Reference
CONFIG commands
Read, write, and list runtime configuration — no restarts.
Commands
| Command | Args | Description |
|---|---|---|
| CONFIG GET | <key> | Read a value with its source |
| CONFIG SET | <key> <value> | Set at runtime, persisted to WAL |
| CONFIG LIST | [prefix] | List keys with source and mutability |
Bootstrap vs runtime
Bootstrap values come from your TOML file and are loaded on startup. Runtime values come from CONFIG SET, are appended to the encrypted WAL, and survive restarts. Not every key is mutable — structural keys (bindings, storage layout) require a restart; operational keys (TTLs, rotation, rate limits, CORS) don't.
Per-engine mutable keys
sigil.keyspaces.*.rotation_days, default_ttl, max_ttlcipher.keyrings.*.rotation_days, convergentveil.cipher_addr(remote mode only)sentry.auto_reload, reload_intervalforge.ca.*.max_cert_ttl, default_cert_ttlkeep.max_versions, default_ttlcourier.auto_reload, channels.*.timeout, retry_countchronicle.retention_days, max_batch_size
Examples
terminal
> CONFIG SET sigil.keyspaces.jwt.rotation_days 7
OK
> CONFIG GET sigil.keyspaces.jwt.rotation_days
7 (runtime)
> CONFIG LIST cipher.keyrings.payments
algorithm = "aes-256-gcm" (bootstrap)
rotation_days = 30 (bootstrap)HTTP
$ curl -sX POST http://localhost:8200/v1/config/set \
-H "Authorization: Bearer $TOKEN" \
-d '{"key":"sigil.keyspaces.jwt.rotation_days","value":"7"}'
{"ok":true,"source":"runtime"}