Skip to main content
The Maverics Orchestrator loads its YAML configuration from exactly one source at a time. The source is selected via an environment variable (or CLI flag for local file). Remote sources support automatic hot-reload through ETag-based change detection.
Console terminology: In the Maverics Console, Orchestrator instances and configuration delivery are managed through Deployments. When working directly with YAML, configuration is managed as files delivered via the -config flag or MAVERICS_CONFIG environment variable.

How Config Sources Work

The Orchestrator checks for configuration source environment variables at startup. If a remote config source variable is set, the Orchestrator fetches the YAML configuration from that remote location. If no remote source is configured, the Orchestrator reads from a local file specified by MAVERICS_CONFIG or the -config CLI flag.
Only one remote config source may be active at a time. If multiple config source environment variables are set, the Orchestrator will use the first one found. Do not set more than one remote config source variable.

Available Sources

SourceEnvironment Variable / FlagUse Case
FileMAVERICS_CONFIG or -config flagLocal YAML file on disk
EnvironmentN/A (substitution syntax)Override values via {{ env.VAR }} substitution
Maverics StorageConsole DeploymentsManaged config delivery from Maverics Storage
S3MAVERICS_AWS_CONFIGAWS S3 bucket
Azure BlobMAVERICS_AZURE_CONFIGAzure Blob Storage
GCSMAVERICS_GCP_CONFIGGoogle Cloud Storage
GitHubMAVERICS_GITHUB_CONFIGGitHub repository
GitLabMAVERICS_GITLAB_CONFIGGitLab repository

ETag-Based Change Detection

Remote config sources (S3, Azure Blob, GCS, GitHub, GitLab) periodically check for configuration changes using ETag headers. When a change is detected, the Orchestrator reloads the configuration automatically. Enable hot-reload by setting the MAVERICS_RELOAD_CONFIG environment variable: 
export MAVERICS_RELOAD_CONFIG=true
export MAVERICS_POLLING_INTERVAL_SECONDS=30
During a successful configuration reload, user sessions and tokens issued on behalf of resource owners are invalidated to ensure policy updates take effect immediately. Plan reload timing accordingly in production environments.

Source Pages

File

Load config from a local YAML file via MAVERICS_CONFIG or -config flag

Environment

Substitute environment variables in YAML with {{ env.VAR }} syntax

Maverics Storage

Strata-managed config delivery for Console deployments

S3

Load config from an AWS S3 bucket via MAVERICS_AWS_CONFIG

Azure Blob

Load config from Azure Blob Storage via MAVERICS_AZURE_CONFIG

GCS

Load config from Google Cloud Storage via MAVERICS_GCP_CONFIG

GitHub

Load config from a GitHub repository via MAVERICS_GITHUB_CONFIG

GitLab

Load config from a GitLab repository via MAVERICS_GITLAB_CONFIG

Sessions

Session configuration and storage options

Identity Fabric

Identity provider integrations

Secret Providers

How the Orchestrator retrieves secrets at runtime

Configuration

Complete configuration field reference