Documentation
¶
Overview ¶
Binary pbflags-admin is the flag management control plane.
It provides the admin API, web UI, and a local evaluator interface. Requires a PostgreSQL database with R/W access.
Normal mode (requires external "pbflags sync" for migrations and definition sync):
pbflags-admin --database=postgres://user:pass@localhost:5432/flags
Standalone mode (single instance — runs migrations, syncs definitions, and evaluates flags in one process):
pbflags-admin --standalone --descriptors=descriptors.pb \ --database=postgres://user:pass@localhost:5432/flags
Standalone mode with a pre-compiled bundle (no proto/CEL tooling needed):
pbflags-admin --standalone --bundle=bundle.pb \ --database=postgres://user:pass@localhost:5432/flags
Flags can also be supplied via picocli-style @file references:
pbflags-admin @config.flags
Environment variables override CLI flags:
PBFLAGS_DATABASE PostgreSQL connection string PBFLAGS_ADMIN Admin listen address (default: :9200) PBFLAGS_LISTEN Evaluator listen address (default: :9201) PBFLAGS_DESCRIPTORS Path to descriptors.pb (standalone only) PBFLAGS_BUNDLE Path to compiled bundle.pb (standalone only; mutually exclusive with PBFLAGS_DESCRIPTORS) PBFLAGS_ENV_NAME Environment label shown in admin UI PBFLAGS_ENV_COLOR Accent color for admin UI environment banner PBFLAGS_CACHE_KILL_TTL Kill set cache TTL (default: 30s) PBFLAGS_CACHE_FLAG_TTL Global flag state cache TTL (default: 10m) PBFLAGS_CACHE_OVERRIDE_TTL Per-entity override cache TTL (default: 10m) PBFLAGS_AUTH_STRATEGY Authentication strategy: none, shared-secret, trusted-header (default: none) PBFLAGS_AUTH_TOKEN Shared-secret Bearer token (required if strategy=shared-secret) PBFLAGS_AUTH_HEADER Header name for trusted-header strategy (default: X-Forwarded-User)
Source Files
Click to show internal directories.
Click to hide internal directories.