integrations | Outbound notification channels |
Security
| Setting | Description |
|---|---|
| Session timeout | Maximum idle time before requiring re-authentication |
| Password policy | Minimum length, complexity requirements |
API
Settings are managed through the ConfigurationController.
List All Settings
GET /api/configReturns all settings grouped by category. Secret values are redacted.
Update a Setting
PUT /api/config/{key}
Content-Type: application/json
{
"value": "https://app.example.com"
}Bulk Update
PUT /api/config
Content-Type: application/json
[
{ "key": "frontend.url", "value": "https://app.example.com" },
{ "key": "cors.origins", "value": "https://app.example.com,https://admin.example.com" }
]WARNING
Changing CORS or URL settings may require a backend restart to take effect if the values were also set via environment variables. Database-stored settings take precedence at runtime.