Configuration files

Options for Horizon apps are set by two TOML files in the app’s root directory:

(A third configuration file, .hz/schema.toml, is optionally used for the database schema.) The example configuration files installed by hz init are fully commented; this documentation is taken from there.

Note that any of these options can be overridden with environment variables of the form HZ_<OPTION>, where <OPTION> is the name of the option listed in this file. To override the serve_static setting, for instance, you could use:

export HZ_SERVE_STATIC="./static"

This would override the setting in the config.toml file. However, if the --serve-static option were passed to the hz serve command, that would take priority over both the configuration file and any environment variables: configuration precedence is command line flags first, environment variables next, configuration file last.

Options are shown with their default values.

Networking options (config.toml)

bind = [ "localhost" ]
port = 8181
secure = true
key_file = "horizon-key.pem"
cert_file = "horizon-cert.pem"
access_control_allow_origin = ""

App options (config.toml)

project_name = "horizon"
serve_static = "dist"
debug = false

RethinkDB options (config.toml)

RethinkDB connection information may alternatively be specified with individual options:

connect = "localhost:28015"
start_rethinkdb = false
auto_create_collection = false
auto_create_index = false
rdb_timeout = 20

Warning: Tables and indexes are not lightweight objects, and allowing ad hoc creation could potentially expose your service to denial-of-service attacks. The auto_create_* options should not be enabled on a publicly-accessible service.

Authentication options (config.toml)

allow_anonymous = false
allow_unauthenticated = false
auth_redirect = "/"
access_control_allow_origin = ""


Horizon supports OAuth authentication for Facebook, Google, Twitter, Github and Twitch, as well as Auth0 single sign-on. Each enabled service appears in its own TOML table and has two key/value pairs, id and secret.

host = ""
id = "0000000000000000000000000"
secret = "00000000000000000000000000000000000000000000000000"
redirect_url = ""

id = "000000000000000"
secret = "00000000000000000000000000000000"

id = ""
secret = "000000000000000000000000"

id = "0000000000000000000000000"
secret = "00000000000000000000000000000000000000000000000000"

id = "00000000000000000000"
secret = "0000000000000000000000000000000000000000"

id = "0000000000000000000000000000000"
secret = "0000000000000000000000000000000"

If the id and secret pairs are set for a given service, that service is enabled for authentication.

In addition, the secrets.toml file contains the token_secret used for token encryption. When this file is created by hz init, the token_secret will be set to a randomly-generated base64 string.