Skip to main content

Config files

Config files enable granular, isolated control of development, staging, and production environments, and allow substitution of sensitive values using environment variables.

Usage​

Auto-load​

The simplest way to start is to place a config.json file next to your agent in the project directory. It will be loaded automatically.

.
├── config.json
├── dev-agent.py
└── venv

Declare path​

If you want to specify the path to your config file, pass it in using the config_file parameter.

agent.py
from signalwire_agents import AgentBase

# Create an agent
agent = AgentBase(name="Sigmond", config_file="./path/to/config.json")

# Start the agent
agent.serve()

Structure​

Configuration files use JSON format with environment variable substitution. Here's a complete example showing the main configuration sections:

{
  "service": {
    "name": "my-service",
    "host": "${HOST|0.0.0.0}",
    "port": "${PORT|3000}"
  },
  "security": {
    "ssl_enabled": "${SSL_ENABLED|false}",
    "ssl_cert_path": "${SSL_CERT|/etc/ssl/cert.pem}",
    "ssl_key_path": "${SSL_KEY|/etc/ssl/key.pem}",
    "auth": {
      "basic": {
        "enabled": true,
        "user": "${AUTH_USER|signalwire}",
        "password": "${AUTH_PASSWORD}"
      },
      "bearer": {
        "enabled": "${BEARER_ENABLED|false}",
        "token": "${BEARER_TOKEN}"
      }
    },
    "allowed_hosts": ["${PRIMARY_HOST}", "${SECONDARY_HOST|localhost}"],
    "cors_origins": "${CORS_ORIGINS|*}",
    "rate_limit": "${RATE_LIMIT|60}"
  }
}

Service options​

OptionTypeDefaultDescription
service.namestring-Service name for identification. This is the name set when instantiating your agent.
service.hoststring"0.0.0.0"Host/IP address to bind to
service.portnumber3000Port number to listen on
service.routestring"/"Base route path for the service

Security options​

All services share the same security configuration options:

OptionTypeDefaultDescription
ssl_enabledbooleanfalseEnable HTTPS/SSL encryption
ssl_cert_pathstring-Path to SSL certificate file
ssl_key_pathstring-Path to SSL private key file
domainstring-Domain name for SSL configuration
allowed_hostsarray["*"]List of allowed host headers
cors_originsarray["*"]List of allowed CORS origins
max_request_sizenumber10485760Maximum request size in bytes (10MB)
rate_limitnumber60Requests per minute
request_timeoutnumber30Request timeout in seconds
use_hstsbooleantrueEnable HTTP Strict Transport Security
hsts_max_agenumber31536000HSTS max age in seconds (1 year)

Here's a comprehensive example:

{
  "security": {
    "ssl_enabled": true,
    "ssl_cert_path": "/etc/ssl/cert.pem",
    "ssl_key_path": "/etc/ssl/key.pem",
    "domain": "api.example.com",
    
    "allowed_hosts": ["api.example.com", "app.example.com"],
    "cors_origins": ["https://app.example.com"],
    
    "max_request_size": 5242880,
    "rate_limit": 30,
    "request_timeout": 60,
    
    "use_hsts": true,
    "hsts_max_age": 31536000
  }
}

Prioritization​

Services in the Agents SDK look for configuration files in the below locations, in this order:

  1. Service-specific: {service_name}_config.json (e.g., search_config.json)
  2. Generic: config.json
  3. Hidden: .swml/config.json
  4. User home: ~/.swml/config.json
  5. System: /etc/swml/config.json

Configuration values are applied in this order (highest to lowest):

  1. Constructor parameters - Explicitly passed to service
  2. Config file values - From JSON configuration
  3. Environment variables - Direct env vars
  4. Defaults - Hard-coded defaults

Environment variables​

Substitution​

The configuration system supports ${VAR|default} syntax:

  • ${VAR} - Use environment variable VAR (error if not set)
  • ${VAR|default} - Use VAR or "default" if not set
  • ${VAR|} - Use VAR or empty string if not set

For example:

config.json
{
  "database": {
    "host": "${DB_HOST|localhost}",
    "port": "${DB_PORT|5432}",
    "password": "${DB_PASSWORD}"
  }
}

Environment variables can be set in several ways depending on your deployment method. For example:

Create a .env file in your project root (add to .gitignore):

.env
DB_PASSWORD=mysecretpassword
SSL_ENABLED=true
AUTH_USER=myuser

Optionally, use python-dotenv to load the .env variables:

pip install python-dotenv
from dotenv import load_dotenv
load_dotenv()  # This loads the .env file

For serverless deployment, refer to each provider's docs on managing environment variables:

AWS Lambda

Configure environment variables for Lambda functions

Google Cloud Functions

Set environment variables in Cloud Functions

Azure Functions

Manage app settings and environment variables

Examples​

Development​

This simple config sets up basic auth without SSL on port 3000.

{
  "service": {
    "host": "localhost",
    "port": 3000
  },
  "security": {
    "ssl_enabled": false,
    "auth": {
      "basic": {
        "user": "dev",
        "password": "devpass123"
      }
    }
  }
}

Production​

This config secures your service with SSL encryption, domain-based host restrictions, and environment variable substitution for sensitive credentials.

{
  "service": {
    "host": "${HOST|0.0.0.0}",
    "port": "${PORT|443}"
  },
  "security": {
    "ssl_enabled": true,
    "ssl_cert_path": "${SSL_CERT_PATH}",
    "ssl_key_path": "${SSL_KEY_PATH}",
    "domain": "${DOMAIN}",
    "auth": {
      "basic": {
        "user": "${AUTH_USER}",
        "password": "${AUTH_PASSWORD}"
      }
    },
    "allowed_hosts": ["${DOMAIN}"],
    "use_hsts": true
  }
}

Best practices​

  1. Use environment substitution for sensitive values
  2. Validate configurations before deploying to production
  3. Document custom configurations for your team
  4. Test configurations in staging environments first
  5. Version control non-sensitive configuration templates
  6. Monitor configuration loading in application logs

For detailed security configuration options, see the Security guide.