Configuration
PgCache supports three configuration methods: a TOML config file, CLI arguments, and Docker environment variables. These can be combined — CLI arguments override TOML file values, and Docker environment variables are mapped to CLI arguments by the container entrypoint.
Configuration Methods
| Method | Usage | Best For |
|---|---|---|
| Environment variables | UPSTREAM_URL=postgres://... | Docker deployments (recommended) |
| CLI arguments | Passed via Docker command | Overriding specific values |
| TOML file | Mounted into container | Version-controlled config |
TOML Configuration Reference
[origin] — Origin Database Connection
The PostgreSQL database that PgCache caches queries for.
| Field | Type | Required | Default | Description |
|---|---|---|---|---|
host | string | yes | — | Origin database hostname |
port | integer | yes | — | Origin database port |
user | string | yes | — | Database user |
password | string | no | — | Database password |
database | string | yes | — | Database name |
ssl_mode | string | no | disable | TLS mode: disable, require, or verify-full |
[replication] — Replication Connection (Optional)
Override connection settings for CDC logical replication. Every field is optional and cascades from [origin] when not specified. This is useful when your application connects through a connection pooler like PgBouncer, but CDC replication needs a direct connection to PostgreSQL.
| Field | Type | Default | Description |
|---|---|---|---|
host | string | origin host | Replication host |
port | integer | origin port | Replication port |
user | string | origin user | Replication user |
password | string | origin password | Replication password |
database | string | origin database | Replication database |
ssl_mode | string | origin ssl_mode | TLS mode: disable, require, or verify-full |
[cdc] — Change Data Capture
Settings for PostgreSQL logical replication. PgCache creates and manages the publication and replication slot automatically on the origin database using these names.
| Field | Type | Required | Default | Description |
|---|---|---|---|---|
publication_name | string | yes | — | Name of the publication PgCache creates on the origin |
slot_name | string | yes | — | Name of the logical replication slot PgCache creates on the origin |
[listen] — Proxy Listener
| Field | Type | Required | Default | Description |
|---|---|---|---|---|
socket | string | yes | — | Address and port to listen on (e.g., 0.0.0.0:5432) |
[metrics] — Prometheus Metrics (Optional)
| Field | Type | Required | Default | Description |
|---|---|---|---|---|
socket | string | yes | — | Address and port for the metrics HTTP endpoint |
Top-Level Settings
General
| Field | Type | Required | Default | Description |
|---|---|---|---|---|
num_workers | integer | yes | — | Number of worker threads for handling connections |
log_level | string | no | — | Log level filter. Supports simple levels ("info", "debug") and module-specific filters ("pgcache_lib::cache=debug,info") |
telemetry | boolean | no | true | Anonymous telemetry reporting. Set to false to disable. See Telemetry for details on what is collected |
Cache Behavior
The fields in this section plus log_level can be changed at runtime via the HTTP admin API (PUT /config) without restarting. See Monitoring for the admin endpoints.
| Field | Type | Required | Default | Description |
|---|---|---|---|---|
cache_size | integer | no | — | Deprecated. Hard upper bound on cache disk size in bytes. When unset, the disk-size limit is auto-derived from the cache volume’s live free space. A configured value overrides the automatic limit |
cache_policy | string | no | clock | Eviction policy: clock (second-chance) or fifo (oldest first) |
admission_threshold | integer | no | 1 | Number of times a query must be seen before cache admission (clock policy only; 1 admits on first occurrence) |
mv_size_ratio | integer | no | 10 | Materialized result size gate. A shape-eligible query (aggregate, GROUP BY, DISTINCT, etc.) is materialized only when result_rows × mv_size_ratio ≤ source_rows at first population. Window functions materialize unconditionally |
memo_cache_size | integer | no | 67108864 | Total byte budget for the in-process result memo, an in-memory tier that serves the hottest queries inline without a cache-database round-trip. Default 64 MiB; 0 disables it |
memory_limit | integer | no | — | Absolute ceiling (bytes) on pgcache’s total memory footprint (the pgcache process plus the cache Postgres it manages). When unset, the ceiling is 80% of detected RAM (cgroup-aware in containers). As whole-system used memory approaches the ceiling, registration of new distinct queries is throttled — they are forwarded to origin instead of cached — bounding memory under high query cardinality. A configured value can only lower the effective ceiling, never raise it above 80% of RAM |
allowed_tables | array | no | — | Only cache queries referencing these tables. Supports unqualified ("orders") and schema-qualified ("audit.orders") names. If omitted, all tables are cacheable |
Pinned Queries
| Field | Type | Required | Default | Description |
|---|---|---|---|---|
pinned_queries | array | no | — | SQL queries to pin in cache at startup. Pinned queries are pre-populated, protected from eviction, and auto-readmitted after CDC invalidation |
pinned_tables | array | no | — | Tables to pin in cache. Each table is expanded to SELECT * FROM {table} and merged with pinned_queries |
TLS
| Field | Type | Required | Default | Description |
|---|---|---|---|---|
tls_cert | string | no | — | Path to TLS certificate (PEM) for client connections |
tls_key | string | no | — | Path to TLS private key (PEM) for client connections |
Full Example Configuration
num_workers = 4
# cache_size = 1073741824 # deprecated; disk limit auto-derives from free space when unset
# cache_policy = "clock" # or "fifo"
# admission_threshold = 1 # clock policy only
log_level = "info"
# Optional: restrict caching to specific tables
# allowed_tables = ["users", "orders", "products"]
# Optional: pin queries in cache at startup
# pinned_queries = [
# "SELECT * FROM settings",
# "SELECT * FROM categories",
# ]
# Optional: pin entire tables (shorthand for pinned_queries)
# pinned_tables = ["settings", "categories"]
[origin]
host = "db.example.com"
port = 5432
user = "app_user"
password = "secret"
database = "myapp"
ssl_mode = "require"
# Optional: override replication connection
# Useful when origin is behind PgBouncer
[replication]
host = "db-direct.example.com"
port = 5432
[cdc]
publication_name = "pgcache_pub"
slot_name = "pgcache_slot"
[listen]
socket = "0.0.0.0:6432"
[metrics]
socket = "0.0.0.0:9090"CLI Arguments Reference
All TOML fields can be set via command-line arguments. CLI values override TOML values.
| Flag | Description |
|---|---|
-c, --config | Path to TOML configuration file |
--origin_host | Origin database host |
--origin_port | Origin database port |
--origin_user | Origin database user |
--origin_password | Origin database password |
--origin_database | Origin database name |
--origin_ssl_mode | Origin TLS mode (disable, require, or verify-full) |
--replication_host | Replication host override |
--replication_port | Replication port override |
--replication_user | Replication user override |
--replication_password | Replication password override |
--replication_database | Replication database override |
--replication_ssl_mode | Replication TLS mode override |
--cdc_publication_name | Logical replication publication name |
--cdc_slot_name | Logical replication slot name |
--listen_socket | Listen address and port |
--num_workers | Number of worker threads |
--cache_size | Hard cache disk-size limit in bytes (deprecated; default auto-derives from free disk) |
--cache_policy | Eviction policy (clock or fifo) |
--admission_threshold | Query admission threshold (clock policy only) |
--mv_size_ratio | Materialized result size gate (default 10) |
--memo_cache_size | In-process result memo byte budget (default 64 MiB; 0 disables) |
--memory_limit | Absolute RSS ceiling in bytes for registration throttling (default: 80% of RAM; can only lower) |
--tls_cert | TLS certificate file path |
--tls_key | TLS private key file path |
--metrics_socket | Prometheus metrics listen address |
--log_level | Log level filter |
--allowed_tables | Comma-separated list of tables to cache |
--pinned_queries | Semicolon-separated queries to pin in cache |
--pinned_tables | Comma-separated tables to pin in cache |
--telemetry_off | Disable anonymous telemetry reporting |
Docker Environment Variables
When running the PgCache Docker image, these environment variables are available. They map to the entrypoint’s CLI options.
| Variable | Description | Default |
|---|---|---|
UPSTREAM_URL | Origin database URL (postgres://user:pass@host:port/db) | — (required unless CONFIG_FILE set) |
CONFIG_FILE | Path to TOML config file (mounted into container) | — |
REPLICATION_URL | Replication connection URL (defaults to upstream) | — |
REPLICATION_HOST | Override replication host | — |
REPLICATION_PORT | Override replication port | — |
REPLICATION_USER | Override replication user | — |
REPLICATION_DATABASE | Override replication database | — |
REPLICATION_PASSWORD | Override replication password | — |
REPLICATION_SSL_MODE | Override replication TLS mode | — |
LISTEN_PORT | Proxy listen port | 5432 |
METRICS_PORT | Prometheus metrics port | 9090 |
NUM_WORKERS | Number of worker threads | 4 |
PUBLICATION | Publication name | pgcache_pub |
SLOT | Replication slot name | pgcache_slot |
CDC_SUFFIX | Suffix appended to publication and slot names | — |
CACHE_SIZE | Maximum cache size in bytes (enables eviction) | — |
CACHE_POLICY | Cache eviction policy: clock or fifo | clock |
ADMISSION_THRESHOLD | Number of times a query must be seen before caching | 1 |
MV_SIZE_RATIO | Materialized result size gate. A shape-eligible query is materialized when result_rows × MV_SIZE_RATIO ≤ source_rows | 10 |
MEMO_CACHE_SIZE | In-process result memo byte budget (0 disables) | 67108864 (64 MiB) |
MEMORY_LIMIT | Absolute RSS ceiling in bytes for registration throttling (can only lower) | 80% of RAM |
ALLOWED_TABLES | Comma-separated list of tables to cache (default: all) | — |
PINNED_QUERIES | Semicolon-separated queries to pin in cache | — |
PINNED_TABLES | Comma-separated tables to pin in cache | — |
LOG_LEVEL | Log level filter (e.g., debug, info, pgcache_lib::cache=debug) | — |
PGCACHE_TELEMETRY | Set to off to disable anonymous telemetry reporting | — |
PGCACHE_TLS_CERT | Base64-encoded TLS certificate | — |
PGCACHE_TLS_KEY | Base64-encoded TLS private key | — |
Docker Examples
Basic:
docker run -d -p 5432:5432 pgcache/pgcache \
--upstream postgres://user@db:5432/myappWith replication override (origin behind PgBouncer):
docker run -d -p 5432:5432 pgcache/pgcache \
--upstream postgres://user@pgbouncer:6432/myapp \
--replication-host db-direct.example.com \
--replication-port 5432With environment variables:
docker run -d -p 5432:5432 \
-e UPSTREAM_URL=postgres://user@db:5432/myapp \
-e NUM_WORKERS=8 \
-e REPLICATION_HOST=db-direct.example.com \
pgcache/pgcacheWith a mounted TOML config file:
docker run -d -p 5432:5432 -p 9090:9090 \
-v ./pgcache.toml:/etc/pgcache/config.toml:ro \
-e CONFIG_FILE=/etc/pgcache/config.toml \
pgcache/pgcacheWith table allowlist and pinned tables:
docker run -d -p 5432:5432 \
-e UPSTREAM_URL=postgres://user@db:5432/myapp \
-e ALLOWED_TABLES=users,orders,products \
-e PINNED_TABLES=users,products \
pgcache/pgcacheWith pinned queries:
docker run -d -p 5432:5432 pgcache/pgcache \
--upstream postgres://user@db:5432/myapp \
--pinned-queries "SELECT * FROM config;SELECT * FROM lookup"