Environment variables
The complete environment surface, grouped by concern, as declared in .env.example. Treat this as
a reference; the authoritative defaults live in src/config.py and the Helm values files. Never
commit populated secrets.
API & frontend
| Variable | Purpose |
|---|---|
API_PORT, API_BIND_HOST, API_HOST | API listen port and host |
API_DEBUG | Debug mode toggle |
UI_PORT | Frontend port |
Datastores
| Variable | Purpose |
|---|---|
POSTGRES_HOST, POSTGRES_PORT, POSTGRES_DB, POSTGRES_USER, POSTGRES_PASSWORD | PostgreSQL connection |
REDIS_HOST, REDIS_PORT, REDIS_PASSWORD | Redis connection |
ATLAS_MINIO_ACCESS_KEY, ATLAS_MINIO_SECRET_KEY, ATLAS_MINIO_ENDPOINT, ATLAS_MINIO_EXTERNAL_URL | MinIO object storage |
LLM & tools
| Variable | Purpose |
|---|---|
OPENROUTER_BASE_URL | LLM gateway base URL |
OPENROUTER_MODEL_PRIMARY, OPENROUTER_MODEL_FAST, OPENROUTER_MODEL_REASONING | Model routing tiers |
LLM_TEMPERATURE, LLM_TIMEOUT, LLM_MAX_RETRIES | LLM call behaviour |
MCP_BEARER_TOKEN | Auth for MCP tool servers |
DIGITAL_FOOTPRINT_ENDPOINT | DFWO module endpoint |
Per-tenant keys
LLM and provider credentials are resolved per tenant from encrypted storage, not from these variables. See Security & multi-tenancy.
Authentication
| Variable | Purpose |
|---|---|
KEYCLOAK_URL, KEYCLOAK_PUBLIC_URL, KEYCLOAK_HOSTNAME, KEYCLOAK_PORT | Keycloak endpoints |
KEYCLOAK_REALM, KEYCLOAK_CLIENT_ID | Tenant realm + client |
KEYCLOAK_ADMIN_USERNAME, KEYCLOAK_ADMIN_PASSWORD, KEYCLOAK_ADMIN_REALM, KEYCLOAK_DB_PASSWORD | Admin bootstrap |
KEYCLOAK_ADMIN_ROLE, KEYCLOAK_EDITOR_ROLE, KEYCLOAK_VIEWER_ROLE | Role names |
AUTH_ENABLED | Master auth toggle (keep true in shared envs) |
AUTH_VIEWER_GROUPS, AUTH_EDITOR_GROUPS, AUTH_ADMIN_GROUPS | Group → role mapping |
AUTH_ADMIN_PATH_PREFIXES, AUTH_EXEMPT_PATHS | Admin-only and exempt paths |
Agents & investigations
| Variable | Purpose |
|---|---|
AGENT_MAX_ITERATIONS | Max agentic loop iterations per crew |
AGENT_RETRY_ON_FAIL, AGENT_MAX_RETRIES, AGENT_RETRY_WAIT_MS | Crew retry behaviour |
MAX_CONCURRENT_INVESTIGATIONS | Investigation parallelism cap |
INVESTIGATION_TIMEOUT | Per-investigation timeout |
Rate limiting & cache
| Variable | Purpose |
|---|---|
RATE_LIMIT_REQUESTS_PER_MINUTE | Global default |
RATE_LIMIT_DEFAULT, RATE_LIMIT_WRITE, RATE_LIMIT_EXPENSIVE, RATE_LIMIT_STATUS | Per-class limits |
CACHE_TTL_SECONDS | Cache TTL |
Observability & notifications
| Variable | Purpose |
|---|---|
LANGFUSE_ENABLED, LANGFUSE_HOST, LANGFUSE_PORT, LANGFUSE_PUBLIC_KEY, LANGFUSE_SECRET_KEY | LLM tracing |
LANGFUSE_NEXTAUTH_SECRET, LANGFUSE_SALT, LANGFUSE_ENCRYPTION_KEY | Langfuse internals |
LANGFUSE_CLICKHOUSE_PASSWORD, LANGFUSE_MINIO_ACCESS_KEY, LANGFUSE_MINIO_SECRET_KEY | Langfuse backing stores |
SENTRY_DSN | Error reporting |
LOG_LEVEL, LOG_FORMAT | Logging |
SLACK_WEBHOOK_URL, SMTP_HOST/PORT/USER/PASSWORD, NOTIFICATION_EMAIL | Alerting |
Misc
| Variable | Purpose |
|---|---|
CORS_ALLOWED_ORIGINS | Allowed browser origins (no wildcard) |
REPORT_RETENTION_DAYS | Report retention window |
TRUSTRELAY_REPORTS_TABLE_ID | Reports table identifier |
See Configuration for how these group together and which settings are instead managed per tenant.