Environment Variables
All configuration is done via environment variables in the .env file created by the installer.
Authentication
| Variable | Default | Description |
|---|---|---|
JWT_SECRET_KEY | (must be set) | Secret key for signing JWTs. Change this before deployment. Generate with: openssl rand -hex 32 |
JWT_ALGORITHM | HS256 | JWT signing algorithm |
ACCESS_TOKEN_EXPIRE_SECONDS | 900 | Access token lifetime in seconds (default: 15 minutes) |
REFRESH_TOKEN_EXPIRE_SECONDS | 604800 | Refresh token lifetime in seconds (default: 7 days) |
DEFAULT_ADMIN_USER | admin | Username for the default admin account created on first boot |
DEFAULT_ADMIN_PASSWORD | changeme | Password for the default admin account. Change this before deployment. |
Database & Cache
| Variable | Default | Description |
|---|---|---|
DATABASE_URL | (set by installer) | PostgreSQL connection string |
REDIS_URL | (set by installer) | Redis connection string |
Privacy
| Variable | Default | Description |
|---|---|---|
RAG_LOG_ANONYMISE | true | Anonymise user identifiers in log output |
RAG_LOG_REDACT_QUERIES | true | Redact query text from log output |
RAG_CONVERSATION_MAX_AGE_DAYS | 90 | Automatically purge conversations older than this many days |
RAG_CONVERSATION_MAX_TURNS | 100 | Maximum number of turns retained per conversation |
Runtime
| Variable | Default | Description |
|---|---|---|
LOG_LEVEL | INFO | Logging verbosity (DEBUG, INFO, WARNING, ERROR) |
CONNECTOR_ALLOWED_PATHS | /app/docs | Colon-separated list of container-side paths that connectors are permitted to access. Always include /app/docs. |
INDEX_EXTRACTION_WORKERS | (set by installer) | Number of parallel workers for document text extraction |
DOCKER_PORT | 3000 | Host port mapped to the UI container |