Afunana
Afunana Documentation

Environment Configuration

The complete configuration reference, hierarchy, and management methods.

← All docs

Afunana keeps roughly 130 configuration settings in a database table, layered under a secrets precedence chain. This document explains the resolution hierarchy and the two distinct precedence chains (bootstrap settings vs everything else), and — for operators — provides a full reference organized by category. Per-box source connection identity and credentials (IBM i, Oracle, z/OS) are managed separately on the Connections screen, not as configuration settings, and are covered in Source Platform Integration.


Configuration Hierarchy

Configuration is resolved from several sources with a defined precedence — the first source that provides a value wins. It is not a single flat hierarchy: the small set of bootstrap settings and everything else follow two different chains, because the bootstrap settings must resolve before any database connection exists.

In practice, almost all day-to-day configuration lives in the database and is managed in the Admin UI; only the handful of bootstrap settings are secret- or file-based.

What the Client Must Configure

Most of Afunana's ~130 keys ship with safe defaults and can be left alone. Only a short list needs the client's attention before the corresponding feature works. The table below summarizes them in priority order. (The source connection — IBM i / Oracle / z/OS host, credentials, port — is not in this table: it is created on the Connections screen, see Source Platform Integration.)

Marker Meaning
🔴 Required -- the feature does not work (or is insecure) until it is set.
🟡 Recommended for production -- the default works but is not ideal.
Optional -- only needed if you use that feature.
Priority Setting(s) Why
🔴 A source connection (IBM i / Oracle) Created on the Connections screen — nothing extracts without it. Not an app_config key.
🔴 At least one AI provider key + the model per role Set the provider API key(s) and pick a model for each role in the admin UI (API Keys / AI Config).
🔴 The public URL users reach Afunana at Drives CORS, e-mail links, and SSO redirects.
🟡 Organization name and confidentiality banner Branding and the confidentiality label on generated documents.
🟡 Outbound e-mail (SMTP) account Required for password-reset and notification e-mail. Skip if no e-mail.
🟡 Audit-log retention period Set to match your retention policy (commonly 90 / 180 / 365 days).
Audit forwarding to a SIEM Enable to forward audit events to a SIEM / Logstash collector.
Single sign-on (SSO) Configure if using Azure AD / OIDC. Users are auto-provisioned on first SSO login.

Everything else can stay at its default.