Configuration Reference
Complete reference for icp.yaml project configuration.
For conceptual explanation, see Project Model.
File Structure
canisters: - # canister definitions or references
networks: - # network definitions or references (optional)
environments: - # environment definitions (optional)Canisters
Inline Definition
canisters: - name: my-canister build: steps: - type: script commands: - echo "Building..." sync: steps: - type: assets dir: www settings: compute_allocation: 5 init_args: "()"External Reference
canisters: - path/to/canister.yaml - canisters/* # Glob pattern - services/**/*.yaml # Recursive globCanister Properties
| Property | Type | Required | Description |
|---|---|---|---|
name | string | Yes | Unique canister identifier |
build | object | Yes | Build configuration |
sync | object | No | Post-deployment sync configuration |
settings | object | No | Canister settings |
init_args | string or object | No | Initialization arguments (see Init Args) |
recipe | object | No | Recipe reference (alternative to build) |
Build Steps
Script Step
Execute shell commands:
build: steps: - type: script commands: - cargo build --target wasm32-unknown-unknown --release - cp target/wasm32-unknown-unknown/release/my_canister.wasm "$ICP_WASM_OUTPUT_PATH"Environment variables:
ICP_WASM_OUTPUT_PATH— Target path for WASM output
See Environment Variables Reference for all available variables.
Pre-built Step
Use existing WASM from a local file or remote URL:
# Local filebuild: steps: - type: pre-built path: dist/canister.wasm sha256: abc123... # Optional integrity check
# Remote URLbuild: steps: - type: pre-built url: https://github.com/example/releases/download/v1.0/canister.wasm sha256: abc123... # Recommended for remote files| Property | Type | Required | Description |
|---|---|---|---|
path | string | One of path or url | Local path to WASM file |
url | string | One of path or url | URL to download WASM file from |
sha256 | string | No | SHA256 hash for verification (recommended for URLs) |
Sync Steps
Sync steps run after canister deployment to configure the running canister.
Assets Sync
Upload files to asset canister:
# Single directorysync: steps: - type: assets dir: dist
# Multiple directoriessync: steps: - type: assets dirs: - dist - static - public/images| Property | Type | Required | Description |
|---|---|---|---|
dir | string | One of dir or dirs | Single directory to upload |
dirs | array | One of dir or dirs | Multiple directories to upload |
Script Sync
Run shell commands after deployment:
sync: steps: - type: script commands: - echo "Post-deployment setup" - ./scripts/configure-canister.shScript sync steps support the same command and commands fields as build script steps.
Recipes
Recipe Reference
canisters: - name: my-canister recipe: type: "@dfinity/rust@v3.0.0" sha256: abc123... # Required for remote URLs configuration: package: my-crate| Property | Type | Required | Description |
|---|---|---|---|
type | string | Yes | Recipe source (registry, URL, or local path) |
sha256 | string | Conditional | Required for remote URLs |
configuration | object | No | Parameters passed to recipe template |
Recipe Type Formats
# Registry (recommended)type: "@dfinity/rust@v3.0.0"
# Local filetype: ./recipes/my-recipe.hb.yaml
# Remote URLtype: https://example.com/recipe.hb.yamlNetworks
Networks define where canisters are deployed. There are two modes:
- Managed (
mode: managed): A local test network launched and controlled by icp-cli. Can run natively or in a Docker container. - Connected (
mode: connected): A remote network accessed by URL.
Managed Network
A managed network runs the network launcher natively on your machine. To run it in a Docker container instead, see Docker Network.
networks: - name: local-dev mode: managed gateway: bind: 127.0.0.1 port: 4943| Property | Type | Required | Description |
|---|---|---|---|
name | string | Yes | Network identifier |
mode | string | Yes | managed |
gateway.bind | string | No | Bind address (default: 127.0.0.1) |
gateway.port | integer | No | Port number (default: 8000, use 0 for random) |
gateway.domains | array | No | Custom domain names the gateway responds to (e.g. my-app.localhost) |
artificial-delay-ms | integer | No | Artificial delay for update calls (ms) |
ii | boolean | No | Install Internet Identity canister (default: false). Also implicitly enabled by nns, bitcoind-addr, and dogecoind-addr. |
nns | boolean | No | Install NNS and SNS canisters (default: false). Implies ii and adds an SNS subnet. |
subnets | array | No | Configure subnet types. See Subnet Configuration. |
bitcoind-addr | array | No | Bitcoin P2P node addresses (e.g. 127.0.0.1:18444). Adds a bitcoin and II subnet. |
dogecoind-addr | array | No | Dogecoin P2P node addresses. Adds a bitcoin and II subnet. |
For full details on how these settings interact, see the network launcher CLI reference.
Note: These settings apply to native managed networks only. For Docker image mode, pass equivalent flags via the
argsfield instead.
Subnet Configuration
Configure the local network’s subnet layout:
- Default (no
subnetsfield): one application subnet is created. - With
subnets: only the listed subnets are created — the default application subnet is replaced, not extended. Addapplicationexplicitly if you still need it. - An NNS subnet is always created regardless of configuration (required for system operations).
networks: - name: local mode: managed subnets: - application - application - applicationAvailable subnet types: application, system, verified-application, bitcoin, fiduciary, nns, sns
Bitcoin and Dogecoin Integration
Connect the local network to a Bitcoin or Dogecoin node for testing chain integration:
networks: - name: local mode: managed bitcoind-addr: - "127.0.0.1:18444"The bitcoind-addr field specifies the P2P address (not RPC) of the Bitcoin node. Multiple addresses can be specified. Dogecoin integration works the same way via dogecoind-addr. Both can be configured simultaneously.
Implicit effects: When bitcoind-addr or dogecoind-addr is configured, the network launcher automatically adds a bitcoin subnet and an II subnet (provides threshold signing keys required for chain operations). If you also explicitly specify subnets, you must include application to keep the default application subnet:
networks: - name: local mode: managed bitcoind-addr: - "127.0.0.1:18444" subnets: - application - systemConnected Network
networks: - name: testnet mode: connected url: https://testnet.ic0.app root-key: <hex-encoded-key> # For non-mainnet| Property | Type | Required | Description |
|---|---|---|---|
name | string | Yes | Network identifier |
mode | string | Yes | connected |
url | string | Yes | Network endpoint URL |
root-key | string | No | Hex-encoded root key (non-mainnet only) |
Docker Network
A managed network can also run inside a Docker container. Adding the image field switches from native to Docker mode:
networks: - name: docker-local mode: managed image: ghcr.io/dfinity/icp-cli-network-launcher port-mapping: - "0:4943"To configure image-specific behavior (e.g., enabling Internet Identity, NNS, or Bitcoin integration), use the args field to pass command-line arguments to the container entrypoint:
networks: - name: docker-local mode: managed image: ghcr.io/dfinity/icp-cli-network-launcher port-mapping: - "8000:4943" args: - "--ii"The available arguments depend on the Docker image — see the image’s documentation for details.
Docker networking note: When referencing services running on the host machine from inside a container (e.g., a local Bitcoin node), use
host.docker.internalinstead of127.0.0.1orlocalhost. Inside a container,127.0.0.1refers to the container’s own loopback, not the host. For example:--bitcoind-addr=host.docker.internal:18444. Docker Desktop (macOS/Windows) resolveshost.docker.internalautomatically. On Linux Docker Engine, you may need to pass--add-host=host.docker.internal:host-gatewayor equivalent to ensure it resolves.
See Containerized Networks for full configuration options.
Environments
environments: - name: staging network: ic canisters: - frontend - backend settings: frontend: memory_allocation: 2gib backend: compute_allocation: 10 environment_variables: LOG_LEVEL: "info" init_args: backend: "(record { mode = \"staging\" })"| Property | Type | Required | Description |
|---|---|---|---|
name | string | Yes | Environment identifier |
network | string | Yes | Network to deploy to |
canisters | array | No | Canisters to include (default: all) |
settings | object | No | Per-canister setting overrides |
init_args | object | No | Per-canister init arg overrides (see Init Args) |
Canister Settings
See Canister Settings Reference for all options.
settings: compute_allocation: 5 memory_allocation: 4gib freezing_threshold: 30d reserved_cycles_limit: 1t wasm_memory_limit: 1gib wasm_memory_threshold: 512mib log_visibility: controllers environment_variables: KEY: "value"Memory values accept suffixes: kb (1000), kib (1024), mb, mib, gb, gib. Cycles values accept suffixes: k (thousand), m (million), b (billion), t (trillion). Duration values accept suffixes: s (seconds), m (minutes), h (hours), d (days), w (weeks). Decimals and underscores are supported where applicable (e.g. 2.5gib, 1_000_000).
Init Args
A plain string is shorthand for inline Candid content:
init_args: "(record { owner = principal \"aaaaa-aa\" })"File reference:
init_args: path: ./args.bin format: binInline value (explicit):
init_args: value: "(record { owner = principal \"aaaaa-aa\" })" format: candid| Property | Type | Required | Description |
|---|---|---|---|
path | string | Yes* | Relative path to file containing init args |
value | string | Yes* | Inline init args value |
format | string | No | hex, candid, or bin (default: candid) |
*Exactly one of path or value must be specified.
Supported formats:
hex— Hex-encoded bytes (inline or file)candid— Candid text format (inline or file)bin— Raw binary bytes; only valid withpath(e.g. output ofdidc encode)
Implicit Defaults
Networks
| Name | Mode | Description |
|---|---|---|
local | managed | localhost:8000, can be overridden |
ic | connected | ICP mainnet, cannot be overridden |
Environments
| Name | Network | Canisters |
|---|---|---|
local | local | All |
ic | ic | All |
Complete Example
canisters: - name: frontend recipe: type: "@dfinity/asset-canister@v2.1.0" configuration: dir: dist settings: memory_allocation: 1gib
- name: backend build: steps: - type: script commands: - cargo build --target wasm32-unknown-unknown --release - cp target/wasm32-unknown-unknown/release/backend.wasm "$ICP_WASM_OUTPUT_PATH" settings: compute_allocation: 5 init_args: value: "(record { admin = principal \"aaaaa-aa\" })"
networks: - name: local mode: managed gateway: port: 9999
environments: - name: staging network: ic canisters: [frontend, backend] settings: backend: compute_allocation: 10 environment_variables: ENV: "staging"
- name: production network: ic canisters: [frontend, backend] settings: frontend: memory_allocation: 4gib backend: compute_allocation: 30 freezing_threshold: 90d environment_variables: ENV: "production" init_args: backend: "(record { admin = principal \"xxxx-xxxx\" })"Schema
JSON schemas for editor integration are available in docs/schemas/:
icp-yaml-schema.json- Main project configurationcanister-yaml-schema.json- Canister configurationnetwork-yaml-schema.json- Network configurationenvironment-yaml-schema.json- Environment configuration
Configure your editor to use them for autocomplete and validation:
# yaml-language-server: $schema=https://raw.githubusercontent.com/dfinity/icp-cli/main/docs/schemas/icp-yaml-schema.jsoncanisters: - name: my-canister # ...