Configuration

tidemarq is configured via a YAML file and optionally overridden by environment variables. The config is loaded once at startup — there is no hot-reload.

Config file location

By default tidemarq looks for tidemarq.yaml in the current working directory, then /etc/tidemarq/tidemarq.yaml. The path can be overridden with the TIDEMARQ_CONFIG environment variable.

The Docker Compose file mounts ./tidemarq.yaml from the project root to /etc/tidemarq/tidemarq.yaml inside the container.

Full reference

Every configuration key is documented in tidemarq.example.yaml in the repository. The sections below cover the most commonly changed settings.

Key settings

Data directory

tidemarq.yaml

data_dir: /data   # where the database, versions, and quarantine live

The data directory must be on a persistent volume. In the default Docker Compose setup this is the ./data host directory.

Authentication

tidemarq.yaml

auth:
  admin_username: admin
  admin_password: your-strong-password
    # jwt_secret: leave blank to auto-generate on first start

The admin account is created on first start if no users exist. The JWT signing secret is generated and persisted to <data_dir>/.jwt_secret if not provided explicitly. Passwords are always stored bcrypt-hashed.

Server & TLS

tidemarq.yaml

server:
  http_port:  8716   # HTTP — redirects to HTTPS
  https_port: 8717   # HTTPS — main UI and API
    # tls_cert: /path/to/cert.pem   # omit to use auto-generated self-signed cert
    # tls_key:  /path/to/key.pem

Retention

tidemarq.yaml

retention:
  quarantine_days:        30   # soft-deleted files kept for N days
  version_history_days:   90   # file version snapshots kept for N days
  audit_log_retention_days: 90   # audit log entries kept for N days

Environment variable overrides

Any config key can be overridden with an environment variable using the TIDEMARQ_ prefix and double underscore as separator. For example:

Environment variable	Config key
`TIDEMARQ_DATA_DIR`	`data_dir`
`TIDEMARQ_AUTH__ADMIN_PASSWORD`	`auth.admin_password`
`TIDEMARQ_AUTH__JWT_SECRET`	`auth.jwt_secret`
`TIDEMARQ_SERVER__HTTPS_PORT`	`server.https_port`

Environment variables take precedence over the config file. This is the recommended approach for secrets in production — pass TIDEMARQ_AUTH__ADMIN_PASSWORD as a Docker secret or from a secrets manager rather than storing it in the YAML file.

ℹ

Config is read once at startup. Changing the config file or environment variables requires a container restart to take effect.